Submitted URL: http://e.savethechildren.org/a/hBi9BxTB8yKeXB962w$AAyoE7IT/header?d_refcode_singleseg=New_Leads
Effective URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentuck...
Submission: On August 11 via manual from US — Scanned from DE

Summary

This website contacted 108 IPs in 10 countries across 92 domains to perform 323 HTTP transactions. The main IP is 74.123.154.123, located in United States and belongs to BLACKBAUD-ASN, US. The main domain is support.savethechildren.org. The Cisco Umbrella rank of the primary domain is 410251.
TLS certificate: Issued by GeoTrust EV RSA CA 2018 on February 3rd 2022. Valid for: a year.
This is the only time support.savethechildren.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 8.33.184.124 53316 (ASN-CHEET...)
44 74.123.154.123 15148 (BLACKBAUD...)
20 2600:9000:214... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
16 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 2a02:26f0:170... 20940 (AKAMAI-ASN1)
1 99.86.4.114 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
5 99.86.4.81 16509 (AMAZON-02)
2 2600:9000:205... 16509 (AMAZON-02)
1 2a04:4e42:600... 54113 (FASTLY)
2 6 34.241.142.170 16509 (AMAZON-02)
1 143.204.215.35 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 34.120.195.249 15169 (GOOGLE)
1 208.113.174.133 26347 (DREAMHOST-AS)
1 52.30.130.246 16509 (AMAZON-02)
5 15.236.176.210 16509 (AMAZON-02)
1 1 34.242.156.102 16509 (AMAZON-02)
1 54.229.84.199 16509 (AMAZON-02)
2 52.218.153.72 16509 (AMAZON-02)
3 2400:52e0:1e0... 200325 (BUNNYCDN)
4 2a00:1450:400... 15169 (GOOGLE)
3 6 142.250.185.230 15169 (GOOGLE)
2 2a03:2880:f02... 32934 (FACEBOOK)
1 2a02:2638:1::3 44788 (ASN-CRITE...)
2 2600:9000:205... 16509 (AMAZON-02)
1 31 52.46.130.91 16509 (AMAZON-02)
1 34.98.72.238 15169 (GOOGLE)
1 3 2606:4700:440... 13335 (CLOUDFLAR...)
2 54.200.137.219 16509 (AMAZON-02)
1 4 52.5.60.62 14618 (AMAZON-AES)
1 65.9.65.116 16509 (AMAZON-02)
1 44.238.33.223 16509 (AMAZON-02)
1 2 151.101.2.132 54113 (FASTLY)
1 4 2620:1ec:c11:... 8068 (MICROSOFT...)
2 99.86.4.120 16509 (AMAZON-02)
5 6 2a02:2638::1c 44788 (ASN-CRITE...)
4 2a00:1450:400... 15169 (GOOGLE)
1 142.250.181.226 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 35.156.167.229 16509 (AMAZON-02)
1 178.250.2.146 44788 (ASN-CRITE...)
4 2a03:2880:f12... 32934 (FACEBOOK)
13 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 1 104.18.32.107 13335 (CLOUDFLAR...)
4 5 37.252.172.37 29990 (ASN-APPNEX)
1 34.209.226.105 16509 (AMAZON-02)
2 2620:1ec:27::... 8075 (MICROSOFT...)
8 3.67.234.137 16509 (AMAZON-02)
5 192.229.221.25 15133 (EDGECAST)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 1 178.250.2.151 44788 (ASN-CRITE...)
1 74.119.119.150 19750 (AS-CRITEO)
1 2 64.4.245.84 17012 (PAYPAL)
1 1 18.156.126.13 16509 (AMAZON-02)
3 3 104.18.19.126 13335 (CLOUDFLAR...)
2 3 3.127.105.16 16509 (AMAZON-02)
1 1 69.192.160.219 16625 (AKAMAI-AS)
2 3 18.156.0.31 16509 (AMAZON-02)
2 2 35.158.69.126 16509 (AMAZON-02)
2 2600:1f18:612... 14618 (AMAZON-AES)
1 212.82.100.182 34010 (YAHOO-IRD)
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 1 2.21.20.200 20940 (AKAMAI-ASN1)
1 1 143.204.213.191 16509 (AMAZON-02)
2 52.18.211.80 16509 (AMAZON-02)
1 54.225.217.42 14618 (AMAZON-AES)
1 188.65.124.66 41690 (DAILYMOTI...)
1 1 3.221.3.139 14618 (AMAZON-AES)
1 2 69.173.144.139 26667 (RUBICONPR...)
1 1 34.98.67.61 15169 (GOOGLE)
2 2 37.157.2.234 198622 (ADFORM)
2 2 185.94.180.125 35220 (SPOTX-AMS)
1 1 3.124.40.150 16509 (AMAZON-02)
1 1 3.73.240.107 16509 (AMAZON-02)
3 3 216.58.212.130 15169 (GOOGLE)
1 52.20.189.152 14618 (AMAZON-AES)
2 2 99.86.4.3 16509 (AMAZON-02)
1 34.98.64.218 15169 (GOOGLE)
2 2 77.243.60.138 42697 (NETIC-AS)
1 185.64.190.80 62713 (AS-PUBMATIC)
1 1 69.173.144.138 26667 (RUBICONPR...)
1 54.78.254.47 16509 (AMAZON-02)
1 1 104.200.30.45 63949 (LINODE-AP...)
1 198.47.127.19 62713 (AS-PUBMATIC)
1 2 141.226.228.48 200478 (TABOOLA-AS)
2 44.235.191.156 16509 (AMAZON-02)
1 2a04:4e42:400... 54113 (FASTLY)
3 52.184.204.244 8075 (MICROSOFT...)
1 52.12.117.226 16509 (AMAZON-02)
4 15 3.33.220.150 16509 (AMAZON-02)
1 2 20.234.93.27 8075 (MICROSOFT...)
1 199.232.188.157 54113 (FASTLY)
1 23.35.237.86 16625 (AKAMAI-AS)
5 65.9.66.24 16509 (AMAZON-02)
1 143.204.215.10 16509 (AMAZON-02)
1 34.225.35.161 14618 (AMAZON-AES)
2 66.155.71.150 13768 (COGECO-PEER1)
2 178.250.0.163 44788 (ASN-CRITE...)
2 2 52.57.41.188 16509 (AMAZON-02)
1 2600:9000:205... 16509 (AMAZON-02)
1 104.18.18.126 13335 (CLOUDFLAR...)
1 2 99.81.70.153 16509 (AMAZON-02)
1 2.18.235.93 16625 (AKAMAI-AS)
1 52.57.134.94 16509 (AMAZON-02)
3 64.202.112.31 22075 (AS-OUTBRAIN)
1 185.64.189.110 62713 (AS-PUBMATIC)
1 35.158.53.117 16509 (AMAZON-02)
1 185.86.139.89 201081 (SMARTADSE...)
1 104.111.242.245 16625 (AKAMAI-AS)
1 13.248.245.213 16509 (AMAZON-02)
2 96.16.132.239 16625 (AKAMAI-AS)
1 37.157.4.41 198622 (ADFORM)
1 185.255.84.153 200271 (IGUANE-)
1 141.95.98.67 16276 (OVH)
2 2 34.206.247.163 14618 (AMAZON-AES)
1 2600:1f18:444... 14618 (AMAZON-AES)
1 2 35.186.194.101 15169 (GOOGLE)
1 85.215.5.31 6786 (CRONON-BE...)
1 104.244.42.69 13414 (TWITTER)
1 104.244.42.67 13414 (TWITTER)
4 143.204.205.113 16509 (AMAZON-02)
1 2 3.127.167.79 16509 (AMAZON-02)
1 1 37.252.173.62 29990 (ASN-APPNEX)
1 35.244.174.68 15169 (GOOGLE)
1 18.118.75.167 16509 (AMAZON-02)
323 108
Apex Domain
Subdomains
Transfer
52 savethechildren.org
e.savethechildren.org
support.savethechildren.org — Cisco Umbrella Rank: 410251
www.savethechildren.org — Cisco Umbrella Rank: 525765
files.savethechildren.org
smetrics.savethechildren.org — Cisco Umbrella Rank: 976206
1003 KB
31 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 288
25 KB
26 cloudfront.net
dx2eq2oh924g4.cloudfront.net
d1n00d49gkbray.cloudfront.net
d1eoo1tco6rr5e.cloudfront.net
472 KB
23 google.com
pay.google.com — Cisco Umbrella Rank: 3621
adservice.google.com — Cisco Umbrella Rank: 98
play.google.com — Cisco Umbrella Rank: 50
www.google.com — Cisco Umbrella Rank: 10
395 KB
16 adsrvr.org
js.adsrvr.org — Cisco Umbrella Rank: 1298
insight.adsrvr.org — Cisco Umbrella Rank: 619
match.adsrvr.org — Cisco Umbrella Rank: 381
6 KB
16 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 413
127 KB
13 braintreegateway.com
js.braintreegateway.com — Cisco Umbrella Rank: 7834
client-analytics.braintreegateway.com — Cisco Umbrella Rank: 7620
41 KB
12 doubleclick.net
10657097.fls.doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 55
cm.g.doubleclick.net — Cisco Umbrella Rank: 208
4853738.fls.doubleclick.net
7 KB
11 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 401
mug.criteo.com — Cisco Umbrella Rank: 2755
sslwidget.criteo.com — Cisco Umbrella Rank: 1552
widget.us.criteo.com — Cisco Umbrella Rank: 15285
dis.criteo.com — Cisco Umbrella Rank: 699
15 KB
8 paypal.com
c.paypal.com — Cisco Umbrella Rank: 5474
b.stats.paypal.com — Cisco Umbrella Rank: 4928
dub.stats.paypal.com — Cisco Umbrella Rank: 21742
c6.paypal.com — Cisco Umbrella Rank: 6285
42 KB
8 gstatic.com
fonts.gstatic.com
www.gstatic.com
164 KB
7 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 547
n.clarity.ms — Cisco Umbrella Rank: 5450
c.clarity.ms — Cisco Umbrella Rank: 996
26 KB
7 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 188
stc.demdex.net — Cisco Umbrella Rank: 929856
9 KB
6 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 238
secure.adnxs.com — Cisco Umbrella Rank: 462
6 KB
5 ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 2503
13 KB
5 google.de
adservice.google.de — Cisco Umbrella Rank: 8117
www.google.de — Cisco Umbrella Rank: 5596
2 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 94
268 KB
4 outbrain.com
amplify.outbrain.com — Cisco Umbrella Rank: 2020
sync.outbrain.com — Cisco Umbrella Rank: 686
tr.outbrain.com — Cisco Umbrella Rank: 1817
4 KB
4 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 277
cms.analytics.yahoo.com — Cisco Umbrella Rank: 774
1001 B
4 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 530
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 453
r.casalemedia.com — Cisco Umbrella Rank: 713
4 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
517 B
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 52
40 KB
4 omappapi.com
a.omappapi.com — Cisco Umbrella Rank: 4931
api.omappapi.com — Cisco Umbrella Rank: 5093
14 KB
4 bing.com
bat.bing.com — Cisco Umbrella Rank: 351
c.bing.com — Cisco Umbrella Rank: 195
13 KB
4 mountain.com
dx.mountain.com — Cisco Umbrella Rank: 6730
px.mountain.com — Cisco Umbrella Rank: 6602
gs.mountain.com — Cisco Umbrella Rank: 12709
8 KB
4 wdsvc.net
tags.wdsvc.net — Cisco Umbrella Rank: 30083
28 KB
4 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 804
s.tribalfusion.com — Cisco Umbrella Rank: 2199
a4.tribalfusion.com — Cisco Umbrella Rank: 34203
4 KB
3 liadm.com
i.liadm.com — Cisco Umbrella Rank: 576
i6.liadm.com — Cisco Umbrella Rank: 1609
1 KB
3 adscale.de
ih.adscale.de — Cisco Umbrella Rank: 1323
cotads.adscale.de — Cisco Umbrella Rank: 2588
1 KB
3 airpr.com
px.airpr.com — Cisco Umbrella Rank: 13691
dpx.airpr.com — Cisco Umbrella Rank: 10694
3 KB
3 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 869
image6.pubmatic.com — Cisco Umbrella Rank: 636
simage2.pubmatic.com — Cisco Umbrella Rank: 610
616 B
3 adform.net
c1.adform.net — Cisco Umbrella Rank: 603
cm.adform.net — Cisco Umbrella Rank: 1657
1 KB
3 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 326
token.rubiconproject.com — Cisco Umbrella Rank: 707
892 B
3 krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 502
usermatch.krxd.net — Cisco Umbrella Rank: 1229
694 B
3 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 292
2 KB
3 cookiebot.com
consent.cookiebot.com — Cisco Umbrella Rank: 4454
consentcdn.cookiebot.com — Cisco Umbrella Rank: 5153
88 KB
2 smartclip.net
ad.sxp.smartclip.net — Cisco Umbrella Rank: 2757
480 B
2 yieldlab.net
ad.yieldlab.net — Cisco Umbrella Rank: 1340
1 KB
2 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 649
850 B
2 sitescout.com
pixel.sitescout.com — Cisco Umbrella Rank: 3338
191 B
2 taboola.com
sync.taboola.com — Cisco Umbrella Rank: 933
sync-t1.taboola.com — Cisco Umbrella Rank: 1048
266 B
2 semasio.net
uipglob.semasio.net — Cisco Umbrella Rank: 1069
1 KB
2 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 145
542 B
2 serving-sys.com
bs.serving-sys.com — Cisco Umbrella Rank: 1037
lm.serving-sys.com — Cisco Umbrella Rank: 1755
779 B
2 spotxchange.com
sync.search.spotxchange.com — Cisco Umbrella Rank: 516
1 KB
2 tremorhub.com
amazon.partners.tremorhub.com — Cisco Umbrella Rank: 4918
criteo-partners.tremorhub.com — Cisco Umbrella Rank: 2996
365 B
2 myvisualiq.net
t.myvisualiq.net — Cisco Umbrella Rank: 1628
1 KB
2 braintree-api.com
payments.braintree-api.com — Cisco Umbrella Rank: 9588
2 KB
2 ispot.tv
pt.ispot.tv — Cisco Umbrella Rank: 1811
pi.ispot.tv — Cisco Umbrella Rank: 2118
607 B
2 leadsrx.com
app.leadsrx.com — Cisco Umbrella Rank: 9352
19 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 155
111 KB
2 amazonaws.com
s3-us-west-2.amazonaws.com
2 KB
2 ywxi.net
cdn.ywxi.net — Cisco Umbrella Rank: 9076
13 KB
1 thebrighttag.com
s.thebrighttag.com — Cisco Umbrella Rank: 1303
268 B
1 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 309
98 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 506
355 B
1 t.co
t.co — Cisco Umbrella Rank: 445
338 B
1 twiago.com
a.twiago.com — Cisco Umbrella Rank: 14684
153 B
1 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 541
1 KB
1 omnitagjs.com
visitor.omnitagjs.com — Cisco Umbrella Rank: 1273
235 B
1 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 411
140 B
1 teads.tv
criteo-sync.teads.tv — Cisco Umbrella Rank: 1422
172 B
1 smartadserver.com
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 605
163 B
1 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 521
35 B
1 mediavine.com
exchange.mediavine.com — Cisco Umbrella Rank: 1184
40 B
1 media.net
contextual.media.net — Cisco Umbrella Rank: 526
785 B
1 securedvisit.com
track.securedvisit.com — Cisco Umbrella Rank: 4941
24 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 609
15 KB
1 ninthdecimal.com
lciapi.ninthdecimal.com — Cisco Umbrella Rank: 2774
612 B
1 exelator.com
loadus.exelator.com — Cisco Umbrella Rank: 1072
324 B
1 openx.net
us-u.openx.net — Cisco Umbrella Rank: 396
304 B
1 mookie1.com
odr.mookie1.com — Cisco Umbrella Rank: 925
632 B
1 samba.tv
ads.samba.tv — Cisco Umbrella Rank: 4961
418 B
1 dmxleo.com
public-prod-dspcookiematching.dmxleo.com — Cisco Umbrella Rank: 1801
122 B
1 samplicio.us
usersync.samplicio.us — Cisco Umbrella Rank: 2123
263 B
1 imdb.com
www.imdb.com — Cisco Umbrella Rank: 2073
914 B
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 628
762 B
1 zeotap.com
mwzeom.zeotap.com — Cisco Umbrella Rank: 1478
392 B
1 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 508
458 B
1 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 451
485 B
1 trustedsite.com
www.trustedsite.com — Cisco Umbrella Rank: 14533
951 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 125
15 KB
1 dgtrx.com
www.dgtrx.com — Cisco Umbrella Rank: 977713
18 KB
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 627
14 KB
1 opmnstr.com
