urlscan.io logo urlscan.io
SecurityTrails logo

baubau.bg Open in urlscan Pro
164.138.217.72  Public Scan

Go To Rescan Add Verdict Report
URL: https://baubau.bg/
Submission: On March 30 via manual from RO — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 26 HTTP transactions. The main IP is 164.138.217.72, located in Bulgaria and belongs to SUPERHOSTING_AS, BG. The main domain is baubau.bg.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 26th 2024. Valid for: 3 months.
This is the only time baubau.bg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
23 164.138.217.72 201200 (SUPERHOST...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
1 2a03:2880:f08... 32934 (FACEBOOK)
26 4
23    164.138.217.72 (Bulgaria)

ASN201200 (SUPERHOSTING_AS, BG)
PTR: vpsxouaz.superdnsserver.net
baubau.bg
static.baubau.bg
cb.valivalcommerce.com
1    2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
Apex Domain
Subdomains		 Transfer
21 baubau.bg
baubau.bg
static.baubau.bg
559 KB
2 valivalcommerce.com
cb.valivalcommerce.com
11 KB
1 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 182
59 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2042
250 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 42
96 KB
26 5
Domain Requested by
18 static.baubau.bg baubau.bg
static.baubau.bg
3 baubau.bg static.baubau.bg
2 cb.valivalcommerce.com baubau.bg
cb.valivalcommerce.com
1 connect.facebook.net baubau.bg
1 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com baubau.bg
26 6
Subject Issuer Validity Valid
baubau.bg
cPanel, Inc. Certification Authority		 2024-02-26 -
2024-05-26		 3 months crt.sh
static.baubau.bg
cPanel, Inc. Certification Authority		 2024-03-05 -
2024-06-03		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
cb.valivalcommerce.com
cPanel, Inc. Certification Authority		 2024-02-19 -
2024-05-19		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-01-07 -
2024-04-06		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://baubau.bg/
Frame ID: 97996A3B23ADFCED9A02A1495A27BF22
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Зоо Портал - BauBau.bg

