Submitted URL: http://shadecorp.net/
Effective URL: https://mrhelstein.com/
Submission: On April 19 via manual from BE — Scanned from DE

Summary

This website contacted 19 IPs in 4 countries across 15 domains to perform 82 HTTP transactions. The main IP is 2a06:98c1:3120::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is mrhelstein.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 25th 2021. Valid for: a year.
This is the only time mrhelstein.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
35 mrhelstein.com
mrhelstein.com
1 MB
19 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 98
tpc.googlesyndication.com — Cisco Umbrella Rank: 128
273 KB
8 gstatic.com
fonts.gstatic.com
www.gstatic.com
p4-dpqkx2ug5mhyo-hll2za3gbk6xsyhz-if-v6exp3-v4.metric.gstatic.com
77 KB
3 google.com
adservice.google.com — Cisco Umbrella Rank: 77
www.google.com — Cisco Umbrella Rank: 4
2 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
45 KB
3 untimburra.com
untimburra.com — Cisco Umbrella Rank: 65692
30 KB
2 google.de
adservice.google.de — Cisco Umbrella Rank: 7579
914 B
2 kinguin.net
affiliate.kinguin.net
39 KB
2 wp.com
stats.wp.com — Cisco Umbrella Rank: 2657
pixel.wp.com — Cisco Umbrella Rank: 2521
3 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 176
37 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
1 KB
1 cdnativepush.com
static.cdnativepush.com — Cisco Umbrella Rank: 17629
52 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 794
646 B
1 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 9763
543 B
1 shadecorp.net
shadecorp.net
758 B
82 15
Domain Requested by
35 mrhelstein.com mrhelstein.com
11 pagead2.googlesyndication.com mrhelstein.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
8 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
3 www.gstatic.com googleads.g.doubleclick.net
3 googleads.g.doubleclick.net pagead2.googlesyndication.com
3 untimburra.com mrhelstein.com
untimburra.com
3 fonts.gstatic.com mrhelstein.com
2 p4-dpqkx2ug5mhyo-hll2za3gbk6xsyhz-if-v6exp3-v4.metric.gstatic.com googleads.g.doubleclick.net
p4-dpqkx2ug5mhyo-hll2za3gbk6xsyhz-if-v6exp3-v4.metric.gstatic.com
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
2 affiliate.kinguin.net
1 www.googletagservices.com googleads.g.doubleclick.net
1 fonts.googleapis.com googleads.g.doubleclick.net
1 www.google.com tpc.googlesyndication.com
1 static.cdnativepush.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 my.rtmark.net untimburra.com
1 pixel.wp.com
1 stats.wp.com mrhelstein.com
1 shadecorp.net 1 redirects
82 20
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-09-25 -
2022-09-24
a year crt.sh
*.gstatic.com
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA
2020-04-02 -
2022-07-05
2 years crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
untimburra.com
R3
2022-03-03 -
2022-06-01
3 months crt.sh
affiliate.kinguin.net
AlphaSSL CA - SHA256 - G2
2020-05-26 -
2022-05-27
2 years crt.sh
*.rtmark.net
Sectigo RSA Domain Validation Secure Server CA
2021-11-20 -
2022-11-26
a year crt.sh
*.googleadservices.com
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
*.google.de
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
*.google.com
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
cdnativepush.com
R3
2022-03-11 -
2022-06-09
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh
www.google.com
GTS CA 1C3
2022-04-11 -
2022-07-04
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-03-28 -
2022-06-20
3 months crt.sh

This page contains 8 frames:

Primary Page: https://mrhelstein.com/
Frame ID: 97F7B092389D91656B25C2AF192C259D
Requests: 62 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20190131/zrt_lookup.html
Frame ID: C12BC4095B0C5572A5307FD8E47F478E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2868766328331783&output=html&adk=1812271804&adf=3025194257&lmt=1650350546&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmrhelstein.com%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650350557746&bpp=3&bdt=696&idt=488&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1130225413910&frm=20&pv=2&ga_vid=1541517716.1650350558&ga_sid=1650350558&ga_hid=1065496045&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837&oid=2&pvsid=1283148603561743&pem=713&tmod=83031290&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=504
Frame ID: D6F87166F6F9444C682F40083C06B661
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0921CC9B191856C8E74E02E0D90B4BE5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B3EEC1D0602ED8CF022DA0092BED56C2
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Frame ID: A1FACA9365C3557AC666EB7CF1436A35
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/load_preloaded_resource_fy2019.js
Frame ID: CDC9962A415C559A89AE81318730B564
Requests: 6 HTTP requests in this frame

Frame: https://p4-dpqkx2ug5mhyo-hll2za3gbk6xsyhz-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: F1962949659BE57F12BC433B6C0F523D
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

MrHelstein.com ScreamSheet - "We have such stories to show you.."

Page URL History Show full URLs

  1. http://shadecorp.net/ HTTP 302
    https://mrhelstein.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • <link[^>]+s\d+\.wp\.com
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

82
Requests

100 %
HTTPS

63 %
IPv6

15
Domains

20
Subdomains

19
IPs

4
Countries

1691 kB
Transfer

3594 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://shadecorp.net/ HTTP 302
    https://mrhelstein.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

82 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
mrhelstein.com/
Redirect Chain
  • http://shadecorp.net/
  • https://mrhelstein.com/
229 KB
38 KB
Document
General
Full URL
https://mrhelstein.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3559a75370602a9326e56a2e5eee39c2c452471473628ff5aaa11648fb5deb2
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
age
11
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
s-maxage=31536000, max-age=60
cf-cache-status
HIT
cf-ray
6fe3a945681b9156-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 19 Apr 2022 06:42:37 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Tue, 19 Apr 2022 06:42:26 GMT
link
<https://mrhelstein.com/wp-json/>; rel="https://api.w.org/" <https://wp.me/cXNwM>; rel=shortlink
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9p8571yPGI%2BeExIO3DA6TehrdBxwJG%2BknaOxt4roIo6UyhjS6dbR3r9saE7Y55iX9Wyy0UMQ3getWEOj3auepQY%2FXqyq0cRF74MGziJUjLfuD8bbYIDiQJ3cccoWACt8jSi2A0xj0RP%2FWzGGXA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=2592000; includeSubDomains; preload
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-wp-cf-super-cache
cache
x-wp-cf-super-cache-active
1
x-wp-cf-super-cache-cache-control
s-maxage=31536000, max-age=60
x-wp-cf-super-cache-cookies-bypass
swfpc-feature-not-enabled