a.opmnstr.com — Cisco Umbrella Rank: 19611
55 KB
1 omtrdc.net
savethechildrenfeder.tt.omtrdc.net — Cisco Umbrella Rank: 922192
733 B
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 816
517 B
1 sentry.io
o69911.ingest.sentry.io
285 B
1 decibelinsight.net
cdn.decibelinsight.net — Cisco Umbrella Rank: 7172
75 KB
1 sentry-cdn.com
browser.sentry-cdn.com — Cisco Umbrella Rank: 4315
20 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231
2 KB
0 survata.com Failed
px.surveywall-api.survata.com Failed
323 92
Domain Requested by
44 support.savethechildren.org support.savethechildren.org
browser.sentry-cdn.com
31 s.amazon-adsystem.com 1 redirects support.savethechildren.org
s.amazon-adsystem.com
20 dx2eq2oh924g4.cloudfront.net support.savethechildren.org
dx2eq2oh924g4.cloudfront.net
16 assets.adobedtm.com support.savethechildren.org
assets.adobedtm.com
14 insight.adsrvr.org 4 redirects support.savethechildren.org
js.adsrvr.org
d1eoo1tco6rr5e.cloudfront.net
13 play.google.com www.gstatic.com
8 client-analytics.braintreegateway.com browser.sentry-cdn.com
6 gum.criteo.com 5 redirects static.criteo.net
6 dpm.demdex.net 2 redirects support.savethechildren.org
browser.sentry-cdn.com
5 nexus.ensighten.com www.googletagmanager.com
nexus.ensighten.com
5 c.paypal.com js.braintreegateway.com
c.paypal.com
5 ib.adnxs.com 4 redirects support.savethechildren.org
5 smetrics.savethechildren.org browser.sentry-cdn.com
px.airpr.com
5 www.googletagmanager.com support.savethechildren.org
assets.adobedtm.com
www.googletagmanager.com
5 js.braintreegateway.com support.savethechildren.org
4 d1eoo1tco6rr5e.cloudfront.net 4853738.fls.doubleclick.net
nexus.ensighten.com
4 www.facebook.com support.savethechildren.org
4 www.google-analytics.com www.gstatic.com
www.googletagmanager.com
browser.sentry-cdn.com
support.savethechildren.org
4 tags.wdsvc.net 1 redirects support.savethechildren.org
tags.wdsvc.net
browser.sentry-cdn.com
4 10657097.fls.doubleclick.net 2 redirects assets.adobedtm.com
4 www.gstatic.com pay.google.com
www.gstatic.com
4 fonts.gstatic.com dx2eq2oh924g4.cloudfront.net
4 pay.google.com support.savethechildren.org
pay.google.com
www.gstatic.com
3 n.clarity.ms browser.sentry-cdn.com
3 cm.g.doubleclick.net 3 redirects
3 ups.analytics.yahoo.com 2 redirects
3 x.bidswitch.net 2 redirects
3 www.google.de support.savethechildren.org
3 www.google.com support.savethechildren.org
3 googleads.g.doubleclick.net www.googleadservices.com
3 adservice.google.com 10657097.fls.doubleclick.net
4853738.fls.doubleclick.net
3 bat.bing.com assets.adobedtm.com
bat.bing.com
support.savethechildren.org
2 dpx.airpr.com 1 redirects
2 tr.outbrain.com amplify.outbrain.com
2 ad.sxp.smartclip.net 1 redirects
2 i.liadm.com 2 redirects
2 ad.yieldlab.net
2 ad.360yield.com 1 redirects
2 ih.adscale.de 2 redirects
2 dis.criteo.com
2 pixel.sitescout.com support.savethechildren.org
2 4853738.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 c.clarity.ms 1 redirects
2 px.mountain.com dx.mountain.com
support.savethechildren.org
2 uipglob.semasio.net 2 redirects
2 sb.scorecardresearch.com 2 redirects
2 sync.search.spotxchange.com 2 redirects
2 c1.adform.net 2 redirects
2 pixel.rubiconproject.com 1 redirects
2 beacon.krxd.net s.amazon-adsystem.com
2 t.myvisualiq.net 2 redirects
2 dsum-sec.casalemedia.com 2 redirects
2 www.clarity.ms bat.bing.com
www.clarity.ms
2 adservice.google.de adservice.google.com
2 payments.braintree-api.com browser.sentry-cdn.com
2 s.tribalfusion.com 1 redirects a.tribalfusion.com
2 api.omappapi.com browser.sentry-cdn.com
2 a.omappapi.com a.opmnstr.com
2 app.leadsrx.com assets.adobedtm.com
browser.sentry-cdn.com
2 d1n00d49gkbray.cloudfront.net assets.adobedtm.com
support.savethechildren.org
2 connect.facebook.net assets.adobedtm.com
connect.facebook.net
2 s3-us-west-2.amazonaws.com browser.sentry-cdn.com
2 cdn.ywxi.net support.savethechildren.org
2 consent.cookiebot.com support.savethechildren.org
consent.cookiebot.com
1 s.thebrighttag.com
1 idsync.rlcdn.com
1 secure.adnxs.com 1 redirects
1 analytics.twitter.com
1 t.co
1 a.twiago.com
1 criteo-partners.tremorhub.com
1 i6.liadm.com
1 id5-sync.com
1 visitor.omnitagjs.com
1 cm.adform.net
1 eb2.3lift.com
1 criteo-sync.teads.tv
1 sync-t1.taboola.com
1 rtb-csync.smartadserver.com
1 match.sharethrough.com
1 simage2.pubmatic.com
1 sync.outbrain.com
1 exchange.mediavine.com
1 contextual.media.net
1 r.casalemedia.com
1 cotads.adscale.de
1 track.securedvisit.com support.savethechildren.org
1 px.airpr.com support.savethechildren.org
1 amplify.outbrain.com support.savethechildren.org
1 static.ads-twitter.com www.googletagmanager.com
1 c.bing.com 1 redirects
1 match.adsrvr.org support.savethechildren.org
1 gs.mountain.com support.savethechildren.org
1 c6.paypal.com support.savethechildren.org
1 sync.taboola.com 1 redirects
1 image6.pubmatic.com s.amazon-adsystem.com
1 pi.ispot.tv 1 redirects
1 lciapi.ninthdecimal.com 1 redirects
1 loadus.exelator.com s.amazon-adsystem.com
1 token.rubiconproject.com 1 redirects
1 image2.pubmatic.com s.amazon-adsystem.com
1 ssum-sec.casalemedia.com 1 redirects
1 us-u.openx.net s.amazon-adsystem.com
1 usermatch.krxd.net s.amazon-adsystem.com
1 lm.serving-sys.com 1 redirects
1 bs.serving-sys.com 1 redirects
1 odr.mookie1.com 1 redirects
1 ads.samba.tv 1 redirects
1 public-prod-dspcookiematching.dmxleo.com s.amazon-adsystem.com
1 usersync.samplicio.us s.amazon-adsystem.com
1 www.imdb.com 1 redirects
1 ads.stickyadstv.com 1 redirects
1 mwzeom.zeotap.com 1 redirects
1 cms.analytics.yahoo.com s.amazon-adsystem.com
1 amazon.partners.tremorhub.com s.amazon-adsystem.com
1 tags.bluekai.com 1 redirects
1 aa.agkn.com 1 redirects
1 dub.stats.paypal.com support.savethechildren.org
1 b.stats.paypal.com 1 redirects
1 widget.us.criteo.com support.savethechildren.org
1 sslwidget.criteo.com 1 redirects
1 www.trustedsite.com cdn.ywxi.net
1 a4.tribalfusion.com 1 redirects
1 mug.criteo.com support.savethechildren.org
1 www.googleadservices.com www.googletagmanager.com
1 pt.ispot.tv support.savethechildren.org
1 dx.mountain.com assets.adobedtm.com
1 js.adsrvr.org assets.adobedtm.com
1 a.tribalfusion.com assets.adobedtm.com
1 www.dgtrx.com assets.adobedtm.com
1 static.criteo.net assets.adobedtm.com
1 a.opmnstr.com www.googletagmanager.com
1 savethechildrenfeder.tt.omtrdc.net browser.sentry-cdn.com
1 cm.everesttech.net 1 redirects
1 stc.demdex.net assets.adobedtm.com
1 files.savethechildren.org dx2eq2oh924g4.cloudfront.net
1 o69911.ingest.sentry.io browser.sentry-cdn.com
1 consentcdn.cookiebot.com consent.cookiebot.com
1 cdn.decibelinsight.net assets.adobedtm.com
1 browser.sentry-cdn.com support.savethechildren.org
1 www.savethechildren.org support.savethechildren.org
1 cdnjs.cloudflare.com support.savethechildren.org
1 e.savethechildren.org 1 redirects
0 px.surveywall-api.survata.com Failed s.amazon-adsystem.com
323 144
Subject Issuer Validity Valid
support.savethechildren.org
GeoTrust EV RSA CA 2018
2022-02-03 -
2023-03-06
a year crt.sh
*.cloudfront.net
Amazon
2022-02-01 -
2023-01-31
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-03 -
2023-08-02
a year crt.sh
assets.adobedtm.com
DigiCert TLS RSA SHA256 2020 CA1
2022-07-19 -
2023-08-19
a year crt.sh
consent.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1
2022-06-04 -
2023-06-06
a year crt.sh
www.savethechildren.org
Go Daddy Secure Certificate Authority - G2
2021-12-01 -
2023-01-02
a year crt.sh
*.google.com
GTS CA 1C3
2022-07-18 -
2022-10-10
3 months crt.sh
checkout.paypal.com
DigiCert SHA2 Extended Validation Server CA
2022-07-28 -
2023-08-28
a year crt.sh
*.ywxi.net
Amazon
2022-07-05 -
2023-08-03
a year crt.sh
*.sentry-cdn.com
GlobalSign Atlas R3 DV TLS CA H2 2021
2021-11-26 -
2022-12-28
a year crt.sh
*.decibelinsight.net
Amazon
2022-02-13 -
2023-03-14
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-07-18 -
2022-10-10
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-07-18 -
2022-10-10
3 months crt.sh
*.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1
2022-06-15 -
2023-06-17
a year crt.sh
*.ingest.sentry.io
R3
2022-06-21 -
2022-09-19
3 months crt.sh
files.savethechildren.org
Go Daddy Secure Certificate Authority - G2
2021-12-03 -
2022-10-25
a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1
2021-10-19 -
2022-11-19
a year crt.sh
smetrics.savethechildren.org
DigiCert TLS RSA SHA256 2020 CA1
2022-05-13 -
2023-06-13
a year crt.sh
*.tt.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1
2021-10-11 -
2022-10-12
a year crt.sh
*.s3-us-west-2.amazonaws.com
Amazon
2021-12-17 -
2022-11-29
a year crt.sh
a.opmnstr.com
R3
2022-07-22 -
2022-10-20
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2022-07-18 -
2022-10-10
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-05-20 -
2022-08-18
3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-06-21 -
2022-09-23
3 months crt.sh
s.amazon-adsystem.com
Amazon
2022-05-09 -
2023-04-21
a year crt.sh
vfr12trk.com
Starfield Secure Certificate Authority - G2
2021-12-24 -
2022-12-24
a year crt.sh
*.leadsrx.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
2022-04-05 -
2023-05-06
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2022-03-31 -
2023-05-02
a year crt.sh
*.mountain.com
Go Daddy Secure Certificate Authority - G2
2022-05-21 -
2023-06-22
a year crt.sh
*.ispot.tv
R3
2022-07-18 -
2022-10-16
3 months crt.sh
www.bing.com
Microsoft RSA TLS CA 01
2022-06-10 -
2022-12-10
6 months crt.sh
a.omappapi.com
R3
2022-07-22 -
2022-10-20
3 months crt.sh
api.opmnstr.com
Amazon
2022-02-09 -
2023-03-10
a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-06-15 -
2022-09-18
3 months crt.sh
www.googleadservices.com
GTS CA 1C3
2022-07-18 -
2022-10-10
3 months crt.sh
payments.braintree-api.com
DigiCert SHA2 Extended Validation Server CA
2021-12-08 -
2022-11-12
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-07-18 -
2022-10-10
3 months crt.sh
*.google.de
GTS CA 1C3
2022-07-18 -
2022-10-10
3 months crt.sh
*.trustedsite.com
Amazon
2022-01-25 -
2023-02-23
a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1
2022-02-27 -
2023-02-27
a year crt.sh
client-analytics.braintreegateway.com
DigiCert SHA2 High Assurance Server CA
2022-03-16 -
2023-04-16
a year crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA
2022-04-25 -
2023-04-25
a year crt.sh
www.google.com
GTS CA 1C3
2022-07-18 -
2022-10-10
3 months crt.sh
www.google.de
GTS CA 1C3
2022-07-18 -
2022-10-10
3 months crt.sh
tags.wdsvc.net
Go Daddy Secure Certificate Authority - G2
2021-11-01 -
2022-12-03
a year crt.sh
*.tremorhub.com
Amazon
2022-03-24 -
2023-04-22
a year crt.sh
real.sp.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA
2022-08-09 -
2023-02-01
6 months crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1
2021-11-03 -
2022-11-02
a year crt.sh
*.samplicio.us
Amazon
2022-03-18 -
2023-04-16
a year crt.sh
public-prod-dspcookiematching.dmxleo.com
ZeroSSL RSA Domain Secure Site CA
2022-07-26 -
2022-10-24
3 months crt.sh
usermatch.krxd.net
DigiCert TLS RSA SHA256 2020 CA1
2022-06-06 -
2023-06-05
a year crt.sh
*.openx.net
GeoTrust RSA CA 2018
2022-07-21 -
2023-08-21
a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2022-06-13 -
2023-07-14
a year crt.sh
*.exelator.com
DigiCert TLS RSA SHA256 2020 CA1
2022-06-08 -
2023-06-10
a year crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 02
2022-06-07 -
2023-06-02
a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2022-07-22 -
2023-08-22
a year crt.sh
*.outbrain.com
DigiCert TLS RSA SHA256 2020 CA1
2022-04-03 -
2023-04-04
a year crt.sh
nexus.ensighten.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-14 -
2022-10-12
a year crt.sh
*.airpr.com
Amazon
2021-12-10 -
2023-01-07
a year crt.sh
securedvisit.com
Amazon
2021-11-30 -
2022-12-27
a year crt.sh
*.sitescout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
2021-12-15 -
2023-01-15
a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA
2022-04-05 -
2023-05-04
a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA
2022-02-20 -
2023-02-22
a year crt.sh
exchange.mediavine.com
Amazon
2022-07-06 -
2023-08-04
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2022-03-08 -
2023-04-04
a year crt.sh
*.sharethrough.com
Amazon
2022-07-14 -
2023-08-12
a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-01-25 -
2023-01-25
a year crt.sh
*.taboola.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2021-11-28 -
2022-12-29
a year crt.sh
teads.tv
R3
2022-06-01 -
2022-08-30
3 months crt.sh
*.3lift.com
Amazon
2022-05-13 -
2023-06-11
a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA
2022-06-07 -
2022-11-30
6 months crt.sh
*.yieldlab.net
DigiCert SHA2 Secure Server CA
2022-01-14 -
2023-01-13
a year crt.sh
*.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2022-05-18 -
2023-06-16
a year crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA
2022-06-21 -
2023-07-21
a year crt.sh
*.id5-sync.com
R3
2022-05-31 -
2022-08-29
3 months crt.sh
*.twiago.com
Sectigo RSA Domain Validation Secure Server CA
2021-11-11 -
2022-12-12
a year crt.sh
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-07 -
2023-03-06
a year crt.sh
*.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-07 -
2023-03-06
a year crt.sh