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

26
Requests

100 %
HTTPS

75 %
IPv6

5
Domains

6
Subdomains

4
IPs

3
Countries

725 kB
Transfer

1846 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
baubau.bg/ 		105 KB
31 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
622a804be03e3018fa4e9d1a6113419c0b78c27fcb98c1e982d66c0eb3ffab56
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-store, no-cache, must-revalidate max-age=600, private, must-revalidate, post-check=0, pre-check=0, no-store
content-encoding
gzip
content-length
30903
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
content-type
text/html; charset=UTF-8
date
Sat, 30 Mar 2024 09:28:10 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
permissions-policy
microphone=(), camera=()
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
montserrat_latin_regular.woff2
static.baubau.bg/fonts/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/fonts/montserrat_latin_regular.woff2
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
Origin
https://baubau.bg
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
date
Sat, 30 Mar 2024 09:28:10 GMT
content-length
19172
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 22 Mar 2021 08:41:14 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Sun, 31 Mar 2024 09:28:10 GMT
montserrat_latin_bold.woff2
static.baubau.bg/fonts/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/fonts/montserrat_latin_bold.woff2
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
Origin
https://baubau.bg
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
date
Sat, 30 Mar 2024 09:28:10 GMT
content-length
19480
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 22 Mar 2021 08:41:14 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Sun, 31 Mar 2024 09:28:10 GMT
montserrat_cyrillic_regular.woff2
static.baubau.bg/fonts/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/fonts/montserrat_cyrillic_regular.woff2
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
637fc05835856f967578386134fe8a10b4fc4afaae082c8052226d5bd5a23e4e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
Origin
https://baubau.bg
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
date
Sat, 30 Mar 2024 09:28:10 GMT
content-length
12196
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 22 Mar 2021 08:41:14 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Sun, 31 Mar 2024 09:28:10 GMT
montserrat_cyrillic_bold.woff2
static.baubau.bg/fonts/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/fonts/montserrat_cyrillic_bold.woff2
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
1ce6685465805e98dfd2b3633e74711102167bc0ae656c536ba35587c20aeba4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
Origin
https://baubau.bg
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
date
Sat, 30 Mar 2024 09:28:10 GMT
content-length
12228
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 22 Mar 2021 08:41:14 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Sun, 31 Mar 2024 09:28:10 GMT
vendor.810.css
static.baubau.bg/themes/baubau/ 		11 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/themes/baubau/vendor.810.css
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
688ab61774a2d4aa97e8c6d0cd57275035038ac8913531aca510fc370575b86a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
date
Sat, 30 Mar 2024 09:28:10 GMT
content-length
3518
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 27 Mar 2024 07:28:33 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Mon, 29 Apr 2024 09:28:10 GMT
main.810.css
static.baubau.bg/themes/baubau/ 		504 KB
63 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/themes/baubau/main.810.css
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
a788eeaef518aba9197e45e83f3eb81bce14f2f8c245135bafec9aa68c4709a8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
date
Sat, 30 Mar 2024 09:28:10 GMT
content-length
64648
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 27 Mar 2024 07:28:33 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Mon, 29 Apr 2024 09:28:10 GMT
vendor.810.js
static.baubau.bg/themes/baubau/ 		127 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/themes/baubau/vendor.810.js
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
c926a2de854c064b4bdb086fd9022f8f620bf93f0eefc0a801f5c14daa4ea7cb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
date
Sat, 30 Mar 2024 09:28:10 GMT
content-length
46273
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 27 Mar 2024 07:28:33 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2160000, private
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Mon, 29 Apr 2024 09:28:10 GMT
main.810.js
static.baubau.bg/themes/baubau/ 		150 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/themes/baubau/main.810.js
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
7bc1a64a71fb90d7419f3aa50310310870e980fffc2e713297234ccd35c1f7b7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
date
Sat, 30 Mar 2024 09:28:10 GMT
content-length
36919
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 27 Mar 2024 07:28:33 GMT
server
Apache
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=2160000, private
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
Mon, 29 Apr 2024 09:28:10 GMT
js
www.googletagmanager.com/gtag/ 		277 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-LPFEETXYGL
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e87643b288df83fee986e4b022d96326c9be914da8f2dff78bc76a62a03a3b84
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 30 Mar 2024 09:28:10 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
97457
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 30 Mar 2024 09:28:10 GMT
baubau.png
static.baubau.bg/resources/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/resources/baubau.png
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