Redirect headers

CF-RAY
6fe3a944ed1591e9-FRA
Cache-Control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Date
Tue, 19 Apr 2022 06:42:36 GMT
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Location
https://mrhelstein.com
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bsHSOaxjKF0BG13mjkuTmSC6nrjEVwX0lUaTqNlmOHhQQcuWJYFsFaADvFgkbtLJLGReY41qp%2Fpg2L6tfCejKXZ51eVoSJ9cMo3leDpMWgKKPJWDTo2S8i%2Bfb9tFXWLxti%2BKaZowozbtTW9U"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
wpo-minify-header-c3456b62.min.css
mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/
588 KB
89 KB
Stylesheet
General
Full URL
https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-c3456b62.min.css
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3908955a7ee9a486064c97c02a3ba753ac473de76f3834ea9e5af9786a3db67
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
11
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 18 Apr 2022 16:31:14 GMT
server
cloudflare
etag
W/"92e1a-5dcf049f70169-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ywm3pCE1HCE9VYJj%2FLoqqV7foRRW8sV7hIzzda5tLYLBLiGf3XB5UKAWRYeZ9XCBHB9NKW1Wsp1KEHAUnSdjKnP4w2atqCUyxqEOYIM3X2SLYdktHU5vGQU36ApvI74%2BSdXvhGo4%2FrT6Ilgjbg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
vary
Accept-Encoding,User-Agent
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=2592000, stale-while-revalidate=86400, stale-if-error=604800
cf-ray
6fe3a945b9339156-FRA
genericons.css
mrhelstein.com/wp-content/plugins/social-icons-widget-by-wpzoom/assets/css/
9 KB
2 KB
Stylesheet
General
Full URL
https://mrhelstein.com/wp-content/plugins/social-icons-widget-by-wpzoom/assets/css/genericons.css
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8dc3eb3bcb0ee6a2457a1f6cd34ef9205c9e172fca149eae7eb5f05f9f3e4780
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47100
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 04 Feb 2022 06:10:45 GMT
server
cloudflare
etag
W/"25d2-5d72b1c8919b4-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sNFhQwL4TNp7IBTV0SR8qh9zrpxr80vw2gyjZW97C%2F5a9TfkPEkMlxvvinGnSOe%2Bg5bfFBB4YgI3i%2FcQtmR9eg4KCFligem4R4fBIpmkG3EECukMTnhQNCy1Q7gzMjNWtbFCPzkZbiG5a28xIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
vary
Accept-Encoding,User-Agent
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=2592000, stale-while-revalidate=86400, stale-if-error=604800
cf-ray
6fe3a945b9399156-FRA
wpo-minify-header-4da9d067.min.css
mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/
185 KB
60 KB
Stylesheet
General
Full URL
https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-4da9d067.min.css
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c48e390554af0203851fd806c3e5fd715a1a1bdd7855bda9f4efa000c9b7b12
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
11
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 18 Apr 2022 16:31:14 GMT
server
cloudflare
etag
W/"2e4b4-5dcf049f75f29-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qnAtfjJ5hcsLD8A8SHT1%2FgXZanPsF9e1MX3gikMzVPM3zzMO4t5b3IzQCHprhaSM9T%2BBTC%2FRArvO9WCLwRxMufg8HVy3v3oxQd%2B3o9JSciy4qs4wU8uHYjl7wsNly9fIVOHPEpWXHLvAlz1xTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
vary
Accept-Encoding,User-Agent
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=2592000, stale-while-revalidate=86400, stale-if-error=604800
cf-ray
6fe3a945b93b9156-FRA
invisible.js
mrhelstein.com/cdn-cgi/challenge-platform/h/b/scripts/
42 KB
16 KB
Script
General
Full URL
https://mrhelstein.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1650348000
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9dd079f284071ff220eb3929f27c8c48bb722385e38e627551e14784cf44a33
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qFNApZBeeCngjR4%2FiRCk3t5rQQnnPxENX%2FrvDEqMcvp7e%2BKf0%2Fs5luAvYY5PxHbso%2BcjNz4PMENSv5DE86waXYHfDoNXuZ9Y1BD%2BfWFVBYPH5flo7KJkxk0UEtdpt%2F1jMPyt4f5RUN5CyYxYQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=604800, public
x-control-type-options
nosniff
cf-ray
6fe3a9463e4e90b2-FRA
vary
Accept-Encoding
cropped-artworks-uUzPAisZtLeKyLzs-orBq9g-t500x500.jpg
mrhelstein.com/wp-content/uploads/2021/07/
41 KB
42 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2021/07/cropped-artworks-uUzPAisZtLeKyLzs-orBq9g-t500x500.jpg
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f936a132f6d3aae687e7031b2305bb706e910f8bc68ce83827d4b1c764b44def
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47382
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
41839
last-modified
Wed, 06 Oct 2021 16:56:49 GMT
server
cloudflare
etag
"a36f-5cdb208403790"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=huz6ONTUjzgtGG8DQXAbjMJDZm2oWNAJTxqWMScWi1%2B0Zbdo49oA2PjcP%2FOBQrikCuv0Benj%2FHee6XxRGOM37d3GYtrSmIVtulMX%2F3fqbApuDTq5sxA20GSxm%2FynImt3bAXcP3liAaWtt02Rxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a9469e9d90b2-FRA
wpo-minify-footer-882d0eca.min.css
mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/
228 B
853 B
Stylesheet
General
Full URL
https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-footer-882d0eca.min.css
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f9c5b7e6b6edc0b1f962766b4a493c345dbe9837c904aaa37a00a1466307f43
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47100
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 18 Apr 2022 16:31:17 GMT
server
cloudflare
etag
W/"e4-5dcf04a212e44-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q1YZ%2F4ZbP2wKnpfo%2BvyaXrtaKkMbdEcP%2FZFNH1imRCP8FmGWEUquiyudleV49sb2ywu6VjGmXC9pIJET5iScw76w9GyncVT4e5lqjyrPZi1Lkg0axDA6JCV%2BDsPHWsWCupy0cUj4cemM4T29OQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
vary
Accept-Encoding,User-Agent
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=2592000, stale-while-revalidate=86400, stale-if-error=604800
cf-ray
6fe3a9463e4d90b2-FRA
rocket-loader.min.js
mrhelstein.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/
12 KB
4 KB
Script
General
Full URL
https://mrhelstein.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
last-modified
Tue, 12 Apr 2022 11:16:45 GMT
server
cloudflare
x-frame-options
DENY
etag
W/"62555f9d-302c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aCkA6mZN0DxbNNrHfgfZzG0lPSBQhvRQg2U84IUfIT17qCZQweb9%2BIxqHmkqDiu0Or8O%2B7VsYUiMPxb7%2Bb%2B9z25xw12LaRmuSIHo7RvaIcqH8V%2BJryW%2FlanGIv%2FQHqqkeeNkAwiiQKfOVetm1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
6fe3a9469ea090b2-FRA
expires
Thu, 21 Apr 2022 06:42:37 GMT
/
mrhelstein.com/
0
822 B
XHR
General
Full URL
https://mrhelstein.com/
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
11
x-wp-cf-super-cache
cache
x-wp-cf-super-cache-cookies-bypass
swfpc-feature-not-enabled
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 19 Apr 2022 06:42:26 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QaCHsIgJC%2FhD%2Bc8Oiq73ODlai1SOg94RFF81Y0jYoCkDN18Nnxz1itz40IYVYw9uxY9fxq%2BtlZEd%2Bsk%2B9%2FDgIlKSEFUsATm%2ByYhJQnJkhD9ueQ9yK2aKAmd5sy73omtisqSubinNKL%2FIuCVdtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
x-wp-cf-super-cache-cache-control
s-maxage=31536000, max-age=60
vary
Accept-Encoding,User-Agent
cache-control
s-maxage=31536000, max-age=60
x-wp-cf-super-cache-active
1
cf-ray
6fe3a9469e9990b2-FRA
link
<https://mrhelstein.com/wp-json/>; rel="https://api.w.org/", <https://wp.me/cXNwM>; rel=shortlink
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/gif
teahub.io-hellraiser-wallpaper-1890763-1.jpg
mrhelstein.com/wp-content/uploads/2022/02/
27 KB
27 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/02/teahub.io-hellraiser-wallpaper-1890763-1.jpg
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9239d83af024eca6dd0ee58c170050fdbae4a940b4755cc58ec747f611ffaaa4
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47100
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
27378
last-modified
Sat, 19 Feb 2022 11:55:37 GMT
server
cloudflare
etag
"6af2-5d85dad7cf71c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qJEWWDa7Qrte9sABoFg%2FHG4XZ%2BsKKGBNXR2PITRW3cJ25UN7BZFA7Mt7VXUej%2FCOApkxUcmnsgnNnhGon9mVDgXZuzgfLHfIaqIka4avJp%2Fc5FFgqjBzGAnEJ%2F7LwM%2BFDMFwwbya2GNl%2FKnkwg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a9469ea290b2-FRA
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
fonts.gstatic.com/s/opensans/v28/
39 KB
39 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-c3456b62.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a83c3f260b750dfc47e4e5024eda4b4f80be0c0a3e0ae5111a3b0a799df64448