This page contains 24 frames:

Primary Page: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Frame ID: 4B806F0D71D671D2E96FB937DC9B0149
Requests: 200 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 375280281D5A0C871E848282EF4B2A41
Requests: 1 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsupport.savethechildren.org&mid=
Frame ID: AD5B83C88500E87166617D9A63DDBEF3
Requests: 15 HTTP requests in this frame

Frame: https://stc.demdex.net/dest5.html?d_nsid=0
Frame ID: ED489099ECBD38D97AF282256867D48C
Requests: 1 HTTP requests in this frame

Frame: https://10657097.fls.doubleclick.net/activityi;dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0
Frame ID: 0F5DD4ADEAD1A0A8A6861743169B6BEB
Requests: 1 HTTP requests in this frame

Frame: https://10657097.fls.doubleclick.net/activityi;dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0
Frame ID: 07B7D3F08E8B9CC780C501C5770BB6CB
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D7b5e267f-6cf6-c436-4330-cc79e3ea1453%26type%3D4%26m%3D1&ex-fch=416613&ex-src=https://www.savethechildren.org/&ex-hargs=v%3D1.0%3Bc%3D2536428905417%3Bp%3D7B5E267F-6CF6-C436-4330-CC79E3EA1453&cb=73107274862259870&dcc=t
Frame ID: BFD369113BD8B9315C9D06D196F1F9C4
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=support.savethechildren.org&origin=onetag&us_privacy=1---
Frame ID: CBCA7FDD14D300F44BF705DC173C56AB
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/
Frame ID: 410EB3AC20D1BC34742F03EF4655CC65
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/
Frame ID: AC32A177BD387EE22FF72FA6F2A7DE12
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/
Frame ID: C821928042997D94423F11145F30B407
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/
Frame ID: 08A8DB9EDA8E0BBD9708057303A2B620
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Frame ID: E3BBE773106DA2D85F7EA6C8263818F4
Requests: 39 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: F8F06D9DF09374C8DD16496CE13B85EE
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: DF50A19F54C79A6CCD9582288607E66F
Requests: 5 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=f4b366979908d74d5c52dfcf3d03d994&t=1660230370.244&a=14
Frame ID: 4B4FB35DC92B206ECB2B5C2AEFAB2CD5
Requests: 1 HTTP requests in this frame

Frame: https://4853738.fls.doubleclick.net/activityi;dc_pre=CNjJmI2Iv_kCFSxIHgIdt0gJrg;src=4853738;type=dfp;cat=donat0;ord=6302841212190;gtm=2wg880;auiddc=1491197135.1660230370;~oref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022
Frame ID: 5F62E8CFB4BB51DC9BEDA8292DA45EC1
Requests: 2 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync
Frame ID: E2C179CEE63D687DF10C296CEE4E46B3
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=a6t02yu&ref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&upid=xvch1ck&upv=1.1.0
Frame ID: 354040DA75223850D4E42793521B0115
Requests: 1 HTTP requests in this frame

Frame: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-wUPa-pXgKNLDGq6H7jDhoqciwg3e1yx8E3VKHg&expires=30
Frame ID: 5170196A163C07ED12775B43A028EBAB
Requests: 30 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/azud70w/dsx8icm/iframe
Frame ID: 623053962782320D3BE4A44C9E623C4C
Requests: 2 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/45k2r2v/iframe
Frame ID: 77C1D4FAECD5F50895D9A6F6DFF9EF03
Requests: 2 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/qa0mevt/iframe
Frame ID: E535B366AFD772E6671803560E815E83
Requests: 2 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/n4od8ve/iframe
Frame ID: A5BB1D5BBDD19756D1E2DB0EC3F853B8
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

2022 Eastern Kentucky Flood Crisis Fund - Save the Children

Page URL History Show full URLs

  1. http://e.savethechildren.org/a/hBi9BxTB8yKeXB962w$AAyoE7IT/header?d_refcode_singleseg=New_Leads HTTP 307
    https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • browser\.sentry\-cdn\.com/([0-9.]+)/bundle(?:\.tracing)?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • /site/Donation2?.*df_id=
  • js/convio/modules\.js

Overall confidence: 100%
Detected patterns
  • js\.braintreegateway\.com

Overall confidence: 100%
Detected patterns
  • pay\.google\.com/([a-z/]+)/pay\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • consent\.cookiebot\.com

Overall confidence: 100%
Detected patterns
  • //static\.criteo\.net/js/ld/ld\.js

Overall confidence: 100%
Detected patterns
  • //nexus\.ensighten\.com/

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • (?:/yui/|yui\.yahooapis\.com)

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery-ui[.-]([\d.]*\d)[^/]*\.js
  • jquery-ui.*\.js