cd5468e0d667ba05e71458a0fccb6da374c6d7711fe9a5ae659e140e34cc7b2a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 14:50:16 GMT
server
Apache
date
Sat, 30 Mar 2024 09:28:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
1619
x-xss-protection
1; mode=block
expires
Mon, 29 Apr 2024 09:28:10 GMT
transp.png
static.baubau.bg/themes/baubau/images/ 		68 B
137 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/themes/baubau/images/transp.png
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
8a8a6d6325c5391079a56dc9a9185ef79618a784232a529db8b9809d3260e4cb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 08 Apr 2021 13:08:32 GMT
server
Apache
date
Sat, 30 Mar 2024 09:28:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
68
x-xss-protection
1; mode=block
expires
Mon, 29 Apr 2024 09:28:10 GMT
cb.js
cb.valivalcommerce.com/dist/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cb.valivalcommerce.com/dist/cb.js?version=1711790890
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
c863cd19a08e6e7f3bb79a84c5bb40d4b3a2e4214fd650a39962363cfed318e3
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 30 Mar 2024 09:28:10 GMT
content-encoding
gzip
last-modified
Fri, 22 Mar 2024 14:27:08 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2160000, private
accept-ranges
bytes
content-length
2222
x-xss-protection
1; mode=block
expires
Mon, 29 Apr 2024 09:28:10 GMT
paws.svg
static.baubau.bg/themes/baubau/images/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/themes/baubau/images/paws.svg
Requested by
Host: static.baubau.bg
URL: https://static.baubau.bg/themes/baubau/main.810.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
e487b1f3b30e8a3a5a31043594b2bded1b2e2215decf9b76b21505d4456cddd9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://static.baubau.bg/themes/baubau/main.810.css
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 12 Nov 2020 14:57:35 GMT
server
Apache
date
Sat, 30 Mar 2024 09:28:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
42886
x-xss-protection
1; mode=block
expires
Sun, 31 Mar 2024 09:28:10 GMT
loading.svg
static.baubau.bg/themes/baubau/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/themes/baubau/images/loading.svg
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
44701fd38705d2fd411beded55638d72c348fcba76b04773d571e9e4be72a7ad
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 05 Mar 2021 12:57:15 GMT
server
Apache
date
Sat, 30 Mar 2024 09:28:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
4253
x-xss-protection
1; mode=block
expires
Sun, 31 Mar 2024 09:28:10 GMT
bg-pattern.png
static.baubau.bg/themes/baubau/images/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/themes/baubau/images/bg-pattern.png
Requested by
Host: static.baubau.bg
URL: https://static.baubau.bg/themes/baubau/main.810.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
1568afa5785fee8320c126c145626b9b2a3e70dc565087c4957646d7b61319d8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://static.baubau.bg/themes/baubau/main.810.css
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 12 Nov 2020 14:57:35 GMT
server
Apache
date
Sat, 30 Mar 2024 09:28:10 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
6797
x-xss-protection
1; mode=block
expires
Mon, 29 Apr 2024 09:28:10 GMT
cart
baubau.bg/ 		59 B
101 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://baubau.bg/cart
Requested by
Host: static.baubau.bg
URL: https://static.baubau.bg/themes/baubau/vendor.810.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
f612ad2be431b201dd19f3cde7312754e0a69ad811cc46f46064309e2926f6ae
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://baubau.bg/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
date
Sat, 30 Mar 2024 09:28:10 GMT
content-length
61
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate, max-age=600, private, must-revalidate, post-check=0, pre-check=0, no-store
permissions-policy
microphone=(), camera=()
expires
Thu, 19 Nov 1981 08:52:00 GMT
getDOM
baubau.bg/action/ 		1 KB
506 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://baubau.bg/action/getDOM
Requested by
Host: static.baubau.bg
URL: https://static.baubau.bg/themes/baubau/vendor.810.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
3a9a50b9873e1d5795c979ed10220974fe144c55c9bc6d0b94aee8e6f6048216
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8
Accept
*/*
Referer
https://baubau.bg/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
date
Sat, 30 Mar 2024 09:28:10 GMT
content-length
465
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate, max-age=600, private, must-revalidate, post-check=0, pre-check=0, no-store
permissions-policy
microphone=(), camera=()
expires
Thu, 19 Nov 1981 08:52:00 GMT
/
cb.valivalcommerce.com/cookies/consent/ 		68 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cb.valivalcommerce.com/cookies/consent/?projectID=aTRidUpSQlhGL3loUmhvYmFOWFN0Zz09&language=bg&jsonp=vvCookiebotDraw
Requested by
Host: cb.valivalcommerce.com
URL: https://cb.valivalcommerce.com/dist/cb.js?version=1711790890
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
6e0ee6fb6a7e13eecb42ef07181cb709a870c141d37319c797dedbba270fa794
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 30 Mar 2024 09:28:10 GMT
content-encoding
gzip
server
Apache
vary
Accept-Encoding
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=600, private, must-revalidate, post-check=0, pre-check=0, no-store
content-length
8373
x-xss-protection
1; mode=block
expires
Thu, 19 Nov 1981 08:52:00 GMT
230220145602saveti.jpg
static.baubau.bg/resources/ 		118 KB
118 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/resources/230220145602saveti.jpg
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
2e8b086fa9456de058e6b0c7c8ad9f8e3dc9d509daefa142052ea9df0ee2e692
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 21 Feb 2023 08:30:17 GMT
server
Apache
date
Sat, 30 Mar 2024 09:28:11 GMT
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