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mrhelstein.com/
Origin
https://mrhelstein.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 22:44:55 GMT
x-content-type-options
nosniff
age
547062
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39556
x-xss-protection
0
last-modified
Tue, 01 Mar 2022 22:07:04 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Apr 2023 22:44:55 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v29/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-c3456b62.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d6621200328c67a58e7f049fc077058611d49a8b0462acecdd1f25ef0b20a831
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mrhelstein.com/
Origin
https://mrhelstein.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 06:56:24 GMT
x-content-type-options
nosniff
age
344773
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11048
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:29 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 15 Apr 2023 06:56:24 GMT
fa-solid-900.woff2
mrhelstein.com/wp-content/themes/darknews/assets/font-awesome/webfonts/
76 KB
77 KB
Font
General
Full URL
https://mrhelstein.com/wp-content/themes/darknews/assets/font-awesome/webfonts/fa-solid-900.woff2
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-c3456b62.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30bdc29dd6cc72d1f62f56d503beb17bdb294770cc12fbaae891ba65dc9555bf
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-c3456b62.min.css
Origin
https://mrhelstein.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
78196
last-modified
Sun, 20 Mar 2022 09:43:04 GMT
server
cloudflare
etag
"13174-5daa334dc991a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PpBpOjYC9ThB%2BfexzVx%2FA8Di6is%2BA4M%2BQrLO%2Bzn5wR4C%2B4HBKCWliDGbJeQBfz0iW4MScf6HPzqCvUv%2F6DUfv0mOhQzNYcFNjypN05gEetqvdFa2pkKe%2BvBXwcS4nrgOwNTW2YskjrDmzESCag%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a946ded190b2-FRA
socicon.ttf
mrhelstein.com/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/
71 KB
47 KB
Font
General
Full URL
https://mrhelstein.com/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/socicon.ttf
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-c3456b62.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
676ef1cd8eceb1e5a817ddd6c7803ebab7292e128a37419512143a1a8d94503d
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-c3456b62.min.css
Origin
https://mrhelstein.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47381
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 04 Feb 2022 06:10:45 GMT
server
cloudflare
etag
W/"11bc4-5d72b1c892954-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JzzxpH1%2FTttJ54ITOJzITuIMMmXvjf6gNIBsCmguQv9UHnPANDGBl8vZzHzbETZ3bu%2BMAtvto8avCzczfy4azk0jyexHW2JNRA4PPgy8f67QPFTI2wQardvndA6FTV5gTqOiYpeZokKj938xRw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/ttf
access-control-allow-origin
*
vary
Accept-Encoding,User-Agent
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
cf-ray
6fe3a946ded390b2-FRA
fa-regular-400.woff2
mrhelstein.com/wp-content/themes/darknews/assets/font-awesome/webfonts/
13 KB
14 KB
Font
General
Full URL
https://mrhelstein.com/wp-content/themes/darknews/assets/font-awesome/webfonts/fa-regular-400.woff2
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-c3456b62.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36b0ed71b2c0de1915bd39a9d15dff134d4d78ce9c6538ea4affefe7222ece84
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-c3456b62.min.css
Origin
https://mrhelstein.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47381
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
13276
last-modified
Sun, 20 Mar 2022 09:43:04 GMT
server
cloudflare
etag
"33dc-5daa334dc991a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hxHAUcSyOc5ShPzTY%2F6W4xP%2B6MrHd%2BhRiIPTRy%2BnTR3xtz%2FaiHL6PmKKPH6TejVxekwY%2FUaGoanZv7NZpwTwIZTWIN5cFVMGp91j5xNftrF9acDDkZlRU5WPqe9Ly7RCVpmkYTCzTQWbEeSo4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a946ded490b2-FRA
fa-brands-400.woff2
mrhelstein.com/wp-content/themes/darknews/assets/font-awesome/webfonts/
75 KB
76 KB
Font
General
Full URL
https://mrhelstein.com/wp-content/themes/darknews/assets/font-awesome/webfonts/fa-brands-400.woff2
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-c3456b62.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d18fe5ec12989401ea029c4ca707fc20ca3c2aa897e65975deaad02eccc86f3
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-c3456b62.min.css
Origin
https://mrhelstein.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47381
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
76764
last-modified
Sun, 20 Mar 2022 09:43:04 GMT
server
cloudflare
etag
"12bdc-5daa334dc991a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U4ZwH2izer%2FI7Hw5NDwS7NJti%2Fvy0PBxj0cHgTBqX91bV9dNp8g82LkcCFmMLd99x%2BnvVjEoqfa4djV8GILoivTBj3SPNKTpwTju4uFEpexcBhmPfTjFbg2VItlfhRIFNpjsRFEKYvzamoBb8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a946ded690b2-FRA
fontawesome-webfont.woff2
mrhelstein.com/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/
75 KB
76 KB
Font
General
Full URL
https://mrhelstein.com/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/fontawesome-webfont.woff2
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-4da9d067.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42736c7de60dfab94b3cc902b8692f80cfeb0a5989d1d51db1d25fd7d18dc45b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-4da9d067.min.css
Origin
https://mrhelstein.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47382
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
77160
last-modified
Fri, 04 Feb 2022 06:10:45 GMT
server
cloudflare
etag
"12d68-5d72b1c892954"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dTMdtn2Xeik83CkcMk2Xyefem%2Bjdn0Aasciy8ACdx9%2B%2FssFYRBaX8yeCTKs4jrd21h6SSBEiIDqEV6V0zqa2VEiwYG37nPryLIw4hVVEgS3eSwCoWfQqhFyxlGWDtfU%2F7YlNGURImBCavURPXA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a946ded890b2-FRA
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v29/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-c3456b62.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a986c26c40febdfac5074b57a925fe2d7b901e75b7bcad4a19a5cbe3987b51bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mrhelstein.com/
Origin
https://mrhelstein.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 20:12:20 GMT
x-content-type-options
nosniff
age
556217
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11032
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:18 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 12 Apr 2023 20:12:20 GMT
Genericons.woff
mrhelstein.com/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/
14 KB
14 KB
Font
General
Full URL
https://mrhelstein.com/wp-content/plugins/social-icons-widget-by-wpzoom/assets/font/Genericons.woff
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/wp-content/plugins/social-icons-widget-by-wpzoom/assets/css/genericons.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
970a3fa15876d16dcc0fd70eb7c9ab44d733108b3ddca1a449edd0356c1b79a7
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mrhelstein.com/wp-content/plugins/social-icons-widget-by-wpzoom/assets/css/genericons.css
Origin
https://mrhelstein.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47381
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 04 Feb 2022 06:10:45 GMT
server
cloudflare
etag
W/"36a4-5d72b1c892954"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C7FFDfW2G4sh062gHUc11PYdnOIxkTUUggINoq2OqxpCLf3u4UjyAy8SQ5ybki9x6KO%2BnNoRQ%2BbUkE8nrCoVH9iaDPmofcZZX855rv21XYMWcWWAUs8wGgdyINbm3TnmDnrgkE0A8KP40qArTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/x-woff
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
cf-ray
6fe3a946fef890b2-FRA
e-202216.js
stats.wp.com/
9 KB
3 KB
Script
General
Full URL
https://stats.wp.com/e-202216.js
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-nc
HIT hhn
date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
br
server
nginx
etag
W/"6197c5cf-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Sun, 09 Apr 2023 23:15:21 GMT
wpo-minify-footer-e0638cae.min.js
mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/
197 KB
56 KB
Script
General
Full URL