Page Statistics

323
Requests

85 %
HTTPS

24 %
IPv6

92
Domains

144
Subdomains

108
IPs

10
Countries

3203 kB
Transfer

7991 kB
Size

130
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://e.savethechildren.org/a/hBi9BxTB8yKeXB962w$AAyoE7IT/header?d_refcode_singleseg=New_Leads HTTP 307
    https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 59
  • https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=6B0E659F56A9E70D7F000101%40AdobeOrg&d_nsid=0&ts=1660230368767 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=6B0E659F56A9E70D7F000101%40AdobeOrg&d_nsid=0&ts=1660230368767
Request Chain 86
  • https://cm.everesttech.net/cm/dd?d_uuid=89340451392778590324404272840646099861 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YvUa4QAAAITHaQNe
Request Chain 102
  • https://10657097.fls.doubleclick.net/activityi;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0 HTTP 302
  • https://10657097.fls.doubleclick.net/activityi;dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0
Request Chain 109
  • https://10657097.fls.doubleclick.net/activityi;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0 HTTP 302
  • https://10657097.fls.doubleclick.net/activityi;dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0
Request Chain 113
  • https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D7b5e267f-6cf6-c436-4330-cc79e3ea1453%26type%3D4%26m%3D1&ex-fch=416613&ex-src=https://www.savethechildren.org/&ex-hargs=v%3D1.0%3Bc%3D2536428905417%3Bp%3D7B5E267F-6CF6-C436-4330-CC79E3EA1453&cb=73107274862259870 HTTP 302
  • https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D7b5e267f-6cf6-c436-4330-cc79e3ea1453%26type%3D4%26m%3D1&ex-fch=416613&ex-src=https://www.savethechildren.org/&ex-hargs=v%3D1.0%3Bc%3D2536428905417%3Bp%3D7B5E267F-6CF6-C436-4330-CC79E3EA1453&cb=73107274862259870&dcc=t
Request Chain 117
  • https://tags.wdsvc.net/controller.js?id=100229 HTTP 302
  • https://tags.wdsvc.net/container.js?id=100229&v=4.00&t=1660230369934
Request Chain 148
  • https://gum.criteo.com/sid/json?origin=onetag&domain=savethechildren.org&sn=ChromeSyncframe&so=0&topUrl=support.savethechildren.org&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=6K5E-nxlb1JsVHFqNlZCVGdPM3NkcUJ2ZkdXOGcwTm9nWGVGV0xDNElBK09qR3Z1Vmw4VGYwNmJVbDVROEliVnN0eGtrRWMvNCtZTDUyMDhlZ255aWx0THFRVHZHZVJndDAvNDBNMjJPODNZUWFoNlpQa0s1b3BZUU9yNS9yci9zUnhQWHFCRllvV0ZZNzZBNHhvZmJHUFBPNnJtVnNNUGxOa04rVjBpeXNMTDVKTzFxNFY1WG5sYUhTSU1PZ0g1WFZYK05uYUJqRWloR25oMXVtanFCSEZQUHFqWWtHWUVUdzNVQktpM0UrMktoR09uS1UyVklIaUZQcTA5Y0xuRmVSQytZV0FoemxmQThobkVEdm4xajMrR3puUT09fA&cppv=2
Request Chain 169
  • https://s.tribalfusion.com/visitor?%7B%22tagKey%22%3A%222481917101%22%2C%22th%22%3A7238200512%2C%22version%22%3A%221.0%22%2C%22tKey%22%3A%22apmneMnEbGXFZbbTtFVn6bIMrMBSfSwyd%22%2C%22url%22%3A%22https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022%22%2C%22clientName%22%3A%22Save%2520the%2520Children%22%2C%22clientID%22%3A791263%2C%22eventType%22%3A%22visitor%22%2C%22segmentNumber%22%3A0%2C%22segmentName%22%3A%22Sitewide%22%7D HTTP 302
  • https://a4.tribalfusion.com/ipg?ip6=2a01:4a0:1338:92::12&kv=%7B%22ord%22%3A%2016063202%2C%20%22clientID%22%3A%20791263%7D&redirect=https://ib.adnxs.com/getuidu?https://a.tribalfusion.com/i.match?p=b26&u=$UID&redirect=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D305%26code%3D%24TF_USER_ID_ENC%24 HTTP 302
  • https://ib.adnxs.com/setuid?entity=305&code=$TF_USER_ID_ENC$
Request Chain 184
  • https://sslwidget.criteo.com/event?a=33523&v=5.12.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3Ddonation-form-6827-one-time%26ui_ecommerce%3D0%26ui_sponsor%3D0&p2=e%3Dvp%26p%3Ddonation-form-6827-one-time%26ui_ecommerce%3D0%26ui_sponsor%3D0&p3=e%3Ddis&adce=1&bundle=GD4val9keUlMJTJCR0RVREt2ZHY5UndYMU5BJTJGek5namJ3V1IlMkYlMkZ3S1d4TWJkc1hkYTNvN2wlMkYxR3pMMVplOEElMkY2dmg0OGQ4QjFlSmFLRnlwSmRaZVJPRUl2V2ppUkJ1ZmFJS0VmZUFXNTNQMiUyRjAxMFJ4RjVqZ1RIZllLd2dPTU12c0xObktnSUNIMkdzNmZMaGRja2d2SVZOVkZxU2VVNlNzTGNFS2l0MUxZaHI3eVhsWSUzRA&tld=savethechildren.org&fu=https%253A%252F%252Fsupport.savethechildren.org%252Fsite%252FDonation2%253Fdf_id%253D6827%2526mfc_pref%253DT%25266827.donation%253Dform1%2526smtrctid%253DAAyoE7%2526cid%253DEmail%253A%253AEmer_Kentucky_Flood%253ANew_Leads%253A081022&dtycbr=64666&cs=1---&cv=1 HTTP 302
  • https://widget.us.criteo.com/event?a=33523&v=5.12.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3Ddonation-form-6827-one-time%26ui_ecommerce%3D0%26ui_sponsor%3D0&p2=e%3Dvp%26p%3Ddonation-form-6827-one-time%26ui_ecommerce%3D0%26ui_sponsor%3D0&p3=e%3Ddis&adce=1&bundle=GD4val9keUlMJTJCR0RVREt2ZHY5UndYMU5BJTJGek5namJ3V1IlMkYlMkZ3S1d4TWJkc1hkYTNvN2wlMkYxR3pMMVplOEElMkY2dmg0OGQ4QjFlSmFLRnlwSmRaZVJPRUl2V2ppUkJ1ZmFJS0VmZUFXNTNQMiUyRjAxMFJ4RjVqZ1RIZllLd2dPTU12c0xObktnSUNIMkdzNmZMaGRja2d2SVZOVkZxU2VVNlNzTGNFS2l0MUxZaHI3eVhsWSUzRA&tld=savethechildren.org&fu=https%253A%252F%252Fsupport.savethechildren.org%252Fsite%252FDonation2%253Fdf_id%253D6827%2526mfc_pref%253DT%25266827.donation%253Dform1%2526smtrctid%253DAAyoE7%2526cid%253DEmail%253A%253AEmer_Kentucky_Flood%253ANew_Leads%253A081022&dtycbr=64666&cs=1---&cv=1
Request Chain 200
  • https://b.stats.paypal.com/counter.cgi?i=127.0.0.1&p=f4b366979908d74d5c52dfcf3d03d994&t=1660230370.244&a=14 HTTP 302
  • https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=f4b366979908d74d5c52dfcf3d03d994&t=1660230370.244&a=14
Request Chain 201
  • https://ib.adnxs.com/setuid/a9?entity=188&code=AnJsQRb2QhSwChEENFKQFA&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DxandrHMT%26id%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%2Fa9%3Fentity%3D188%26code%3DAnJsQRb2QhSwChEENFKQFA%26redir%3Dhttps%253A%252F%252Fs.amazon-adsystem.com%252Fecm3%253Fex%253DxandrHMT%2526id%253D%2524UID HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=xandrHMT&id=AnJsQRb2QhSwChEENFKQFA
Request Chain 202
  • https://aa.agkn.com/adscores/g.pixel?sid=9212284268 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=216633104240002434512&ex=neustar.biz
Request Chain 203
  • https://dsum-sec.casalemedia.com/rrum?cm_dsp_id=198&external_user_id=pbpP5SbpRyq4FRFRkIrSPw&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DindexHMT%26id%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DindexHMT%26id%3D&cm_dsp_id=198&external_user_id=pbpP5SbpRyq4FRFRkIrSPw&C=1 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=indexHMT&id=YvUa4iYo1VtiURA2PvR6pgAA
Request Chain 204
  • https://x.bidswitch.net/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D HTTP 302
  • https://x.bidswitch.net/ul_cb/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=310320e12df20eb104f2f5e7285e8a9e
Request Chain 205
  • https://tags.bluekai.com/site/36840?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbluekai.com%26id%3D%24_BK_UUID HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=$_BK_UUID
Request Chain 206
  • https://ups.analytics.yahoo.com/ups/58516/sync?_origin=1&redir=true&uid=CpbrYoRZQE-CRW6QnwC2iQ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58516/sync?_origin=1&redir=true&uid=CpbrYoRZQE-CRW6QnwC2iQ&verify=true HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=yahooHMT&id=CpbrYoRZQE-CRW6QnwC2iQ
Request Chain 207
  • https://t.myvisualiq.net/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D HTTP 302
  • https://t.myvisualiq.net/ul_cb/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=ab54dda0-331e-4fe0-8126-9689c24b48f7
Request Chain 210
  • https://mwzeom.zeotap.com/mw?zpartnerid=1353&zurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dzeotap%26id%3D%7BZCOOKIE%7D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=zeotap&id=ef95123c-e472-41d5-418a-dcb6815dba48
Request Chain 211
  • https://ads.stickyadstv.com/user-matching?id=2545 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=c2b05442e4e35a4faf5bcdf9f0af943&ex=freewheel.tv&gdpr=0&gdpr_consent=
Request Chain 212
  • https://www.imdb.com/ads/idsync?cid=a706a6beb&ex=imdb.com HTTP 302
  • https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com
Request Chain 216
  • https://ads.samba.tv/cookie_sync?https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsamba.tv%26id%3D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=fd095e0ffb6c6ed0
Request Chain 217
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Gl7RRfZrTjGMFXgxlSJ_ig&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Gl7RRfZrTjGMFXgxlSJ_ig
Request Chain 218
  • https://dpm.demdex.net/ibs:dpid=139200&dpuuid=dfOuByEWQ1yfcsUMpXzZaQ&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=89340451392778590324404272840646099861
Request Chain 219
  • https://odr.mookie1.com/t/v2?tagid=V2_393725&AMAZON_REGION_SPECIFIC_ENDPOINT=s.amazon-adsystem.com&src.visitorID=eVLhHxFzQhKmVhdBv4w3hg HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10815957456790300460&gdpr=&gdpr_consent=
Request Chain 221
  • https://c1.adform.net/serving/cookie/match?party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=adform.net&id=6928307882303753497
Request Chain 222
  • https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=22b98d79-1987-11ed-8471-10b91cd50406 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=spotx.com&id=22b98d20-1987-11ed-8471-10b91cd50406
Request Chain 223
  • https://bs.serving-sys.com/Serving?cn=cs&rtu=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsizmek%26id%3D%5B%25tp_UserID%25%5D HTTP 302
  • https://lm.serving-sys.com/lm/acs?json={%22GUID%22:%2203f9498f-f646-46f4-9229-253009a5c9e3%22,%22Time%22:%2220220811T150611.215998%22}&rtu=https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=[%tp_UserID%] HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=03f9498f-f646-46f4-9229-253009a5c9e3
Request Chain 224
  • https://cm.g.doubleclick.net/pixel?google_nid=a9&google_cm&ex=doubleclick.net HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEAQGbkJJCF-MNkAnj6CN090&google_cver=1
Request Chain 226
  • https://sb.scorecardresearch.com/p?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25 HTTP 302
  • https://sb.scorecardresearch.com/p2?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=96cef1e4162849107999b9e22dc81559
Request Chain 228
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184155&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex%26id%3D__UID__ HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=index&id=K6ct0nYcnyMSA1MCR5EUkzc4dBM4ZgIC
Request Chain 229
  • https://uipglob.semasio.net/amazon/1/get?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D HTTP 302
  • https://uipglob.semasio.net/amazon/1/get2?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=semasio&id=7BFF9EC88BF577A4
Request Chain 230
  • https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=7703064413273786036&ex=appnexus.com
Request Chain 232
  • https://token.rubiconproject.com/token?pid=2179&pt=n HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=mz8qOXUhMf7VGTpOtINOmg&ex=rubiconproject.com&status=ok
Request Chain 233
  • https://cm.g.doubleclick.net/pixel?google_nid=a9&google_hm=smoQdmHfTayp0fVDbTJ6Pg& HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=googleHMT
Request Chain 235
  • https://lciapi.ninthdecimal.com/v1/lci/sync/adv-amzn/c-23445/?rdr=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3F%26ex%3Dninthdecimal.com%26id%3D%24%7BND_UID%7D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=2D1EC868E31AF5624469CB4802278A39
Request Chain 236
  • https://pi.ispot.tv/v2/TC-3673-1.gif?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dispot.tv%26id%3D%7BISID%7D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=38aceb61934f90fe45f146875d93d4f0eebe89aa561bc8c3c6dc82d204f8bcab
Request Chain 238
  • https://sync.taboola.com/sg/amazon-a9-network/1/rtb HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=d35a96c7-60b7-4ef6-827f-8d461cb80722-tuct9eea063
Request Chain 260
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?CtsSyncId=D3061AC3C595412CA09E4518F54B387A&RedC=c.clarity.ms&MXFR=249634FB301E6F9802E22506341E6160 HTTP 302
  • https://c.clarity.ms/c.gif?CtsSyncId=D3061AC3C595412CA09E4518F54B387A&MUID=065321CE8A88633207AE30338B24629B
Request Chain 262
  • https://4853738.fls.doubleclick.net/activityi;src=4853738;type=dfp;cat=donat0;ord=6302841212190;gtm=2wg880;auiddc=1491197135.1660230370;~oref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022 HTTP 302
  • https://4853738.fls.doubleclick.net/activityi;dc_pre=CNjJmI2Iv_kCFSxIHgIdt0gJrg;src=4853738;type=dfp;cat=donat0;ord=6302841212190;gtm=2wg880;auiddc=1491197135.1660230370;~oref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022
Request Chain 272
  • https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-x80napXgKNLDGq6H7jDhoqciwg07t9lW-XZR0g&google_cm&google_hm=ay14ODBuYXBYZ0tOTERHcTZIN2pEaG9xY2l3ZzA3dDlsVy1YWlIwZw HTTP 302
  • https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-x80napXgKNLDGq6H7jDhoqciwg07t9lW-XZR0g&google_gid=CAESEMnWQSzRlRHaLe9Pf-TnZ-Y&google_cver=1&google_ula=913071,0
Request Chain 273
  • https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7703064413273786036
Request Chain 274
  • https://ih.adscale.de/adscale-ih/tpui?tpid=40&tpuid=k-A78jI5XgKNLDGq6H7jDhoqciwg1zn_6Usl0HWQ&cburl=https%3A%2F%2Fcotads.adscale.de%2Fads%2Fpixel%2F1by1.png%3Fuid%3D__ADSCALE_USER_ID__ HTTP 302
  • https://ih.adscale.de/adscale-ih/tpui?tpid=40&tpuid=k-A78jI5XgKNLDGq6H7jDhoqciwg1zn_6Usl0HWQ&cburl=https%3A%2F%2Fcotads.adscale.de%2Fads%2Fpixel%2F1by1.png%3Fuid%3D__ADSCALE_USER_ID__&nut&uu=8aee105cfe6b46648d30a257f76f8189 HTTP 307
  • https://cotads.adscale.de/ads/pixel/1by1.png?uid=b7045c50fa6f50b4b2f2ea7d7ad0e7921875c9f5e49b4d3888ba2d1754e72813
Request Chain 276
  • https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-hGsPM5XgKNLDGq6H7jDhoqciwg01S7hua5zdrg HTTP 302
  • https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-hGsPM5XgKNLDGq6H7jDhoqciwg01S7hua5zdrg
Request Chain 291
  • https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=28645&dpuuid=BGxPLCpUyp0sjwlLqBqVOOMJq9qGJeZh
Request Chain 293
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8fBRfJXgKNLDGq6H7jDhoqciwg34OnWk-BPcFw HTTP 303
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8fBRfJXgKNLDGq6H7jDhoqciwg34OnWk-BPcFw&_li_chk=true&previous_uuid=b0b391aa2ed74ef6870ee291a75cc459 HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8fBRfJXgKNLDGq6H7jDhoqciwg34OnWk-BPcFw
Request Chain 294
  • https://ad.sxp.smartclip.net/sync?type=host&dsp=69&dspuuid=k-90FeCpXgKNLDGq6H7jDhoqciwg3J2_PAmAo7vQ HTTP 302
  • https://ad.sxp.smartclip.net/sync?type=host&dsp=69&dspuuid=k-90FeCpXgKNLDGq6H7jDhoqciwg3J2_PAmAo7vQ&ang_testid=1
Request Chain 303
  • https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=kD97IbO0q2KsYh9bagylN0L0Lx3j66xl
Request Chain 307
  • https://insight.adsrvr.org/tags/azud70w/dsx8icm/iframe HTTP 303
  • https://d1eoo1tco6rr5e.cloudfront.net/azud70w/dsx8icm/iframe
Request Chain 308
  • https://dpx.airpr.com/px?hostname=support.savethechildren.org&profile=405343&ga_account_id=UA-85748307-2&ga_account_type=UA&ga_c=1304497899.1660230370&om_account_type=OM&om_c=317A8D72A2CBA97E-400007F6DE73C2F2&om_fallback_c=undefined&an=true HTTP 302
  • https://secure.adnxs.com/getuid?https://dpx.airpr.com/anpx?adnxs_uid=$UID&airpr_id=4872759755 HTTP 302
  • https://dpx.airpr.com/anpx?adnxs_uid=7703064413273786036&airpr_id=4872759755
Request Chain 313
  • https://gum.criteo.com/sync?c=6&r=1&k=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40 HTTP 302
  • https://idsync.rlcdn.com/397596.gif?partner_uid=hB4Y5VRbofNpntxBGIy53L4kclyChbwH
Request Chain 316
  • https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP 302
  • https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=qsKdKRw7PLv_g1ueMviYTI49x4alr_4q
Request Chain 317
  • https://insight.adsrvr.org/tags/f35s4e0/45k2r2v/iframe HTTP 303
  • https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/45k2r2v/iframe
Request Chain 318
  • https://insight.adsrvr.org/tags/f35s4e0/qa0mevt/iframe HTTP 303
  • https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/qa0mevt/iframe
Request Chain 319
  • https://insight.adsrvr.org/tags/f35s4e0/n4od8ve/iframe HTTP 303
  • https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/n4od8ve/iframe

323 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Donation2
support.savethechildren.org/site/
Redirect Chain
  • http://e.savethechildren.org/a/hBi9BxTB8yKeXB962w$AAyoE7IT/header?d_refcode_singleseg=New_Leads
  • https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
113 KB
24 KB
Document
General
Full URL
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
7343a2169d96128b9211d01c726c358e0df0206f4cdfa9bff367ff1f7ed3bcdd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com; report-uri https://support.savethechildren.org/site/XFrameViolation
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Encoding
gzip
Content-Security-Policy
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com; report-uri https://support.savethechildren.org/site/XFrameViolation
Content-Type
text/html;charset=ISO-8859-1
Date
Thu, 11 Aug 2022 15:06:07 GMT
Keep-Alive
timeout=15, max=345
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff

Redirect headers

Cache-Control
no-cache="set-cookie", private, no-cache
Connection
close
Content-Length
382
Content-Type
text/html; charset=iso-8859-1
Date
Thu, 11 Aug 2022 15:06:07 GMT
Expires
Sun, 06 Nov 1994 08:49:37 GMT
Location
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
P3P
policyref="/w3c/p3p.xml",CP="NON DSP COR CURo ADMo DEVo TAIo IVAo IVDo OUR DELo IND UNI NAV"
Server
Apache
yui-min.js
support.savethechildren.org/yui3/yui/
15 KB
7 KB
Script
General
Full URL
https://support.savethechildren.org/yui3/yui/yui-min.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
db4bb1e314a04c52d8ad52c3a66ce793a012910e88d90295767ec52d75a4d72f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 May 2010 16:44:29 GMT
Server
Apache
ETag
"3baa-487aa3880d540"
ntCoent-Length
15274
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=463
Content-Length
6402
modules.js
support.savethechildren.org/js/convio/
15 KB
3 KB
Script
General
Full URL
https://support.savethechildren.org/js/convio/modules.js?version=2.9.1
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
aa432c05daee8749817b34c7d407845c3132dbb52fe62bb15f8d745cdb869134

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Wed, 24 Feb 2021 06:52:36 GMT
Server
Apache
ETag
"3bb8-5bc0f7aebec8b"
ntCoent-Length
15288
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=306
Content-Length
2729
utils.js
support.savethechildren.org/js/
32 KB
10 KB
Script
General
Full URL
https://support.savethechildren.org/js/utils.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
56fb1bf075613aa1e61d6cf81fe7ae08d45fe7a16689d118bfa06e17600ac4cc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Thu, 10 Nov 2016 07:01:46 GMT
Server
Apache
ETag
"7f46-540ecf2687f1e"
ntCoent-Length
32582
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=372
Content-Length
9855
obs_comp_rollup.js
support.savethechildren.org/js/
10 KB
3 KB
Script
General
Full URL
https://support.savethechildren.org/js/obs_comp_rollup.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
957f312f39ed8ba93485141af5af501f1d2b7b372433d8ac77b0923a5c584204

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Feb 2012 18:21:34 GMT
Server
Apache
ETag
"2936-4b863d94fc780"
ntCoent-Length
10550
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=74
Content-Length
2548
default.css
support.savethechildren.org/css/themes/
4 KB
2 KB
Stylesheet
General
Full URL
https://support.savethechildren.org/css/themes/default.css
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
135ae3e7f5e9b6c501a48f208ab55f701c066f5543fc4d7d64ef766cc722fae9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Wed, 24 Jul 2013 19:12:15 GMT
Server
Apache
ETag
"11df-4e246affca1c0"
ntCoent-Length
4575
Content-Type
text/css
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=432
Content-Length
1256
alphacube.css
support.savethechildren.org/css/themes/
3 KB
1 KB
Stylesheet
General
Full URL
https://support.savethechildren.org/css/themes/alphacube.css
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
dddb90184d87f59b1a025fa9b460ef0b25fbaa3ea192a83d31535dbb20ec10ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Cteonnt-Length
2648
Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Wed, 02 Dec 2009 21:55:41 GMT
Server
Apache
ETag
"a58-479c5ef879140"
Content-Type
text/css
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=323
Content-Length
748
UserGlobalStyle.css
support.savethechildren.org/css/
23 KB
7 KB
Stylesheet
General
Full URL
https://support.savethechildren.org/css/UserGlobalStyle.css
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
86d95dcf819cd9f7ae82162e2c393d939f12fafaba93129517a5e8f42e62fba8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Thu, 21 Mar 2019 17:07:00 GMT
Server
Apache
ETag
"5dce-5849dc4339500"
ntCoent-Length
24014
Content-Type
text/css
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=388
Content-Length
6878
ResponsiveBase.css
support.savethechildren.org/css/responsive/
8 KB
4 KB
Stylesheet
General
Full URL
https://support.savethechildren.org/css/responsive/ResponsiveBase.css
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
e1273a5e5ca6d6af7d88f9b231577008ca093f7950b46b601e1a2a9d203ea759

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Mon, 09 May 2016 22:09:59 GMT
Server
Apache
ETag
"1e21-5327011c9e67e"
ntCoent-Length
7713
Content-Type
text/css
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=458
Content-Length
3270
DonFormResponsive.css
support.savethechildren.org/css/responsive/
5 KB
2 KB
Stylesheet
General
Full URL
https://support.savethechildren.org/css/responsive/DonFormResponsive.css
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
7fad060874c6d715e53ae10e92ebca22aebe769bc8efcf8454c9f9802be8de78

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Mon, 09 May 2016 22:10:00 GMT
Server
Apache
ETag
"13f6-5327011d94446"
ntCoent-Length
5110
Content-Type
text/css
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=458
Content-Length
1519
FormComponentsBehavior.css
support.savethechildren.org/css/
5 KB
2 KB
Stylesheet
General
Full URL
https://support.savethechildren.org/css/FormComponentsBehavior.css
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
b2d71a40f6794578a24e2c5c049734e609b43044b97adf3d8701780c26c9f083

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Mon, 09 May 2016 22:10:26 GMT
Server
Apache
ETag
"12be-5327013611e84"
ntCoent-Length
4798
Content-Type
text/css
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=396
Content-Length
1564
FormComponentsBehavior.js
support.savethechildren.org/js/
14 KB
4 KB
Script
General
Full URL
https://support.savethechildren.org/js/FormComponentsBehavior.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
4edb816a596f9a4a768c41f9f21b5b2bcfb74f80f913a7f40b899c2d05ec1719

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Wed, 24 Oct 2007 07:30:01 GMT
Server
Apache
ETag
"38fd-43d3815db5040"
ntCoent-Length
14589
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=394
Content-Length
4166
don_level_elements.js
support.savethechildren.org/js/
4 KB
2 KB
Script
General
Full URL
https://support.savethechildren.org/js/don_level_elements.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
2344bf11d8936ea401e4024d5e8f2060095264d179d34ee2388c6832c603ea27

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Tue, 14 Jul 2009 19:17:27 GMT
Server
Apache
ETag
"1195-46eaf4a04bfc0"
ntCoent-Length
4501
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=346
Content-Length
1554
don_premium_elements.js
support.savethechildren.org/js/
11 KB
3 KB
Script
General
Full URL
https://support.savethechildren.org/js/don_premium_elements.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
69bffd1a8ad326cbe635c1aa4501526b180044052ff34fe3c407763bc90e0930

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 Apr 2008 22:18:29 GMT
Server
Apache
ETag
"2abd-44b04e57d7740"
ntCoent-Length
10941
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=386
Content-Length
3121
donations2.js
support.savethechildren.org/js/
6 KB
1 KB
Script
General
Full URL
https://support.savethechildren.org/js/donations2.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
9cdd1eae85ce614b8b8ae27bd5d03dc82f0fe2e9ed1f39bd48975c9e9e52993b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Feb 2012 18:21:34 GMT
Server
Apache
ETag
"163b-4b863d94fc780"
ntCoent-Length
5691
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=304
Content-Length
1118
CustomStyle.css
support.savethechildren.org/css/
0
265 B
Stylesheet
General
Full URL
https://support.savethechildren.org/css/CustomStyle.css
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Last-Modified
Thu, 10 Mar 2016 19:14:33 GMT
Server
Apache
ETag
"0-52db69fe8c594"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=375
Content-Length
0
CustomWysiwygStyle.css
support.savethechildren.org/css/
0
265 B
Stylesheet
General
Full URL
https://support.savethechildren.org/css/CustomWysiwygStyle.css
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Last-Modified
Thu, 10 Mar 2016 19:14:33 GMT
Server
Apache
ETag
"0-52db69fe3c365"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=313
Content-Length
0
stc-styles.css
dx2eq2oh924g4.cloudfront.net/css/
460 KB
98 KB
Stylesheet
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/css/stc-styles.css?cache=2022-06-28-13-10
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7032aef60799331ff77bfc15307c8a9822f73669375cba1c50783c8e8c6459f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:42 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:56 GMT
server
AmazonS3
age
89547
etag
W/"c776e851f051f03aa3b1a4b4727a125c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
9VOnlQcwojhgIkVFPZKYwqUS-zTfZ6543lmjTeqK8cwU4N56tnZc2Q==
jquery.fancybox.min.css
cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/
4 KB
2 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/fancybox/2.1.5/jquery.fancybox.min.css
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a5ed4bb4bb22800c5f3d7057a35cbdd8bb49686d8df119a8452122aa7b40b80
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:08 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1104657
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
955
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:10:00 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e58-f2d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0z%2FdM6wF4fNKM6RCHtyQMnKg8RWLbkLbZ5C0FSfNpj1k5KGjmcSdJk8gA63j2Y0QT3MW51I3vqBGOI86lpkM4m1FJ6CovxJmwB76W34WCNB2eFB8qbyGxVENS6ioYPxrKsVGikIR0AuTmdOdyreuCs9t"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
7391df983cbabbb9-FRA
expires
Tue, 01 Aug 2023 15:06:08 GMT
launch-d47d2de11878.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/
341 KB
99 KB
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d2af1b7194afb442a397879fc5f023b267adc41d9c639bd620c9d5b660526503

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:08 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:29 GMT
server
AkamaiNetStorage
etag
"e6631d0ef7c2545e5c759bec86d582f2:1658759249.955038"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
100744
expires
Thu, 11 Aug 2022 16:06:08 GMT
uc.js
consent.cookiebot.com/
100 KB
31 KB
Script
General
Full URL
https://consent.cookiebot.com/uc.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:11::b856:6785 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6804249c39aae7d80cd20c9d78213ce15c35d47b5c21821641c6182c16eed1b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:08 GMT
content-encoding
gzip
last-modified
Mon, 18 Jul 2022 09:11:56 GMT
etag
"27a0736d869ad81:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-expose-headers
Request-Context
cache-control
public, max-age=531
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
accept-ranges
bytes
content-length
31207
expires
Thu, 11 Aug 2022 15:14:59 GMT
stc-logo.svg
dx2eq2oh924g4.cloudfront.net/images/logos/
16 KB
7 KB
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/logos/stc-logo.svg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d92cb06b44cef6b07ba00f221cd8de90566b1779164e113d4f5a43bef4c64077

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:42 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:59 GMT
server
AmazonS3
age
89547
etag
W/"6c75d80a387556bec1fafca484ed608e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
uwqd5sTadsBCedWKAVQB0Mu_dc1aYuofZJFtoB8FqTk6LABEfK8tcw==
4-star-charity-navigator-234x60.jpg
dx2eq2oh924g4.cloudfront.net/images/content/pagebuilder/
7 KB
8 KB
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/content/pagebuilder/4-star-charity-navigator-234x60.jpg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
36b5697cea3adce6b7d19284a8fc074ab18f9ca01273ba853ee0f057415c9387

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 14:14:42 GMT
via
NS-CACHE-10.0: 32, 1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
last-modified
Tue, 10 Mar 2020 17:45:29 GMT
server
Apache
age
3086
etag
"1de8-5a083af7fa57b"
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
7656
x-amz-cf-id
AqtW_KTub_sVhkd2ORod6hxH3t3RFUG5ZFqku8pGsy7bYidZtE_Nhg==
charity-watch-logo.png
dx2eq2oh924g4.cloudfront.net/images/logos/
12 KB
13 KB
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/logos/charity-watch-logo.png
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
60cbe4e17fb6a2a02d3db7fa5126fb6a9adb26e054117a79d16aca4a2036610a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:43 GMT
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
last-modified
Wed, 10 Aug 2022 14:10:59 GMT
server
AmazonS3
age
89546
etag
"ed6930c5740c723587f4167c5323fae5"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
12543
x-amz-cf-id
bSTYTmIrNcNtNt6Yid2MrNJ8k7Wu_GO6UEWrDLbwS8Rm8ct1r8R0gQ==
bbb-logo.svg
dx2eq2oh924g4.cloudfront.net/images/logos/
6 KB
3 KB
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/logos/bbb-logo.svg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d6e3b5e7ca053ee43ae72808728156e5e8629de1049cf3e92794439f2bfd052f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:44 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:59 GMT
server
AmazonS3
age
89545
etag
W/"c609e558a124b00f02921f903af5251a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
sUJ82egcnWydhfelnyd0UOB3hJjhyoOqbWc9_GHRMoGWgaimmOyw-A==
paypal-logo.png
support.savethechildren.org/images/payment/
2 KB
2 KB
Image
General
Full URL
https://support.savethechildren.org/images/payment/paypal-logo.png
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
0f2dd730bc56ea9d8d0ee9c7ec142ec0e5ccb384da3fb24f94414aa7ccd9b48b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Last-Modified
Wed, 17 Aug 2016 21:28:55 GMT
Server
Apache
ETag
"8a7-53a4b27108d50"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=300
Content-Length
2215
discovercard_sm.gif
support.savethechildren.org/images/
2 KB
2 KB
Image
General
Full URL
https://support.savethechildren.org/images/discovercard_sm.gif
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
fbfc0cc592809f83bfde605255dafd78f525d1cee0f807973122895fe49e1c06