120625
x-xss-protection
1; mode=block
expires
Mon, 29 Apr 2024 09:28:11 GMT
magazin-final-min.jpg
static.baubau.bg/resources/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/resources/magazin-final-min.jpg
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
28addf87311f493801933b04922a53950d1cfcc5a5dd79b370946b52f16a0a33
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 22 Mar 2021 09:13:26 GMT
server
Apache
date
Sat, 30 Mar 2024 09:28:11 GMT
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
29353
x-xss-protection
1; mode=block
expires
Mon, 29 Apr 2024 09:28:11 GMT
media-final-min.jpg
static.baubau.bg/resources/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/resources/media-final-min.jpg
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
8b0d1f3f939a03903c6c710f6ce1da66d39830e0a85c0b9712bcbbac434fbfb1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 22 Mar 2021 09:13:32 GMT
server
Apache
date
Sat, 30 Mar 2024 09:28:11 GMT
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
36307
x-xss-protection
1; mode=block
expires
Mon, 29 Apr 2024 09:28:11 GMT
spravochnik-final.jpg
static.baubau.bg/resources/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.baubau.bg/resources/spravochnik-final.jpg
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
3d43430e9eaa60c1b8d1b555c15cd4b338108569e08359067c5d74c88c412634
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 05 Mar 2021 13:06:56 GMT
server
Apache
date
Sat, 30 Mar 2024 09:28:11 GMT
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
80165
x-xss-protection
1; mode=block
expires
Mon, 29 Apr 2024 09:28:11 GMT
collect
region1.google-analytics.com/g/ 		0
250 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-LPFEETXYGL&_ono=1&gtm=45je43r0v9126972605za200&_p=1711790890784&gcs=G100&gcd=13p3p3p2p5&npa=1&dma_cps=-&dma=1&cid=794199699.1711790891&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.86%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.86&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=denied&_s=1&sid=1711790891&sct=1&seg=0&dl=https%3A%2F%2Fbaubau.bg%2F&dt=%D0%97%D0%BE%D0%BE%20%D0%9F%D0%BE%D1%80%D1%82%D0%B0%D0%BB%20-%20BauBau.bg&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1001
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LPFEETXYGL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 30 Mar 2024 09:28:11 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://baubau.bg
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
favicon.ico
static.baubau.bg/resources/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://static.baubau.bg/resources/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
164.138.217.72 , Bulgaria, ASN201200 (SUPERHOSTING_AS, BG),
Reverse DNS
vpsxouaz.superdnsserver.net
Software
Apache /
Resource Hash
5613718ea8e04c223380e93cba8d89f9eaaf10234dc70044c4615e2903bccddd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 06 Nov 2020 14:19:33 GMT
server
Apache
date
Sat, 30 Mar 2024 09:28:11 GMT
x-frame-options
SAMEORIGIN
content-type
image/x-icon
cache-control
max-age=31536000, public
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
content-length
1150
x-xss-protection
1; mode=block
expires
Mon, 29 Apr 2024 09:28:11 GMT
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: baubau.bg
URL: https://baubau.bg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
047e3259b6f0b42d781532fa122b2d8de9aed187d766fd45efcf119450eeb4c4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://baubau.bg/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 30 Mar 2024 09:28:13 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58040
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=12, mss=1326, tbw=2781, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
SPtswaiurW4+3powtCdojJfajnT7vC8N0qk3WlVGYN9KsngC4oCEdzv8dGGBPSdl9It7i77zx0/RK1Kuf7eRBg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
x-fb-optimizer
0
permissions-policy
accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal object| curr object| lang function| gtag object| dataLayer object| gtag_pixel function| tns object| bodyScrollLock function| $ function| jQuery function| lazyload function| LazyLoad string| dir string| uri number| ww string| theme string| layout object| sliders object| menu object| search object| busy object| checkoutAgreementToggler boolean| resized boolean| fullscreen object| lazy object| ajax object| modalConfig string| urlbase string| fb_app_id function| hideArrowOnInit function| lazyLoadSlides function| hideArrowOnChange function| load_search function| load_rate function| address_tolatlong function| oauth function| facebookLogin function| popupwindow function| compare function| compare_scroll function| getURLParameter function| notif function| ad_flags function| emoticon function| load_tipster function| countdown function| price_rate function| load_lazy function| loadMobileMainmenu function| lazyLoadVideo function| lazyLoadDOM function| intersectLazyDOM function| prepareMediaBlocks function| escapeRegExp function| load_selects function| load_sliders function| resizeSubCategoryHeader function| loadGalleryControlsAnimation function| loadGalleryZoom function| loadImage function| modifiersCombinationsSetter function| getOverrideShippingParams function| sendEcommerce function| load_dropzone function| pageBuilderCategoryWrapper function| toggleAjaxLoader function| ltrim function| getHref function| respond number| width object| $accents function| personalizationsProcess function| personalizationsErrors function| personalizationsPrices object| initialX boolean| galleryLoaded object| galleryImagesLoaded object| cart_scrolled object| lazyContentObserver object| accents function| vvCookiebotDraw function| vvCookiebotSave object| elementsArr object| google_tag_manager object| google_tag_data object| gaGlobal number| tnsId boolean| facebook_conversions_api function| fbq function| _fbq object| facebook_pixel