https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-footer-e0638cae.min.js
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79d26046ad7180d50362decbb840a4561dfd7eadb7cf15de18f89d692e02a9b8
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 18 Apr 2022 16:31:17 GMT
server
cloudflare
etag
W/"3133e-5dcf04a20ff64-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8cIRR2%2BkjQ5EoxvrT2pvlqflkl8YgQEZYwzMXzI2AbpV3zB5eGBK2utUNp6U1sgIeX86bA4Ss9B%2F4bBm5VCGemSwJEsBb8ERSRHFLYtehtCipJ1zcECiu9GempJzZShkDDDmQWGsNzOpqYZgWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding,User-Agent
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=2592000, stale-while-revalidate=86400, stale-if-error=604800
cf-ray
6fe3a9470f0690b2-FRA
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
155 KB
54 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2868766328331783
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b321ae217c883c72cb713b83592dba8bb9617d0f533164a72a401d640b3af9ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mrhelstein.com/
Origin
https://mrhelstein.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54307
x-xss-protection
0
server
cafe
etag
4220644033648192958
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 19 Apr 2022 06:42:37 GMT
wpo-minify-header-230a2bbf.min.js
mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/
226 KB
71 KB
Script
General
Full URL
https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-230a2bbf.min.js
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69b5114cd32fd5a55f40b3978231f0028054b3e579ff7a79e0d3e5dd2fddc674
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 18 Apr 2022 16:31:14 GMT
server
cloudflare
etag
W/"389cd-5dcf049f78e09-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LVecW20yXcOcpDaFOTKnJQMGhsa6ZVw6lzDYTQ8B1y5atZonXwXYTVvRw0lK6lMrcWz0GINzpQ68BHsTxjHuyXCOl%2BkaMEwyoIrh7ax51dNNA5R7NKiUjXGRsWVpe5LHKqs9jwy9s3PzbVNrPA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding,User-Agent
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=2592000, stale-while-revalidate=86400, stale-if-error=604800
cf-ray
6fe3a9470f0990b2-FRA
pica.js
mrhelstein.com/cdn-cgi/challenge-platform/h/b/scripts/
22 KB
8 KB
Other
General
Full URL
https://mrhelstein.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90b2f5bd63fb65e74dc248df73aa3d884c3c548f367e2c82aae84998689574b1
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tyINX%2BehTFWKPi1PHTGCaR3cz4B5kUla1pTrpB1qWuR25rxCXQ7vNofnmRRN7LlOdaTwHi22E3gmp197VaPoMf1i8dd1G8nJm2BJ3jTHr0Qb0EaRzvmYU%2BSA2djdRBKcouipbTlpxld0T5AJMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=604800, public
x-control-type-options
nosniff
cf-ray
6fe3a9470f0c90b2-FRA
vary
Accept-Encoding
update_visit
mrhelstein.com/wp-json/apvc/v1/
98 B
823 B
XHR
General
Full URL
https://mrhelstein.com/wp-json/apvc/v1/update_visit?ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F100.0.4896.75%20Safari%2F537.36&url=https%3A%2F%2Fmrhelstein.com%2F&referred=&cpt=post
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/wp-content/cache/wpo-minify/1650299471/assets/wpo-minify-header-230a2bbf.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e624cc207e03d06cb1a83d7e8eb917c4aff2637077d8ddb4504cc2bf271da4b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Referer
https://mrhelstein.com/
X-Requested-With
XMLHttpRequest
X-WP-Nounce
97d19f9436
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
98
link
<https://mrhelstein.com/wp-json/>; rel="https://api.w.org/"
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8nffl%2BP7A5MpP25Ap1ePtXklKI5VCujWyDHVLbVbi2%2B2p9VoHMF3egaXRtjN9l1egiosU0pc4oq0%2FKPoDux2%2F64zlgLlOHyA20D3goWiWtQxqysUF3bFKYJYXjpWFm87pIgRqyJbX9TUcof69w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
vary
Origin,User-Agent, Accept-Encoding
x-robots-tag
noindex
cf-ray
6fe3a948180c90b2-FRA
access-control-allow-headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
access-control-expose-headers
X-WP-Total, X-WP-TotalPages, Link
4740849
untimburra.com/400/
71 KB
28 KB
Script
General
Full URL
https://untimburra.com/400/4740849
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
dda36cfeeb9eee7aaba1ed1b0095880efc541d360735985b9e0f0d5ee97c6044
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-trace-id
f98d02e9b15809b736439c92f98fa8c3
pragma
no-cache
date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Origin
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Link
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials
true
strict-transport-security
max-age=1
timing-allow-origin
*, *
expires
Tue, 11 Jan 1994 10:00:00 GMT
6fe3a945681b9156
mrhelstein.com/cdn-cgi/challenge-platform/h/b/cv/result/
2 B
727 B
XHR
General
Full URL
https://mrhelstein.com/cdn-cgi/challenge-platform/h/b/cv/result/6fe3a945681b9156
Requested by
Host: mrhelstein.com
URL: https://mrhelstein.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1650348000
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mrhelstein.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0NUclVCLLF0QdytKg6A%2BLYtWAAMGtyNrcw9k1xN0FB2D4qbGRz6oOk95qDgZaBfS1CnHLvziR4JVG3tubU41UD17y94PG%2F359O8cDIN%2FrEJ8kaEyNzgPXd4CVd6mt0RBOi4VOqpmcaAnDUsSA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
6fe3a949592890b2-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
g.gif
pixel.wp.com/
50 B
93 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A10.8&blog=191567772&post=0&tz=3&srv=mrhelstein.com&host=mrhelstein.com&ref=&fcp=313&rand=0.7954802534130974
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 19 Apr 2022 06:42:37 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
d1r6eut-06c4404c-56a7-4323-8459-f0cc832c3585.jpg
mrhelstein.com/wp-content/uploads/2021/07/
34 KB
34 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2021/07/d1r6eut-06c4404c-56a7-4323-8459-f0cc832c3585.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42dc55134fe82a16616bd69dcaa9491169538f94e5097d656537aada8be5e725
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47381
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
34411
last-modified
Wed, 06 Oct 2021 16:56:56 GMT
server
cloudflare
etag
"866b-5cdb208aa4bbf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2BXSOZ1CsIFKeqYcSRbAMVxUoDcHCZc7HPsLoDITas%2F9IOHMoYk2n0b4WeOuoNKOOeXi%2Fe%2BFNZfc9orRFIsAqtmBWjnZVat8vTImfZtsQWYcGRc7uqRmVE83G4ZAYTJCRC%2Fqrmqm9d%2BIvAJuEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a949693090b2-FRA
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/
303 KB
108 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2868766328331783&plah=mrhelstein.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2868766328331783
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a126df8e7c721d6775ac62782e86fb6ae64bbe8328769ab3b2256ae73a0b3106
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
110917
x-xss-protection
0
server
cafe
etag
15963312589214922477
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 19 Apr 2022 06:42:37 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220413/r20190131/ Frame C12B
10 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220413/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2868766328331783
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mrhelstein.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
35003
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4398
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 18 Apr 2022 20:59:15 GMT
etag
14837630671339829333
expires
Mon, 02 May 2022 20:59:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
bf4d8be1.jpg
affiliate.kinguin.net/accounts/default1/m0x0b41/
38 KB
38 KB
Image
General
Full URL
https://affiliate.kinguin.net/accounts/default1/m0x0b41/bf4d8be1.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.201.28.212 , Slovakia, ASN203480 (QUALITYUNIT, SK),
Reverse DNS
Software
nginx /
Resource Hash
200e370a76ab7c066f3ad6186565bc41bb1f45f3d71d8c02f843af648bc0b033
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:38 GMT
via
1.1 varnish (2.lb-app.pap.ws-eu)
x-srv
1
age
24
vary
Accept-Encoding
x-varnish
316732190 316432991
cache-control
max-age=15, public
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-type
image/jpeg
content-length
39076
server
nginx
expires
Tue, 19 Apr 2022 06:42:29 GMT
m0x0i41
affiliate.kinguin.net/scripts/
43 B
375 B
Image
General
Full URL