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Last-Modified
Mon, 22 Aug 2016 16:24:58 GMT
Server
Apache
ETag
"607-53aab7d37bc48"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=375
Content-Length
1543
amex_small.gif
support.savethechildren.org/images/
2 KB
2 KB
Image
General
Full URL
https://support.savethechildren.org/images/amex_small.gif
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
9449ccf781bff1869fad09bc28ea4214e40fa767895eebc6fb37cf66cb4d27bd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Mon, 22 Aug 2016 16:24:57 GMT
Server
Apache
ETag
"631-53aab7d2b75f9"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=459
Content-Length
1585
mastercd_small.gif
support.savethechildren.org/images/
2 KB
2 KB
Image
General
Full URL
https://support.savethechildren.org/images/mastercd_small.gif
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
a18e784fb3201a4ce31830f8ca4918b2de835115e7ca09f676dc93b761acb0a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Mon, 22 Aug 2016 16:24:58 GMT
Server
Apache
ETag
"624-53aab7d3fc790"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=145
Content-Length
1572
visa_small.gif
support.savethechildren.org/images/
1 KB
2 KB
Image
General
Full URL
https://support.savethechildren.org/images/visa_small.gif
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
db303c3d5b39371bb91fbc688df6e18f93a067713146f617ef27157b7ee38f74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Mon, 22 Aug 2016 16:24:57 GMT
Server
Apache
ETag
"5f7-53aab7d324d98"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=226
Content-Length
1527
apple-pay-payment-mark.png
support.savethechildren.org/wrpr/images/logos/
3 KB
3 KB
Image
General
Full URL
https://support.savethechildren.org/wrpr/images/logos/apple-pay-payment-mark.png
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
f845e4b8f5eebbe74c9b3c8cb4665d14067e530550e61ae72ebf4340296e1733

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Tue, 16 Jan 2018 16:39:19 GMT
Server
Apache
ETag
"c54-562e75f4d1690"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=247
Content-Length
3156
venmo-logo.svg
support.savethechildren.org/wrpr/images/logos/
531 B
805 B
Image
General
Full URL
https://support.savethechildren.org/wrpr/images/logos/venmo-logo.svg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
df02d55d020c8804a1ecff3c85906ce4d599185870883d064381f165911ef52f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Fri, 06 Oct 2017 01:16:54 GMT
Server
Apache
ETag
"213-55ad698a744c7"
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=367
Content-Length
531
google-pay-box-logo.png
support.savethechildren.org/wrpr/images/logos/
11 KB
11 KB
Image
General
Full URL
https://support.savethechildren.org/wrpr/images/logos/google-pay-box-logo.png
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
f462ed01cdd9b02dcbda81b4cd1ac332b715a4048d554517ef6c17d81c43ad1a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Wed, 05 Dec 2018 21:18:42 GMT
Server
Apache
ETag
"2a5c-57c4ced38079f"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=451
Content-Length
10844
apple-pay-donate.png
support.savethechildren.org/wrpr/images/logos/
4 KB
4 KB
Image
General
Full URL
https://support.savethechildren.org/wrpr/images/logos/apple-pay-donate.png
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
4cf635e0a393b85f4efd07b3a00b8c092329ffb42dcef45b0d99dca88efb7ac5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Tue, 16 Jan 2018 17:10:11 GMT
Server
Apache
ETag
"e30-562e7cdb3999b"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=307
Content-Length
3632
google-pay-logo.svg
support.savethechildren.org/wrpr/images/logos/
2 KB
2 KB
Image
General
Full URL
https://support.savethechildren.org/wrpr/images/logos/google-pay-logo.svg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
dda558a93891b2c9f4da39839ae644f25ddaed59e93807a342eea812441e46e5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Wed, 05 Dec 2018 22:13:33 GMT
Server
Apache
ETag
"66f-57c4db15f0843"
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=294
Content-Length
1647
card_visa_cvv.png
support.savethechildren.org/images/
3 KB
3 KB
Image
General
Full URL
https://support.savethechildren.org/images/card_visa_cvv.png
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
a0e2f66644877655cd362b939852cb71181baecf71fd3dc2a1df419030809a3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Fri, 23 Sep 2016 17:56:23 GMT
Server
Apache
ETag
"bc1-53d307f185651"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=325
Content-Length
3009
card_amex_cvv.png
support.savethechildren.org/images/
3 KB
4 KB
Image
General
Full URL
https://support.savethechildren.org/images/card_amex_cvv.png
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
9f1452b78e9dda47be12aca96738dea2114ade0fd9fe474ee3af364c0fcf766e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Fri, 23 Sep 2016 17:56:22 GMT
Server
Apache
ETag
"dec-53d307f081aa0"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=58
Content-Length
3564
2021-annual-report-pie-chart-footer-version.png
www.savethechildren.org/content/dam/usa/images/annual-report/2021/
12 KB
12 KB
Image
General
Full URL
https://www.savethechildren.org/content/dam/usa/images/annual-report/2021/2021-annual-report-pie-chart-footer-version.png
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-114.fra6.r.cloudfront.net
Software
Apache /
Resource Hash
98a0c74b6560ea8895c06d21857ecf1d8de31ee9d091cf94b8373a34ab68a4df
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' stc.marketing.adobe.com
Strict-Transport-Security max-age=63072000;
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-dispatcher
dispatcher1useast1
content-security-policy
frame-ancestors 'self' stc.marketing.adobe.com
content-encoding
gzip
etag
"2eff-5e5ebd9fcdf35-gzip"
age
35843
x-cache
Hit from cloudfront
vary
Accept-Encoding
content-length
11442
last-modified
Thu, 11 Aug 2022 00:00:20 GMT
server
Apache
x-frame-options
SAMEORIGIN
date
Thu, 11 Aug 2022 05:08:46 GMT
strict-transport-security
max-age=63072000;
content-type
image/png
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
cache-control
max-age=86400, no-cache="set-cookie"
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-amz-cf-id
8r1xZX917LRiwH4Vo1bDwqoRs4LD-XIR8lGCh7iqA7Jxd72Ej6EDNQ==
expires
Fri, 12 Aug 2022 05:08:46 GMT
charity-navigator-logo.png
dx2eq2oh924g4.cloudfront.net/images/logos/
26 KB
26 KB
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/logos/charity-navigator-logo.png
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ddaf05992cd382691c8644163c876c5ace24a4900478efdbe1ba7354af4f60cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:44 GMT
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
last-modified
Wed, 10 Aug 2022 14:10:59 GMT
server
AmazonS3
age
89545
etag
"a81ba267b17fa69211abc6ccfd93cb72"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
26644
x-amz-cf-id
UYHnBDES0rRU5o8G8qL_sxrUT0IDpUy_M81aIVE8RjXLODBhLz-rgQ==
facebook-initial.svg
dx2eq2oh924g4.cloudfront.net/images/icons/
892 B
1 KB
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/icons/facebook-initial.svg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
099a89edb65f4cd9501d6c1a11ef5f6b26ec28713c76a01629a42612f7c4908d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:45 GMT
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
last-modified
Wed, 10 Aug 2022 14:10:58 GMT
server
AmazonS3
age
89544
etag
"84abfea728af630e24ad9307d952dea1"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
892
x-amz-cf-id
A4Ufn7GM3BfWUjCNWf1HhTrhX0l1CZJRHWRxRh8AEmkzE0L9G7OwmA==
twitter.svg
dx2eq2oh924g4.cloudfront.net/images/icons/
1 KB
1 KB
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/icons/twitter.svg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fcb102140b7ffbe92fdb9dc9180565cc20e2f248d79fe439463c0159ef5317e0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:45 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:59 GMT
server
AmazonS3
age
89544
etag
W/"6694ce1d25e04a635544f4ebb5b6a707"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
rAye5DMbFKrLJWQZkdbvx5LBUMFoXlugo3my58pC2v1RO0lolV1ccA==
instagram.svg
dx2eq2oh924g4.cloudfront.net/images/icons/
3 KB
2 KB
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/icons/instagram.svg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
49ef92b367500b4ee119940a1b56ae67829a83f519e8af995e5d5b180f1731b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:45 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:58 GMT
server
AmazonS3
age
89543
etag
W/"e9d1fdc0855751a3a7717a44d56fcd90"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
90A8_X6iBEel24xZJKBKl3itYPtJnw4nSXvq30D4hvAGk_pr8BJFww==
pinterest.svg
dx2eq2oh924g4.cloudfront.net/images/icons/
1 KB
1 KB
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/icons/pinterest.svg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
104a57ba8de66a8ad8437e014f6984c52c5d0a3aceafa9b681496cd72b87673e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:46 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:58 GMT
server
AmazonS3
age
89543
etag
W/"7eb84c7de644f101e355ebd256e14a7c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
OvIwpjI5gnencWPa6PEN6jMOXr7elOU7CKzkE2GhTYTEg6bH1KNy3A==
youtube-tv.svg
dx2eq2oh924g4.cloudfront.net/images/icons/
3 KB
2 KB
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/icons/youtube-tv.svg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
abc78c6fbb3027dfe1f1c2973e6c9e7e145fa3acd6670b25495a864351b878ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:46 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:59 GMT
server
AmazonS3
age
89543
etag
W/"28bed9dca312364b79f7c62e2b08374b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
L5MppGURg_to8PSXtuUo5RQMkQa-ukAruC73iNqsOQwyW06EQngctQ==
snapchat.svg
dx2eq2oh924g4.cloudfront.net/images/icons/
1 KB
1 KB
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/icons/snapchat.svg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
481cc82a8339459184525d58ddc6f98e6fd4c57da6861e89b5f59440a94502c4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:46 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:58 GMT
server
AmazonS3
age
89543
etag
W/"bfc12b886350f98f48b09f6dfb8f8144"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
x728r_0UvXehtj_DPcJZxNPa03Utm5s9reRyntxcGc9F-5V7TBiiQQ==
linkedin.svg
dx2eq2oh924g4.cloudfront.net/images/icons/
636 B
988 B
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/icons/linkedin.svg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f16f5e7a39830113f7119db6ee715eec682e3c879cc0ae5aeab6d2204153a9a8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:47 GMT
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
last-modified
Wed, 10 Aug 2022 14:10:58 GMT
server
AmazonS3
age
89542
etag
"a93daa155228edfd9002b35cd6938b38"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
636
x-amz-cf-id
auOyg-Vp9uNPC1iveKBamMIR2dprQvwsKl745wlEPwHm1qSu6gxOJg==
stc-vendor.js
dx2eq2oh924g4.cloudfront.net/js/
702 KB
196 KB
Script
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/js/stc-vendor.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
89d907fba3696fe97bde7c623fb7896502d81637a422ce080e44b6bc4930de7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:42 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:59 GMT
server
AmazonS3
age
89547
etag
W/"b58c7d4503bee9b0d9d4c602c7930435"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
uL4BNPZmjiLpnSNtueiVDKtI9iKwKh0cZu9_WiIHHzyvoBxUY4RF8Q==
stc-analytics-data-layer.js
dx2eq2oh924g4.cloudfront.net/js/
37 KB
11 KB
Script
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/js/stc-analytics-data-layer.js?t=2022-02-01
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
95e67a043338e5fe448dc282f41915dfe871dd491269b6f2d892a46fc7e661b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:42 GMT
content-encoding
gzip
last-modified
Tue, 08 Mar 2022 23:15:00 GMT
server
AmazonS3
age
89547
etag
W/"0bd6613e2a77c5a43d2af1f8db6f0406"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
BAgSWf3_oYGrF36fSuYxCDup5YK2I1iO_3-pEbrre3mL_4UqbtmfFA==
stc-site-alerts.js
dx2eq2oh924g4.cloudfront.net/js/
10 KB
4 KB
Script
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/js/stc-site-alerts.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
418ac773aab2a1e1d980dc046cd8e69e6f62d733bfe767d0afb97d2eaf0e867c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:42 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:59 GMT
server
AmazonS3
age
89547
etag
W/"8f1b313048b3b53e987d17fb2191cd1d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
omK0ttP-_2lJieHl2HNNjIGWeIkdoVGQQSJbpzfFGWtJe0-g-rpi7g==
stc-scripts.js
dx2eq2oh924g4.cloudfront.net/js/
65 KB
21 KB
Script
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/js/stc-scripts.js?cache=2020-03-10
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9bbd8d262416d4032f349714958d83a410a572519e847e718a350fa89b02eea5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:42 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:59 GMT
server
AmazonS3
age
89547
etag
W/"884535489698e6d42775c3965ba85d98"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
RloMr8HiAvPYAaccqal1CNOewtZAlA053pOvCrKN3steIQDAW5M9Aw==
pay.js
pay.google.com/gp/p/js/
95 KB
31 KB
Script
General
Full URL
https://pay.google.com/gp/p/js/pay.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c03::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ae8ab2b6e48fdef457c84b2b32b1e7a980579dfc50622ee62fcc515b68752399
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-gn_1V3o37S7HfiE6LQNU9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-gn_1V3o37S7HfiE6LQNU9w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
server
ESF
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control
private, max-age=600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy
script-src 'report-sample' 'nonce-gn_1V3o37S7HfiE6LQNU9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-gn_1V3o37S7HfiE6LQNU9w' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
expires
Thu, 11 Aug 2022 15:06:09 GMT
client.min.js
js.braintreegateway.com/web/3.39.0/js/
38 KB
12 KB
Script
General
Full URL
https://js.braintreegateway.com/web/3.39.0/js/client.min.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-81.fra6.r.cloudfront.net
Software
nginx /
Resource Hash
0b49e7b48486b30c382a49fc34a7385230a87130314260f19cb1899388bca34e
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 09:51:01 GMT
content-encoding
gzip
age
18908
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 10 Aug 2022 17:16:13 GMT
server
nginx
etag
W/"62f3e7dd-997f"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
cache-control
max-age=86400
content-security-policy
style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
JEsTT1SxbpOCjEXbnIyqz2UEh70KFbKUOMOYX12z0GLqZCJBN0B3xA==
expires
Fri, 12 Aug 2022 09:51:01 GMT
apple-pay.min.js
js.braintreegateway.com/web/3.39.0/js/
15 KB
5 KB
Script
General
Full URL
https://js.braintreegateway.com/web/3.39.0/js/apple-pay.min.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-81.fra6.r.cloudfront.net
Software
nginx /
Resource Hash
a438afb23db5e904944da9621089e8314f86ae094f9a6f03b45caa66dbb120d7
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 14:58:10 GMT
content-encoding
gzip
age
479
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 10 Aug 2022 17:16:13 GMT
server
nginx
etag
W/"62f3e7dd-3d47"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
cache-control
max-age=86400
content-security-policy
style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
GQl-kzJnWDDgnfpV9KaS8UHJYSQuTmYejdiuGfs9eCMtX7fbyIjmoQ==
expires
Fri, 12 Aug 2022 14:58:10 GMT
venmo.min.js
js.braintreegateway.com/web/3.39.0/js/
20 KB
7 KB
Script
General
Full URL
https://js.braintreegateway.com/web/3.39.0/js/venmo.min.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-81.fra6.r.cloudfront.net
Software
nginx /
Resource Hash
0c8fba41f9e22f09c18be06b7269e43763908093cd19c25c0a015605935b2105
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy
style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-encoding
gzip
etag
W/"62f3e7de-511e"
age
479
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 10 Aug 2022 17:16:14 GMT
server
nginx
date
Thu, 11 Aug 2022 15:06:09 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
SLciBv2p81O9pU6VVdWHPz3VNWaNyYh0eYDW1KvL-HST-8asbOSDpg==
expires
Fri, 12 Aug 2022 14:58:09 GMT
google-payment.min.js
js.braintreegateway.com/web/3.39.0/js/
15 KB
5 KB
Script
General
Full URL
https://js.braintreegateway.com/web/3.39.0/js/google-payment.min.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-81.fra6.r.cloudfront.net
Software
nginx /
Resource Hash
b79c0b6d5fabf21da5599b0daf8ba491014004cdfe7dcb8df6ee43a26b836694
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:02:52 GMT
content-encoding
gzip
age
197
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 10 Aug 2022 17:16:14 GMT
server
nginx
etag
W/"62f3e7de-3a9d"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
cache-control
max-age=86400
content-security-policy
style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
gy8r-gJ6-GFrLry1_HJAGBZqLR-NGVHAt4P-dRKunGtusykVNSNORQ==
expires
Fri, 12 Aug 2022 15:02:52 GMT
data-collector.min.js
js.braintreegateway.com/web/3.39.0/js/
27 KB
10 KB
Script
General
Full URL
https://js.braintreegateway.com/web/3.39.0/js/data-collector.min.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-81.fra6.r.cloudfront.net
Software
nginx /
Resource Hash
5befd2a54e625956c71b77a339666c25fea1a34c017fd6e711b8bf1e3d7d4ece
Security Headers
Name Value
Content-Security-Policy style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy
style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-encoding
gzip
etag
W/"62f3e7de-6a23"
age
13916
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 10 Aug 2022 17:16:14 GMT
server
nginx
date
Thu, 11 Aug 2022 11:14:13 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
IVIrzwiy8JsZN-0-IkCqNGGtTWg9zeTQ3UPMZShAn-Bnd5FQswpb4w==
expires
Fri, 12 Aug 2022 11:14:13 GMT
stc-braintree-donation.js
dx2eq2oh924g4.cloudfront.net/js/
11 KB
4 KB
Script
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/js/stc-braintree-donation.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ad8ecf43c78f72c1a1f274d2e79cb3a0b18077113415a7d54a7bb7e4d160ba4e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:19:18 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:59 GMT
server
AmazonS3
age
89210
etag
W/"831c688ecc1508ecf80d09a9cf4ef784"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
kQI1d-MSHhJ-YRrwLc_yQrwAiKoyg6c4fhPPV70w9tuCRfCvgybZXw==
stc-donation.js
dx2eq2oh924g4.cloudfront.net/js/
62 KB
18 KB
Script
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/js/stc-donation.js?cache=2022-06-28
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f8b0f56381f3a3133f6f1a24a0a7fa86a2b755f4d43722ae5cd635bd634020b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:13:42 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 14:10:59 GMT
server
AmazonS3
age
89547
etag
W/"a21aab6405b3af63e80846dec1fdc55c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
E5DfFWDg-Z7EAmXdXwB5yBUXjTBxKpzwUfbFQk0zzDTb3hmY2aFxeg==
1.js
cdn.ywxi.net/js/
19 KB
5 KB
Script
General
Full URL
https://cdn.ywxi.net/js/1.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:800:14:6bfc:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
ee01d40bfdd77aba5652b3ff93095712b618a6a2cc2637828bd875979cfe9cb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 14:50:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
965
content-security-policy-report-only
report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
x-cache
Hit from cloudfront
content-length
4567
via
1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront)
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
5O5uaq1p_LT_ps8m17aexs9KClGt7ubMB8oWqiMrMbIcwrvTKyfGWA==
expires
Thu, 11 Aug 2022 15:50:04 GMT
bundle.min.js
browser.sentry-cdn.com/6.19.2/
63 KB
20 KB
Script
General
Full URL
https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
04a798f1de48c8e912b858a70fde58dbd12a9c1181d695709c2b27f25bb09a7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://support.savethechildren.org/
Origin
https://support.savethechildren.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:08 GMT
content-encoding
gzip
last-modified
Wed, 23 Mar 2022 19:36:25 GMT
server
Fastly
age
5547822
etag
"f28e77b8098982ba99e035d45121555f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
20331
expires
Thu, 08 Jun 2023 10:02:26 GMT
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=6B0E659F56A9E70D7F000101%40AdobeOrg&d_nsid=0&ts=1660230368767
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=6B0E659F56A9E70D7F000101%40AdobeOrg&d_nsid=0&ts=1660230368767
362 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=6B0E659F56A9E70D7F000101%40AdobeOrg&d_nsid=0&ts=1660230368767
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Server
34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-142-170.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b8ea3a3a52d7794f84b61c77e84f84c7e55d30302ef404934bfa895821123090
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v038-0972c09bf.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
+CSaMQosTaE=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://support.savethechildren.org
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
307
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-irl1-2-v038-0ca6c1a1c.edge-irl1.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://support.savethechildren.org
X-TID
MwYvNSxBQmg=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=6B0E659F56A9E70D7F000101%40AdobeOrg&d_nsid=0&ts=1660230368767
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/
33 KB
12 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:08 GMT
content-encoding
gzip
last-modified
Mon, 14 Feb 2022 16:35:31 GMT
server
AkamaiNetStorage
etag
"d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12163
expires
Thu, 11 Aug 2022 16:06:08 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/
3 KB
2 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:08 GMT
content-encoding
gzip
last-modified
Mon, 14 Feb 2022 16:35:31 GMT
server
AkamaiNetStorage
etag
"2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1597
expires
Thu, 11 Aug 2022 16:06:08 GMT
di.js
cdn.decibelinsight.net/i/13874/253647/
192 KB
75 KB
Script
General
Full URL
https://cdn.decibelinsight.net/i/13874/253647/di.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-35.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
929202b357da34f1988ff49fd76e1615f5ed381a2ecb6d4d0ae76eeef527a830
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
server
nginx
x-amz-cf-pop
FRA53-C1
etag
W/000070727-18287A7C0BB
strict-transport-security
max-age=31536000
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/javascript; charset=utf-8
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
cache-control
private, max-age=5400
access-control-allow-credentials
true
x-cache
Hit from cloudfront
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, X-HTTP-Method-Override
x-amz-cf-id
0hTm2RjG9fjHxdEcLALDDzqafEIKvrjjSNXbINbbEIpkg3IMkZ-vSw==
gtm.js
www.googletagmanager.com/
272 KB
83 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MFG5K96
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2f421b34de959edc0089598bcf6d91006c1fff2e444c98e834bffc8e964b909b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
84555
x-xss-protection
0
expires
Thu, 11 Aug 2022 15:06:09 GMT
enter.svg
dx2eq2oh924g4.cloudfront.net/images/icons/
696 B
1 KB
Image
General
Full URL
https://dx2eq2oh924g4.cloudfront.net/images/icons/enter.svg
Requested by
Host: dx2eq2oh924g4.cloudfront.net
URL: https://dx2eq2oh924g4.cloudfront.net/css/stc-styles.css?cache=2022-06-28-13-10
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:ca00:12:b144:100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
17423a3fc16f9d010a773780b8f21b45ab58580afc0118bb8bcd6a96b1cd5f8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://dx2eq2oh924g4.cloudfront.net/css/stc-styles.css?cache=2022-06-28-13-10
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 14:15:46 GMT
via
1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
last-modified
Wed, 10 Aug 2022 14:10:58 GMT
server
AmazonS3
age
89423
etag
"588e481c2fbb2c2387f62e208dd4f685"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
max-age=604801
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
696
x-amz-cf-id
2FBy9v0V0G1pLpcF89raOyu-SGHwgnWtdk2bT2ih3CiksHXRhJCC7w==
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v20/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Requested by
Host: dx2eq2oh924g4.cloudfront.net
URL: https://dx2eq2oh924g4.cloudfront.net/css/stc-styles.css?cache=2022-06-28-13-10
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dx2eq2oh924g4.cloudfront.net/
Origin
https://support.savethechildren.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 11:19:47 GMT
x-content-type-options
nosniff
age
186381
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14176
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:18:59 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 09 Aug 2023 11:19:47 GMT
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v20/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: dx2eq2oh924g4.cloudfront.net
URL: https://dx2eq2oh924g4.cloudfront.net/css/stc-styles.css?cache=2022-06-28-13-10
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dx2eq2oh924g4.cloudfront.net/
Origin
https://support.savethechildren.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 15:48:36 GMT
x-content-type-options
nosniff
age
83852
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14044
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:19:07 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 10 Aug 2023 15:48:36 GMT
TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYjMdZwl.woff2
fonts.gstatic.com/s/oswald/v40/
17 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/oswald/v40/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYjMdZwl.woff2
Requested by
Host: dx2eq2oh924g4.cloudfront.net
URL: https://dx2eq2oh924g4.cloudfront.net/css/stc-styles.css?cache=2022-06-28-13-10
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
29ebdbb570753623b8ed9a6d19f4c79fb42b2481c21cb4141eb055b7d177e79a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dx2eq2oh924g4.cloudfront.net/
Origin
https://support.savethechildren.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 14:15:07 GMT
x-content-type-options
nosniff
age
175861
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17720
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:17:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Aug 2023 14:15:07 GMT
truncated
/
187 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4bb29fc16bdac8b50ea87d923f8df87d7459e533afe6871dcc33c039787e5271