1 Cookies

Domain/Path Name / Value
baubau.bg/ Name: baubau
Value: e1b058923c89735c65bc6c19b8d82a04

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

baubau.bg
cb.valivalcommerce.com
connect.facebook.net
region1.google-analytics.com
static.baubau.bg
www.googletagmanager.com
164.138.217.72
2001:4860:4802:32::36
2a00:1450:4001:81d::2008
2a03:2880:f084:d:face:b00c:0:3
047e3259b6f0b42d781532fa122b2d8de9aed187d766fd45efcf119450eeb4c4
1568afa5785fee8320c126c145626b9b2a3e70dc565087c4957646d7b61319d8
1ce6685465805e98dfd2b3633e74711102167bc0ae656c536ba35587c20aeba4
28addf87311f493801933b04922a53950d1cfcc5a5dd79b370946b52f16a0a33
2e8b086fa9456de058e6b0c7c8ad9f8e3dc9d509daefa142052ea9df0ee2e692
3a9a50b9873e1d5795c979ed10220974fe144c55c9bc6d0b94aee8e6f6048216
3d43430e9eaa60c1b8d1b555c15cd4b338108569e08359067c5d74c88c412634
44701fd38705d2fd411beded55638d72c348fcba76b04773d571e9e4be72a7ad
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
5613718ea8e04c223380e93cba8d89f9eaaf10234dc70044c4615e2903bccddd
622a804be03e3018fa4e9d1a6113419c0b78c27fcb98c1e982d66c0eb3ffab56
637fc05835856f967578386134fe8a10b4fc4afaae082c8052226d5bd5a23e4e
688ab61774a2d4aa97e8c6d0cd57275035038ac8913531aca510fc370575b86a
6e0ee6fb6a7e13eecb42ef07181cb709a870c141d37319c797dedbba270fa794
7bc1a64a71fb90d7419f3aa50310310870e980fffc2e713297234ccd35c1f7b7
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
8a8a6d6325c5391079a56dc9a9185ef79618a784232a529db8b9809d3260e4cb
8b0d1f3f939a03903c6c710f6ce1da66d39830e0a85c0b9712bcbbac434fbfb1
a788eeaef518aba9197e45e83f3eb81bce14f2f8c245135bafec9aa68c4709a8
c863cd19a08e6e7f3bb79a84c5bb40d4b3a2e4214fd650a39962363cfed318e3
c926a2de854c064b4bdb086fd9022f8f620bf93f0eefc0a801f5c14daa4ea7cb
cd5468e0d667ba05e71458a0fccb6da374c6d7711fe9a5ae659e140e34cc7b2a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e487b1f3b30e8a3a5a31043594b2bded1b2e2215decf9b76b21505d4456cddd9
e87643b288df83fee986e4b022d96326c9be914da8f2dff78bc76a62a03a3b84
f612ad2be431b201dd19f3cde7312754e0a69ad811cc46f46064309e2926f6ae