https://affiliate.kinguin.net/scripts/m0x0i41?r=30739&bid=bf4d8be1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.201.28.212 , Slovakia, ASN203480 (QUALITYUNIT, SK),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:38 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
nginx
content-type
image/gif
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT
memento-MQFnCP.jpeg
mrhelstein.com/wp-content/uploads/2022/04/
41 KB
42 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/04/memento-MQFnCP.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9caf59dd83273982d4a7de84364f3746e9b2f25ff141dab3a6a79bbc69ff1dce
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
41926
last-modified
Mon, 18 Apr 2022 23:27:24 GMT
server
cloudflare
etag
"a3c6-5dcf61a4e15f7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cyjECBWZWBJX2xGEjRWwZ9ZBCpbDYvIO7pNeZtPHFhVIIyu4wLjOfMpFJJeX6gQXG%2BmJvabqm97z8%2FEXArFJo9V%2Bt63UCXizKNpX8Gi%2FRzSS5mnXNVyC%2FEBPL0D3MeLhb74kZHmkNzoOl4uGdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a94a09d790b2-FRA
memento-MQFnCP-150x150.jpeg
mrhelstein.com/wp-content/uploads/2022/04/
6 KB
6 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/04/memento-MQFnCP-150x150.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e02a7fd3116b2c80edf0421b0d558dfbde45d66742b63752ee73334ef67e72d
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5914
last-modified
Mon, 18 Apr 2022 23:27:25 GMT
server
cloudflare
etag
"171a-5dcf61a54ad76"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bqdy4fE2hZ2uPeSM7fCU5ADDmFODYRWwKI1vlNYq%2BeBs4K1m0jPjh%2FlduCptV8Be7%2FRWJZlvDronxNXPqJlndkrb6xr9vn1gzvlWHrnO4GlGJ2sF%2BStZ4F2%2B7vPt1TlfJlhth5PlaJ8Ma%2BJQuA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a94a09da90b2-FRA
kaguya-sama-love-is-war-season-3-ending-starship-troopers-anime-kgOUZt-150x150.jpeg
mrhelstein.com/wp-content/uploads/2022/04/
5 KB
6 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/04/kaguya-sama-love-is-war-season-3-ending-starship-troopers-anime-kgOUZt-150x150.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28a354ffb9ff9239b1d7e5ec85b8915361e76838f0a3b63eafc64295e4a0947c
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5179
last-modified
Mon, 18 Apr 2022 22:28:59 GMT
server
cloudflare
etag
"143b-5dcf549591594"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dFHmkI9YzISNc0KmbenBkcwpSH9r3bsxs80LIx%2FEnsAwtcW8GKh%2FL1ZrlzeTBUwd70YAe9Zkxf3rGWpFpdJs1lw5U0lQdNMLPf4sBDwe49ZU3iOcZh3FwDP35nXe66%2F47FBTL6wgAqTd068bpA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a94a09db90b2-FRA
netflix-logo-two-qK6sm1-150x150.jpeg
mrhelstein.com/wp-content/uploads/2022/04/
2 KB
3 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/04/netflix-logo-two-qK6sm1-150x150.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
418552ab6c47aa9c6994a47696bcdb59bf98ebd0d49e56347057e05b5f5de167
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2555
last-modified
Tue, 19 Apr 2022 03:27:58 GMT
server
cloudflare
etag
"9fb-5dcf9769b744c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cRmNudOU3WGMlpgDlKh%2B9zXnQ1S2TTC8HR82wML0qSYA4lnx0n8DOwX4gvH8HZYj0wgmNbLQadoUYq82FlSlnHC70mNHKXue%2FIPxz4GwFLAqyB485HJccayAtv1tbWH24Q6isFwytErMIwZWEg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a94a09dd90b2-FRA
sonic-1273318-K7uBav-150x150.jpeg
mrhelstein.com/wp-content/uploads/2022/04/
5 KB
6 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/04/sonic-1273318-K7uBav-150x150.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3423fdb2b718a739ba18ed595ade82591e07374bf77f376099ebcb199375034
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5291
last-modified
Mon, 18 Apr 2022 23:28:25 GMT
server
cloudflare
etag
"14ab-5dcf61deb9f36"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3f3%2BEUauW8F3diSHOt3EY0j497SLwrk4Aq5T5ApFHRqEiyvvQRy2BrMWBVQ%2BfnAvfk%2F22fWd5EVE7kDIfDxjW7E98OPO5zxYNolLiZz%2Fj2%2BcdtfqUQZPOa%2BU0g8SH63eBx1PibtSKRXKjnkvLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a94a09de90b2-FRA
p106451-youtube-thumbnail-300x225.jpg
mrhelstein.com/wp-content/uploads/2022/04/
15 KB
16 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/04/p106451-youtube-thumbnail-300x225.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
311e4e8db193625db85e6679cb19fef1b043932f68a2fe6599582d9241fa08ef
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
15530
last-modified
Tue, 19 Apr 2022 03:01:35 GMT
server
cloudflare
etag
"3caa-5dcf91848a261"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SLwbnvzQeTc5Qh3ztOZwl%2Ba%2BOPwBXtXoiHyzEftupE%2Bants6dKG0LHwlwn%2B%2FAe2iM%2FNrAdKqFdrR4mxj8YR13Mqx3GNgs%2BIuYOMpwsv7o5fiAwQR%2Brak8lTqtK2K7VU2ARRAos7dRRLYJhy6AQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a94a09df90b2-FRA
p106260-youtube-thumbnail-300x225.jpg
mrhelstein.com/wp-content/uploads/2022/04/
17 KB
18 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/04/p106260-youtube-thumbnail-300x225.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df8a9413610101010a5a1acefe472dfeeb9132dcb857ee9ee430cd7f74984c16
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:37 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17580
last-modified
Mon, 18 Apr 2022 20:00:42 GMT
server
cloudflare
etag
"44ac-5dcf3370b36ea"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F7%2Bmeyw9lkjz9l%2BwBc4JPUL9ccjqhqN1BRE4EFWrFe0aesmzONMzRG8CwO1MHsZQg1LXO1CGNhScATK2Ao7TUT00q8leNGv2BmpenDnh0itZ%2BlleqmdMAH4HnCWc1lwdEHXtiFUUdXPC1YRDYg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a94a09e090b2-FRA
gid.js
my.rtmark.net/
65 B
543 B
XHR
General
Full URL
https://my.rtmark.net/gid.js
Requested by
Host: untimburra.com
URL: https://untimburra.com/400/4740849
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e060b77857a3b266af519a4e8b8b35d1421e10508d21c50771bda445b5b5f498
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:38 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://mrhelstein.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
cookie.js
partner.googleadservices.com/gampad/
218 B
646 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=mrhelstein.com&callback=_gfp_s_&client=ca-pub-2868766328331783
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2868766328331783&plah=mrhelstein.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
871d9538ab66ed7c8adc0f6f070d6ba28919780d9aa1e17cc23697a6b6f3d766
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
202
x-xss-protection
0
integrator.js
adservice.google.de/adsid/
107 B
792 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=mrhelstein.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2868766328331783&plah=mrhelstein.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 06:42:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=mrhelstein.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2868766328331783&plah=mrhelstein.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 06:42:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fmrhelstein.com%2F&tn=DIV&id=af-preloader&ign=false&pw=1600&ph=1200&x=0&y=1060.8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 06:42:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fmrhelstein.com%2F&tn=DIV&id=af-preloader&ign=false&pw=1600&ph=1200&x=0&y=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 06:42:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame D6F8
140 KB
36 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2868766328331783&output=html&adk=1812271804&adf=3025194257&lmt=1650350546&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fmrhelstein.com%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1650350557746&bpp=3&bdt=696&idt=488&shv=r20220413&mjsv=m202204140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1130225413910&frm=20&pv=2&ga_vid=1541517716.1650350558&ga_sid=1650350558&ga_hid=1065496045&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837&oid=2&pvsid=1283148603561743&pem=713&tmod=83031290&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=504
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2868766328331783&plah=mrhelstein.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
151048e6203691f567ab708ad4abdbf1dcd07c6aa633806a9c1b6599246e7aa3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mrhelstein.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
36307
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 06:42:39 GMT
expires