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/svg+xml
loader-min.js
support.savethechildren.org/yui3/loader/
15 KB
6 KB
Script
General
Full URL
https://support.savethechildren.org/yui3/loader/loader-min.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/yui3/yui/yui-min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
aa095c1b39b9a80b9847de7118da49affeeed83f3ef5d154759d0ee9471392a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 May 2010 16:44:29 GMT
Server
Apache
ETag
"3c99-487aa3880d540"
ntCoent-Length
15513
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=445
Content-Length
5337
DonationForm_Right_CH1356084.png
support.savethechildren.org/images/content/pagebuilder/
735 KB
735 KB
Image
General
Full URL
https://support.savethechildren.org/images/content/pagebuilder/DonationForm_Right_CH1356084.png
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
c2db1040f8bd8f01e730405e5e71407930a4f95b3823e0ef1b2fedaa033fb2bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:08 GMT
Last-Modified
Fri, 29 Jul 2022 15:12:59 GMT
Server
Apache
ETag
"b7c6e-5e4f315e69850"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=271
Content-Length
752750
S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
fonts.gstatic.com/s/lato/v20/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v20/S6u8w4BMUTPHjxsAXC-qNiXg7Q.woff2
Requested by
Host: dx2eq2oh924g4.cloudfront.net
URL: https://dx2eq2oh924g4.cloudfront.net/css/stc-styles.css?cache=2022-06-28-13-10
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dx2eq2oh924g4.cloudfront.net/
Origin
https://support.savethechildren.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 10 Aug 2022 20:59:50 GMT
x-content-type-options
nosniff
age
65178
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14864
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:19:08 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 10 Aug 2023 20:59:50 GMT
bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame 3752
627 B
692 B
Document
General
Full URL
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:887::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=29909943
content-encoding
gzip
content-length
392
content-type
text/html
date
Thu, 11 Aug 2022 15:06:09 GMT
etag
"3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires
Sun, 23 Jul 2023 19:25:12 GMT
last-modified
Mon, 04 Apr 2022 07:23:49 GMT
server
AkamaiNetStorage
server-timing
cdn-cache; desc=HIT edge; dur=1
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
cc.js
consent.cookiebot.com/398fa4c9-90ea-4dbe-b61c-52e460fbedac/
239 KB
56 KB
Script
General
Full URL
https://consent.cookiebot.com/398fa4c9-90ea-4dbe-b61c-52e460fbedac/cc.js?renew=false&referer=support.savethechildren.org&dnt=false&init=false
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:11::b856:6785 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ccc4874859206649591607f32661c7969b0b33f17c7f5070c2bbd0de80b8db2d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
private, max-age=1
content-length
56992
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
payframe
pay.google.com/gp/p/ui/ Frame AD5B
18 KB
8 KB
Document
General
Full URL
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsupport.savethechildren.org&mid=
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c03::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
27f31fe8c2a67565fc08af8ebe6bb580242d621d1fe65eb4b5c713a39741eb68
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-L4LoQil45PVbMWt34lDphg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-L4LoQil45PVbMWt34lDphg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=3600
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-L4LoQil45PVbMWt34lDphg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-L4LoQil45PVbMWt34lDphg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-site
date
Thu, 11 Aug 2022 15:06:09 GMT
expires
Thu, 11 Aug 2022 15:06:09 GMT
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
0
/
o69911.ingest.sentry.io/api/149624/envelope/
2 B
285 B
Fetch
General
Full URL
https://o69911.ingest.sentry.io/api/149624/envelope/?sentry_key=fb2348d581ce4ac5b42a4abf41ab4208&sentry_version=7
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://support.savethechildren.org
access-control-expose-headers
x-sentry-error, retry-after, x-sentry-rate-limits
x-envoy-upstream-service-time
0
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
apple-pay-payment-mark.png
support.savethechildren.org/wrpr/images/logos/
3 KB
3 KB
XHR
General
Full URL
https://support.savethechildren.org/wrpr/images/logos/apple-pay-payment-mark.png
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
f845e4b8f5eebbe74c9b3c8cb4665d14067e530550e61ae72ebf4340296e1733

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Tue, 16 Jan 2018 16:39:19 GMT
Server
Apache
ETag
"c54-562e75f4d1690"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=343
Content-Length
3156
venmo-logo.svg
support.savethechildren.org/wrpr/images/logos/
531 B
804 B
XHR
General
Full URL
https://support.savethechildren.org/wrpr/images/logos/venmo-logo.svg
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
df02d55d020c8804a1ecff3c85906ce4d599185870883d064381f165911ef52f