Tue, 19 Apr 2022 06:42:39 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/
14 KB
10 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220413&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2868766328331783&plah=mrhelstein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bb478e5faa2c1b866dff6366740033996f8457fa71fca898e5154de80621d8b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 06:42:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10585
x-xss-protection
0
4740849
untimburra.com/500/
3 KB
2 KB
XHR
General
Full URL
https://untimburra.com/500/4740849?excludes=&oaid=a071a069f5c24889b9e93aae92f17e65&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=3&pl=https%3A%2F%2Fmrhelstein.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
Requested by
Host: untimburra.com
URL: https://untimburra.com/400/4740849
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
de4bbf8ae74b6123a483accd5231d9b4cf104b1c4982050f9e391ad02153ed3d
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://mrhelstein.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
22ac5cea48ed2207ecbe0a95a69a4fdb
pragma
no-cache
date
Tue, 19 Apr 2022 06:42:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
nginx
vary
Origin
content-type
application/javascript
access-control-allow-origin
https://mrhelstein.com
access-control-expose-headers
Link
cache-control
no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials
true
strict-transport-security
max-age=1
timing-allow-origin
*, *
expires
Tue, 11 Jan 1994 10:00:00 GMT
4740849
untimburra.com/500/ Frame
0
0
Preflight
General
Full URL
https://untimburra.com/500/4740849?excludes=&oaid=a071a069f5c24889b9e93aae92f17e65&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=3&pl=https%3A%2F%2Fmrhelstein.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://mrhelstein.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://mrhelstein.com
access-control-max-age
600
allow
GET, OPTIONS
content-length
0
date
Tue, 19 Apr 2022 06:42:38 GMT
server
nginx
strict-transport-security
max-age=1
timing-allow-origin
*
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
01294585474738.jpeg
static.cdnativepush.com/contents/s/31/30/2c/3bdd0d269c87de559fcec9bae4/
52 KB
52 KB
Image
General
Full URL
https://static.cdnativepush.com/contents/s/31/30/2c/3bdd0d269c87de559fcec9bae4/01294585474738.jpeg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.152 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
98e5b320a779d0c45384598fd53aca67999ff9f4e1fb6d514d3f407967bd47f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:38 GMT
last-modified
Tue, 15 Mar 2022 09:53:44 GMT
server
nginx
etag
"62306228-cf02"
access-control-allow-methods
GET, POST, OPTIONS, HEAD
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length
52994
memento-MQFnCP-720x530.jpeg
mrhelstein.com/wp-content/uploads/2022/04/
51 KB
52 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/04/memento-MQFnCP-720x530.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
350cfebfaae95234a1af8c1c1fb8f012760729cfd0771974b53a2a1c21014a89
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:38 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
52432
last-modified
Mon, 18 Apr 2022 23:27:26 GMT
server
cloudflare
etag
"ccd0-5dcf61a5efe16"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AyeXu5iKOc3ZNcwoiPnggUTOEo%2BHkK2nSzLsyKQQiZmxgdU4TdU%2BHG47RvV8AwhvExtQXg9vjsydMJ12iPHwEgDfdth0YnvmYWSBNn1zox%2Fka3aTK0xcqC0ykhPWmIoqGux3y%2FBxqdxt1OJgAw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a94dcdf090b2-FRA
kaguya-sama-love-is-war-season-3-ending-starship-troopers-anime-kgOUZt-720x530.jpeg
mrhelstein.com/wp-content/uploads/2022/04/
46 KB
47 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/04/kaguya-sama-love-is-war-season-3-ending-starship-troopers-anime-kgOUZt-720x530.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
344c324dbec03fb48912481ece746e7444663ab6c4ae5184eed7e6d482360eaf
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:38 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
46946
last-modified
Mon, 18 Apr 2022 22:28:59 GMT
server
cloudflare
etag
"b762-5dcf54960e593"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2amnhPg%2FBRtAVZyDSgmx05yrUs0uWLGEiXe84ppafCLORsSPgVm4NRaIykISRlASmKvmnKsBei7n3OQ66gx2v2k04DlMA8gtdUcBVCm3hxqYxCN%2B%2BIqnGRRzlPI4MtMXQDA2kW0lSb8ooMqGjw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a94dcdf390b2-FRA
netflix-logo-two-qK6sm1-720x530.jpeg
mrhelstein.com/wp-content/uploads/2022/04/
13 KB
14 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/04/netflix-logo-two-qK6sm1-720x530.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbb1c76a60a0b2a71c78473f90f2284d51913f350a2d1e2e79a28f79ee841577
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:38 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
13502
last-modified
Tue, 19 Apr 2022 03:27:58 GMT
server
cloudflare
etag
"34be-5dcf976a40f6b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GaxF6x4uRAS%2Bz0BT3Mc9ZFIym%2FoVDHjBXNTICR3cJ%2Be%2FrX23PyAOiJSleA2VTGrVhhhHuQUOKwbGXjZqHL7DamwUgCjw7uKdcnvJbZSxVKjBEXbpU%2FBUZqrQHCDgfuQfmbOzqxlFa6chfuTqFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a94dcdf590b2-FRA
sonic-1273318-K7uBav-720x530.jpeg
mrhelstein.com/wp-content/uploads/2022/04/
43 KB
44 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/04/sonic-1273318-K7uBav-720x530.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
993e43ab99fca9038eb7ce43839d3664cd206f00ca3cf7e97849655e887c54ae
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:38 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44096
last-modified
Mon, 18 Apr 2022 23:28:26 GMT
server
cloudflare
etag
"ac40-5dcf61df50575"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7YP0Y%2Fvaq%2F4%2Bh0fXGnOcGU2ZeaekUPdFRi4OznrJaLSuNY9ffaa5l3%2BhLjQq4m8e6th05ok8QouppUdHiTGAOlO%2BOrIoiSn7tzmkT%2BuKaCSFHTCo0aoTfoGHZZBV5Wtr%2FJKLQ7rcHFYEMMfsPw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a94dcdf790b2-FRA
icon-256x256-1.png
mrhelstein.com/wp-content/uploads/2022/02/
47 KB
48 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/02/icon-256x256-1.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42ce55c371bc656245b92a48b4263a76d427503267d026e50bb3b957d2c08a23
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
47358
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
48264
last-modified
Fri, 25 Feb 2022 19:17:30 GMT
server
cloudflare
etag
"bc88-5d8dc8cca0d9b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eoKyu4CLniRNKn0Ml9YK1KsGYRaOx8t%2FFb4kocdtzb5s5itNIMdtDnJxRDN7bCC1PZduXHRouEjEes2IehqV3WDOSqXB9w6z2fsjAHWLaVlYKqLxmRSl4hurfSR9RH%2BsDtAo2QaDafSoXGwEYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a94dcdf890b2-FRA
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2868766328331783&plah=mrhelstein.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 19 Apr 2022 06:42:38 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0921
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mrhelstein.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
391
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 06:36:07 GMT
expires
Wed, 19 Apr 2023 06:36:07 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame B3EE
783 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f885da5991246c589c942e2dcbd40c04de1f8422e8a97a43fede742bbacfa8a6
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-DDg/YCWuQA1Fb6VGKzZzjw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mrhelstein.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
515
content-security-policy
script-src 'report-sample' 'nonce-DDg/YCWuQA1Fb6VGKzZzjw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 06:42:38 GMT
expires
Tue, 19 Apr 2022 06:42:38 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
pagead2.googlesyndication.com/bg/ Frame 0921
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/iDHsPPU-w9vlnufKSHbr26QNWWZn22uKUKQjwtrxHns.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 20:15:37 GMT
content-encoding
br
x-content-type-options
nosniff
age
37621
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13566
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 18 Apr 2023 20:15:37 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame B3EE
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220413&jk=1283148603561743&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

generate_204
tpc.googlesyndication.com/ Frame 0921
0
9 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?0T04eA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/
145 KB
51 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/reactive_library_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2868766328331783&plah=mrhelstein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dd130adc8e19bd19a00cf32483184f275f8e4a0a83569a3c7f6d2c9f19671c99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52696
x-xss-protection
0
server
cafe
etag
2735665033295005793
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Tue, 19 Apr 2022 06:42:39 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=rasra::pm&rt=8&c=ca-pub-2868766328331783&eid=44759876%2C44759927%2C44759837
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 06:42:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=rasra::pr&rt=8&c=ca-pub-2868766328331783&eid=44759876%2C44759927%2C44759837
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 19 Apr 2022 06:42:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=mrhelstein.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2868766328331783&plah=mrhelstein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 06:42:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=mrhelstein.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2868766328331783&plah=mrhelstein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 19 Apr 2022 06:42:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/ Frame A1FA
10 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202204140101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2868766328331783&plah=mrhelstein.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mrhelstein.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
33839
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
gzip
content-length
4398
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 18 Apr 2022 21:18:40 GMT
etag
14837630671339829333
expires
Mon, 02 May 2022 21:18:40 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
css2
fonts.googleapis.com/ Frame A1FA
4 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 04:51:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 19 Apr 2022 06:42:39 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 19 Apr 2022 06:42:39 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame A1FA
205 B
742 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:33:47 GMT
x-content-type-options
nosniff
age
532
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 19 Apr 2023 06:33:47 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame A1FA
604 B
694 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 04:01:35 GMT
x-content-type-options
nosniff
age
9664
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 19 Apr 2023 04:01:35 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/ Frame A1FA
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1240106b570dda5fdb8cf5e703d20b1068194eb2f18795e20fa85fcb96108fdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:38:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
251
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8275
x-xss-protection
0
server
cafe
etag
13275616604445095965
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 03 May 2022 06:38:28 GMT
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220413&jk=1283148603561743&bg=!39yl3JjNAAZvJBiFTyQ7ACkAdvg8WvTr3DeWEEMdaLZEnUKlMjSy74HCYIr6ElGe4M1Z5rMO-0lkgQIAAACGUgAAAARoAQcKAOSToj_jmkjhh-fTjvTR3FbDS4lOKINxufFUWO8xDePP5u2CqHQY0L71igAugsURMnoMzTWyVl2r9owFqKSS4xqsymI7ei8Odpng41EiN0xUGs5S1gNbfgCWhbuWVDAXVEouhvBTxfwj81wbeTJ4NFqgPD5IJD5sGY6PqpbzCVafhc_AWcfipybEAxBp7GeIoAOYwSBMIMl-YurGATETIDTMTBbMWDbKTkUE0PzYdd81ixlG2sG_gVP4OcMEyzAvo-eaL8NN6l1TRqIp3bukVp4VINX4rHBvZfFdIYCBcJ92VDBbJJKZApPvnSPFeQ6_hdREFmpgzGOLx2I6NTXuV8K8kQPExqjFPLI2_OTuLw0r92n_nIbGATNJZ-v6HTkcuTeVDZ-r8x1HTxab1ekEws6csbKVJZjih26njEFtSbdl6BaApReCQB18EaJU2pPdn3_5Vy0XJFvMhL-rC-8ByHKG0xj3rHGsCLkKsi_t-SR6K-spOhNU2_U1_SMI-VQRWYiJXHMS3fmzARQ7uS2NpHiWqJpVyLGya4bxMXpH_lzz5g7oH1BMI-SSVrEJ7Xzv2nIbC6qkXfJA8QSEyMHc1GXUP0NscObfLoE09RyPhGKwETI9X5uC9pqw7cndpMtora02cIVCyAo9hH6-ex6HYdUvMn4CKbWfBioweehTzUvJY8CbAeajUR7wSMAhXE-7XfQxd414LgsjLd27Ncrltbx0GUd1pXbF5T3Y6-6urwC0duMPWa3PSZ2NffjJ0Zt63eW6QqMZC0YF3E_h9DsbBYFCdb6rpB0nPmwh0zqWEbwRf9m0AmZqa83z6YY6ce1YIK_AbvhhMGpbfuiAIZt7g6y-74FLzhLMnRKApNn4-_yCYvzg-gCeFRQJxvPz1xScRFyYSDLubpuSVsEH7huf16PgM2IE0Tf3eN-P6nstQltInKVqa8WLHTrskuYvCJRYXE3B2E8UkJIY8spPvse4Qx5DGo8PyZKglrJI-TgRMm0ljzEJFnk2xZCQfR-GF36UAsfAPYyhwEvOc4fnFEX2hrXL8k7VaBpxJF0kMA1cWRcozjPqyK-58hly1-YbJ2xKOlHl7f6E0GDbYq22OADKnu9wxOWUtChnvj6Dz1T9FFyjvfUoQg47nE0G9YKDVWX-AGD5TaWi1NagKNZu8Y4dXocbIrKSsubYCTjiPw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame CDC9
2 KB
904 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
36
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
877
x-xss-protection
0
server
cafe
etag
13035868154101442325
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 03 May 2022 06:42:03 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame CDC9
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:40:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
139
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8002
x-xss-protection
0
server
cafe
etag
5332015062585099865
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 03 May 2022 06:40:20 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame CDC9
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:41:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 03 May 2022 06:41:22 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame CDC9
119 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650281421154365"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 19 Apr 2022 06:42:39 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame CDC9
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:38:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
249
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 03 May 2022 06:38:30 GMT
fb084ba56019ecef1e967c41e75d05fd.js
www.gstatic.com/mysidia/ Frame CDC9
29 KB
12 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/fb084ba56019ecef1e967c41e75d05fd.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
320829d08d5e492bb1e0e2c49e7ddfe9a4d5c9f7ed57f4c1316914276450b4c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 13 Apr 2022 08:37:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
511526
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11996
x-xss-protection
0
last-modified
Thu, 07 Apr 2022 03:53:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 12 Jul 2022 08:37:13 GMT
redir.html
p4-dpqkx2ug5mhyo-hll2za3gbk6xsyhz-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame F196
247 B
962 B
Document
General
Full URL
https://p4-dpqkx2ug5mhyo-hll2za3gbk6xsyhz-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220413/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
71d6c7a48ae8eae4f2cd51bc5e37da390e4279af4a7d35eb42bb70b1b4b26779
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
203
content-security-policy-report-only
script-src 'nonce-uhVEaA3CrZXUy0PXnZfZKg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 06:42:39 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
last-modified
Mon, 02 Dec 2019 20:15:00 GMT
pragma
no-cache
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
iframe.html
p4-dpqkx2ug5mhyo-hll2za3gbk6xsyhz-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame F196
4 KB
2 KB
Document
General
Full URL
https://p4-dpqkx2ug5mhyo-hll2za3gbk6xsyhz-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Requested by
Host: p4-dpqkx2ug5mhyo-hll2za3gbk6xsyhz-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-dpqkx2ug5mhyo-hll2za3gbk6xsyhz-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f3.1e100.net
Software
sffe /
Resource Hash
a76ea8ecc242a82e9c48e8822f2e7e6788b9ba36f243169fce916259fc3d51e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://p4-dpqkx2ug5mhyo-hll2za3gbk6xsyhz-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
1862
content-security-policy-report-only
script-src 'nonce-OQ13aETw6nol9G6UQRYYIg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy
cross-origin
date
Tue, 19 Apr 2022 06:42:40 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
last-modified
Thu, 29 Apr 2021 21:38:00 GMT
pragma
no-cache
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
kaguya-sama-love-is-war-season-3-ending-starship-troopers-anime-kgOUZt.jpeg
mrhelstein.com/wp-content/uploads/2022/04/
75 KB
76 KB
Image
General
Full URL
https://mrhelstein.com/wp-content/uploads/2022/04/kaguya-sama-love-is-war-season-3-ending-starship-troopers-anime-kgOUZt.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43f15d338c3b7bb21dc90aceaf1014ac42f2fcccc18f521e16fc60d68e178739
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mrhelstein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 06:42:43 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
77040
last-modified
Mon, 18 Apr 2022 22:28:58 GMT
server
cloudflare
etag
"12cf0-5dcf549530ab4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xtbMWodlguc01j8Pp99Ap%2BimOn%2BEgRzslz1Dp07DOs6Yyp27%2B%2BcyZsPNP8mNPyG5Z3djmJgG3wu8HXYnbdKGQ4CLdmQlIycat3Ql2wJIg4TDobaatgJrtDycp7A1VYG4GdU9oRqWksXN0Bul0g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
vary
User-Agent, Accept-Encoding
cache-control
public, must-revalidate, proxy-revalidate, immutable, max-age=31536000, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges
bytes
cf-ray
6fe3a96c29b390b2-FRA

Verdicts & Comments Add Verdict or Comment

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails string| k object| _08ht7i7586 object| nowk33gh6n object| zfgformats function| setImmediate function| clearImmediate function| _zafjyg function| _hujqmuu object| __CF$cv$params object| __cfQR function| advanced_ads_ready object| advanced_ads_ready_queue object| apvc_rest object| advads_options undefined| $ function| jQuery function| Plyr object| advads object| jetpackLazyImagesL10n object| fifuImageVars object| observer function| disableClick function| disableLink function| fifu_fix_gallery_height object| CCB_YT_PLAYERS function| onYouTubePlayerReady boolean| CCB_YT_API_LOADED object| bootstrap function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry object| _stq boolean| __cfRLUnblockHandlers function| st_go function| linktracker_init object| wpcom function| onYouTubePlayerAPIReady object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map string| google_user_agent_client_hint object| zfgstorage object| webpushlogs function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ object| google_image_requests function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms object| google_llp number| google_lpabyc object| googletag

6 Cookies

Domain/Path Name / Value
.mrhelstein.com/ Name: __cf_bm
Value: _m_2Rd5f42d99oPVXCxHaDa.Hz3LYMcKnnjJYkC.reU-1650350557-0-AXZAE/XPRxHpRXBG9T8SuLxjehOJ09xQZty7A/l19mL6QNqvuk/jem8ZO7nztAoHirrSsCyA6YU21etfs05s7+mru7BJK/IUU46BCt1sEpSHt54HaV50JACbmWTRFxPBRA==
my.rtmark.net/ Name: ID
Value: a071a069f5c24889b9e93aae92f17e65
.kinguin.net/ Name: PAPCookie_Imp_bf4d8be1
Value: pap
untimburra.com/ Name: OAID
Value: a071a069f5c24889b9e93aae92f17e65
.mrhelstein.com/ Name: __gads
Value: ID=35136601e18e8b34-2294e9cf7acd00dd:T=1650350558:RT=1650350558:S=ALNI_Mayf1yHNhKtz33rFCBHs5khfEV4aQ
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

1 Console Messages

Source Level URL
Text
network error URL: https://mrhelstein.com/wp-json/apvc/v1/update_visit?ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F100.0.4896.75%20Safari%2F537.36&url=https%3A%2F%2Fmrhelstein.com%2F&referred=&cpt=post
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
affiliate.kinguin.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
mrhelstein.com
my.rtmark.net
p4-dpqkx2ug5mhyo-hll2za3gbk6xsyhz-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.wp.com
shadecorp.net
static.cdnativepush.com
stats.wp.com
tpc.googlesyndication.com
untimburra.com
www.google.com
www.googletagservices.com
www.gstatic.com
139.45.195.8
139.45.197.152
139.45.197.239
142.250.181.226
142.250.185.67
192.0.76.3
2606:4700:3035::ac43:964a
2a00:1450:4001:800::2003
2a00:1450:4001:810::2001
2a00:1450:4001:810::2002
2a00:1450:4001:812::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:830::2002
2a00:1450:4001:831::2004
2a06:98c1:3120::7
91.201.28.212
0f9c5b7e6b6edc0b1f962766b4a493c345dbe9837c904aaa37a00a1466307f43
1240106b570dda5fdb8cf5e703d20b1068194eb2f18795e20fa85fcb96108fdb
151048e6203691f567ab708ad4abdbf1dcd07c6aa633806a9c1b6599246e7aa3
200e370a76ab7c066f3ad6186565bc41bb1f45f3d71d8c02f843af648bc0b033
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28a354ffb9ff9239b1d7e5ec85b8915361e76838f0a3b63eafc64295e4a0947c
30bdc29dd6cc72d1f62f56d503beb17bdb294770cc12fbaae891ba65dc9555bf
311e4e8db193625db85e6679cb19fef1b043932f68a2fe6599582d9241fa08ef
320829d08d5e492bb1e0e2c49e7ddfe9a4d5c9f7ed57f4c1316914276450b4c8
340b20f9ff6d073c2fea911631d8a6e13af185d983cbe842ddca27df91d0f295
344c324dbec03fb48912481ece746e7444663ab6c4ae5184eed7e6d482360eaf
350cfebfaae95234a1af8c1c1fb8f012760729cfd0771974b53a2a1c21014a89
36b0ed71b2c0de1915bd39a9d15dff134d4d78ce9c6538ea4affefe7222ece84
418552ab6c47aa9c6994a47696bcdb59bf98ebd0d49e56347057e05b5f5de167
42736c7de60dfab94b3cc902b8692f80cfeb0a5989d1d51db1d25fd7d18dc45b
42ce55c371bc656245b92a48b4263a76d427503267d026e50bb3b957d2c08a23
42dc55134fe82a16616bd69dcaa9491169538f94e5097d656537aada8be5e725
43f15d338c3b7bb21dc90aceaf1014ac42f2fcccc18f521e16fc60d68e178739
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4caa2b4b885d62d25d986de63c6e3163f9c7da374d9b76bc4a412b61d4f2975d
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5e624cc207e03d06cb1a83d7e8eb917c4aff2637077d8ddb4504cc2bf271da4b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
676ef1cd8eceb1e5a817ddd6c7803ebab7292e128a37419512143a1a8d94503d
69b5114cd32fd5a55f40b3978231f0028054b3e579ff7a79e0d3e5dd2fddc674
71d6c7a48ae8eae4f2cd51bc5e37da390e4279af4a7d35eb42bb70b1b4b26779
79d26046ad7180d50362decbb840a4561dfd7eadb7cf15de18f89d692e02a9b8
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
871d9538ab66ed7c8adc0f6f070d6ba28919780d9aa1e17cc23697a6b6f3d766
8831ec3cf53ec3dbe59ee7ca4876ebdba40d596667db6b8a50a423c2daf11e7b
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8dc3eb3bcb0ee6a2457a1f6cd34ef9205c9e172fca149eae7eb5f05f9f3e4780
90b2f5bd63fb65e74dc248df73aa3d884c3c548f367e2c82aae84998689574b1
9239d83af024eca6dd0ee58c170050fdbae4a940b4755cc58ec747f611ffaaa4
970a3fa15876d16dcc0fd70eb7c9ab44d733108b3ddca1a449edd0356c1b79a7
98e5b320a779d0c45384598fd53aca67999ff9f4e1fb6d514d3f407967bd47f2
993e43ab99fca9038eb7ce43839d3664cd206f00ca3cf7e97849655e887c54ae
9c48e390554af0203851fd806c3e5fd715a1a1bdd7855bda9f4efa000c9b7b12
9caf59dd83273982d4a7de84364f3746e9b2f25ff141dab3a6a79bbc69ff1dce
9d18fe5ec12989401ea029c4ca707fc20ca3c2aa897e65975deaad02eccc86f3
9e02a7fd3116b2c80edf0421b0d558dfbde45d66742b63752ee73334ef67e72d
a126df8e7c721d6775ac62782e86fb6ae64bbe8328769ab3b2256ae73a0b3106
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a76ea8ecc242a82e9c48e8822f2e7e6788b9ba36f243169fce916259fc3d51e4
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
a83c3f260b750dfc47e4e5024eda4b4f80be0c0a3e0ae5111a3b0a799df64448
a986c26c40febdfac5074b57a925fe2d7b901e75b7bcad4a19a5cbe3987b51bf
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
b321ae217c883c72cb713b83592dba8bb9617d0f533164a72a401d640b3af9ce
bb478e5faa2c1b866dff6366740033996f8457fa71fca898e5154de80621d8b5
cbb1c76a60a0b2a71c78473f90f2284d51913f350a2d1e2e79a28f79ee841577
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d6621200328c67a58e7f049fc077058611d49a8b0462acecdd1f25ef0b20a831
dd130adc8e19bd19a00cf32483184f275f8e4a0a83569a3c7f6d2c9f19671c99
dda36cfeeb9eee7aaba1ed1b0095880efc541d360735985b9e0f0d5ee97c6044
de4bbf8ae74b6123a483accd5231d9b4cf104b1c4982050f9e391ad02153ed3d
df8a9413610101010a5a1acefe472dfeeb9132dcb857ee9ee430cd7f74984c16
e060b77857a3b266af519a4e8b8b35d1421e10508d21c50771bda445b5b5f498
e3423fdb2b718a739ba18ed595ade82591e07374bf77f376099ebcb199375034
e3559a75370602a9326e56a2e5eee39c2c452471473628ff5aaa11648fb5deb2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3908955a7ee9a486064c97c02a3ba753ac473de76f3834ea9e5af9786a3db67
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f885da5991246c589c942e2dcbd40c04de1f8422e8a97a43fede742bbacfa8a6
f936a132f6d3aae687e7031b2305bb706e910f8bc68ce83827d4b1c764b44def
f9dd079f284071ff220eb3929f27c8c48bb722385e38e627551e14784cf44a33