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Fri, 06 Oct 2017 01:16:54 GMT
Server
Apache
ETag
"213-55ad698a744c7"
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=69
Content-Length
531
google-pay-box-logo.png
support.savethechildren.org/wrpr/images/logos/
11 KB
11 KB
XHR
General
Full URL
https://support.savethechildren.org/wrpr/images/logos/google-pay-box-logo.png
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
f462ed01cdd9b02dcbda81b4cd1ac332b715a4048d554517ef6c17d81c43ad1a

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Wed, 05 Dec 2018 21:18:42 GMT
Server
Apache
ETag
"2a5c-57c4ced38079f"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=300
Content-Length
10844
apple-pay-donate.png
support.savethechildren.org/wrpr/images/logos/
4 KB
4 KB
XHR
General
Full URL
https://support.savethechildren.org/wrpr/images/logos/apple-pay-donate.png
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
4cf635e0a393b85f4efd07b3a00b8c092329ffb42dcef45b0d99dca88efb7ac5

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Tue, 16 Jan 2018 17:10:11 GMT
Server
Apache
ETag
"e30-562e7cdb3999b"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=141
Content-Length
3632
google-pay-logo.svg
support.savethechildren.org/wrpr/images/logos/
2 KB
2 KB
XHR
General
Full URL
https://support.savethechildren.org/wrpr/images/logos/google-pay-logo.svg
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
dda558a93891b2c9f4da39839ae644f25ddaed59e93807a342eea812441e46e5

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Wed, 05 Dec 2018 22:13:33 GMT
Server
Apache
ETag
"66f-57c4db15f0843"
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=292
Content-Length
1647
gettoken.php
files.savethechildren.org/braintree/
2 KB
2 KB
Script
General
Full URL
https://files.savethechildren.org/braintree/gettoken.php?callback=jQuery224038823864639277583_1660230368854&_=1660230368855
Requested by
Host: dx2eq2oh924g4.cloudfront.net
URL: https://dx2eq2oh924g4.cloudfront.net/js/stc-vendor.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.113.174.133 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
files.savethechildren.org
Software
Apache /
Resource Hash
113c8e60568456e2a742439331aed8ff7b72ca723c715c0abf3d7e240f508f50

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
server
Apache
vary
Accept-Encoding,User-Agent
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
content-length
1367
expires
Thu, 19 Nov 1981 08:52:00 GMT
PixelServer
support.savethechildren.org/site/
43 B
243 B
Image
General
Full URL
https://support.savethechildren.org/site/PixelServer?t=undefined
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Cache-Control
no-store
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=15, max=301
Content-Length
43
Content-Type
image/gif
question-circle.svg
support.savethechildren.org/wrpr/images/icons/
2 KB
2 KB
Image
General
Full URL
https://support.savethechildren.org/wrpr/images/icons/question-circle.svg
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
bb365468028d285187c7eebd9d9f5f55d2f27b0f3512c21601decb7d47e9cf31

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:09 GMT
Last-Modified
Tue, 02 Nov 2021 02:27:04 GMT
Server
Apache
ETag
"7f9-5cfc50777202f"
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=325
Content-Length
2041
dest5.html
stc.demdex.net/ Frame ED48
7 KB
3 KB
Document
General
Full URL
https://stc.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.130.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-130-246.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
2791
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-2-v038-06d3c4e35.edge-irl1.demdex.com 0 ms
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
Lm1Bjh4ZQ+o=
content-encoding
gzip
date
Thu, 11 Aug 2022 15:06:09 GMT
last-modified
Wed, 3 Aug 2022 12:12:41 GMT
vary
accept-encoding
id
smetrics.savethechildren.org/
48 B
522 B
XHR
General
Full URL
https://smetrics.savethechildren.org/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=6B0E659F56A9E70D7F000101%40AdobeOrg&mid=88965362408181213204437695979917975845&ts=1660230369248
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
fa10b8c3ffcd3dc4e13a8b81cac989ebd60a5d507cc99d66d7a5481578e87f22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-69c8d8cc76-ncb7n
vary
Origin
x-c
main-1661.I2f39db.M0-585
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://support.savethechildren.org
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=YvUa4QAAAITHaQNe
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=89340451392778590324404272840646099861
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YvUa4QAAAITHaQNe
42 B
942 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YvUa4QAAAITHaQNe
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Server
34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-142-170.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v038-0ee6e918f.edge-irl1.demdex.com 3 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
KAIDy8poSNI=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YvUa4QAAAITHaQNe
Date
Thu, 11 Aug 2022 15:06:09 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
delivery
savethechildrenfeder.tt.omtrdc.net/rest/v1/
363 B
733 B
XHR
General
Full URL
https://savethechildrenfeder.tt.omtrdc.net/rest/v1/delivery?client=savethechildrenfeder&sessionId=b7d4fb6077554f1ea47452f0d8cbedb3&version=2.9.0
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.229.84.199 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-84-199.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
878495aa2069675d330a30d1a37a692033b17e613dedbbfa3c8f16c41457b045

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://support.savethechildren.org
access-control-allow-credentials
true
timing-allow-origin
*
x-request-id
fdcb9305f4a26d074f230794e5c2dfa3
client.json
s3-us-west-2.amazonaws.com/mfesecure-public/host/support.savethechildren.org/
213 B
998 B
XHR
General
Full URL
https://s3-us-west-2.amazonaws.com/mfesecure-public/host/support.savethechildren.org/client.json?source=jsmain
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.153.72 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
6e8aecb1541f98de24d74e394b54c1ec5c1dd34d1fd27d722796075e7f348b6c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:10 GMT
Content-Encoding
gzip
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id
8MEJZ9V7P0KT6BE0
x-amz-replication-status
COMPLETED
Content-Length
175
x-amz-id-2
rjx0+tVwecEjgpv2tcm38rk4ZYn6jDSglkn1B66rTqWmm/VlRu6OtzR2lKY+WkZON/N14nu3+Wg=
Last-Modified
Tue, 09 Aug 2022 10:27:18 GMT
Server
AmazonS3
ETag
"271eae255f7eb3b184092c873093d5b9"
Access-Control-Max-Age
60
Access-Control-Allow-Methods
GET, HEAD
x-amz-version-id
8KUEt41I3A8aRxOQjT0MnUDRUE0JVceR
Access-Control-Allow-Origin
https://support.savethechildren.org
Access-Control-Expose-Headers
Access-Control-Allow-Origin
Cache-Control
public, max-age=60
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Content-Type
application/json
client.json
s3-us-west-2.amazonaws.com/mfesecure-public/host/support.savethechildren.org/
213 B
998 B
XHR
General
Full URL
https://s3-us-west-2.amazonaws.com/mfesecure-public/host/support.savethechildren.org/client.json?source=jsinline
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.153.72 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
6e8aecb1541f98de24d74e394b54c1ec5c1dd34d1fd27d722796075e7f348b6c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:11 GMT
Content-Encoding
gzip
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id
PB2F8JSCWJDXHC7Y
x-amz-replication-status
COMPLETED
Content-Length
175
x-amz-id-2
kh8LSkcScd+1//zE0Fnic/yTDQfEZ9HyTgtolAgyM7bNXlhD6WDWNq5h8vWXWLs2nQDhCVmmAgQ=
Last-Modified
Tue, 09 Aug 2022 10:27:18 GMT
Server
AmazonS3
ETag
"271eae255f7eb3b184092c873093d5b9"
Access-Control-Max-Age
60
Access-Control-Allow-Methods
GET, HEAD
x-amz-version-id
8KUEt41I3A8aRxOQjT0MnUDRUE0JVceR
Access-Control-Allow-Origin
https://support.savethechildren.org
Access-Control-Expose-Headers
Access-Control-Allow-Origin
Cache-Control
public, max-age=60
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Content-Type
application/json
api.min.js
a.opmnstr.com/app/js/
197 KB
55 KB
Script
General
Full URL
https://a.opmnstr.com/app/js/api.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFG5K96
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e01::883:1 , Slovenia, ASN200325 (BUNNYCDN, DE),
Reverse DNS
Software
BunnyCDN-AMS-883 /
Resource Hash
dd928658aba1ce75dd8369af1856bf92fac56e177ef1fe010229141bb6f8ec8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
br
cdn-edgestorageid
883
perma-cache
HIT
cdn-storageserver
DE-197
cdn-cachedat
08/10/2022 18:36:34
cdn-pullzone
293267
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode
200
server
BunnyCDN-AMS-883
access-control-allow-origin
*
last-modified
Wed, 10 Aug 2022 18:34:13 GMT
cdn-proxyver
1.02
cdn-fileserver
358
etag
W/"62f3fa25-31411"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid
887d7b64ae52ba668e0b899c879eceb3
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
truncated
/
973 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
feeff1b73fc856bbaa909aecd74cd3918a41d2f0642b773831da45ad969317e9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/png
cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame AD5B
2 KB
2 KB
Other
General
Full URL
https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c03::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsupport.savethechildren.org&mid=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
referrer-policy
no-referrer
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1608
content-type
text/html; charset=UTF-8
m=_b,_tp,_r
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfri... Frame AD5B
153 KB
54 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsupport.savethechildren.org&mid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e65367c921bdd2bc9fec73a0837f771710baace85a96e2c91c569be67339da1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 16:31:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
167701
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54888
x-xss-protection
0
last-modified
Tue, 09 Aug 2022 05:40:29 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 09 Aug 2023 16:31:08 GMT
id
dpm.demdex.net/
362 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=6B0E659F56A9E70D7F000101%40AdobeOrg&d_nsid=0&d_mid=88965362408181213204437695979917975845&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=userid%0188965362408181213204437695979917975845&ts=1660230369460
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-142-170.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8149e7a499495934e89cc424abf6d428a3531ec3cccf270c4e42a0a615d6fe69
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-2-v038-043538ae8.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Error
300
X-TID
YDB8VzVIQ+4=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://support.savethechildren.org
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
307
Expires
Thu, 01 Jan 1970 00:00:00 UTC
RCf79fc1038c2a4b72bdfd02defa7e8cbc-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
3 KB
1 KB
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RCf79fc1038c2a4b72bdfd02defa7e8cbc-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
21b2d1f982899583a1cf29dad48ce276cbe44838051e4bb373a6813d15fde88d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
1078
expires
Thu, 11 Aug 2022 16:06:09 GMT
RCa0df4cd8b88d4571ba669bc769fb3c9c-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
3 KB
1 KB
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RCa0df4cd8b88d4571ba669bc769fb3c9c-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
c435781231782d13145522b494623de0b6b8037ccfcc5f6f605b85ace8223f15

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
1195
expires
Thu, 11 Aug 2022 16:06:09 GMT
RC890fe151cf724ae6ab6953052f02d8be-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
2 KB
1 KB
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RC890fe151cf724ae6ab6953052f02d8be-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9a6db81127dceb32c40c1d5a1a328bef9e126a6bbe573a0ced1648ab6cdc578c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
837
expires
Thu, 11 Aug 2022 16:06:09 GMT
RCb36da39812024952b27cbb37fe487ff2-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
3 KB
2 KB
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RCb36da39812024952b27cbb37fe487ff2-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
896312e222613bf6e4f12824e6d088838a10fa107a8124f38f419dcdf7a44e3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
1464
expires
Thu, 11 Aug 2022 16:06:09 GMT
RC85e990005f5d4576a8167cf1a1a6c1b4-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
2 KB
981 B
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RC85e990005f5d4576a8167cf1a1a6c1b4-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
91ccf2606796c7906790d2db7fac7984a84882a6d05c8ef0b6914aa5e8391cf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
710
expires
Thu, 11 Aug 2022 16:06:09 GMT
RCfc1bafc7dd23416bbee79cc22c704e2f-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
1 KB
904 B
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RCfc1bafc7dd23416bbee79cc22c704e2f-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
529e2c135c9479f5ccddc5e644f4d6f1b1a693b02c5945b71aa62d25576858a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
632
expires
Thu, 11 Aug 2022 16:06:09 GMT
RCfe755607805f45a9963b2842bf07d903-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
781 B
718 B
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RCfe755607805f45a9963b2842bf07d903-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
e12aaa2a4b986fa17c07ce4c0cd32b980694871255337c90e1738aa29e9095fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
446
expires
Thu, 11 Aug 2022 16:06:09 GMT
activityi;dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0
10657097.fls.doubleclick.net/ Frame 0F5D
Redirect Chain
  • https://10657097.fls.doubleclick.net/activityi;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0?
  • https://10657097.fls.doubleclick.net/activityi;dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0?
450 B
374 B
Document
General
Full URL
https://10657097.fls.doubleclick.net/activityi;dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0?
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f6.1e100.net
Software
cafe /
Resource Hash
802c1b8902e934d8324bdf420bab13d447629967179ae6b5425401a72fcd7a89
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
349
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 11 Aug 2022 15:06:09 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 11 Aug 2022 15:06:09 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10657097.fls.doubleclick.net/activityi;dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
RC29e9ca088d454b16a61689b7b7827234-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
2 KB
1 KB
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RC29e9ca088d454b16a61689b7b7827234-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
93237d914c1b6b30af773ec1a9abb50d3d13da2c963c40a7d808ac184e2a0df8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
781
expires
Thu, 11 Aug 2022 16:06:09 GMT
RC543a5c6ce5a74ab5951bb5d2f65f9cdf-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
947 B
787 B
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RC543a5c6ce5a74ab5951bb5d2f65f9cdf-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
5f6b21d3884b4496c158b1defe06fb0ccc4b637890a2bb47089b7dc01213a32c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
515
expires
Thu, 11 Aug 2022 16:06:09 GMT
RC70221449d05c4c009c1482b20cbbc153-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
2 KB
1 KB
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RC70221449d05c4c009c1482b20cbbc153-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
fd1c1a2397b23ce32007294e78aeac9d9299c5fb39596bf6b0b5a2077c318e14

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
812
expires
Thu, 11 Aug 2022 16:06:09 GMT
RCeacb79e41c2e4edbaefa7f3947ba2208-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
1 KB
872 B
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RCeacb79e41c2e4edbaefa7f3947ba2208-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
546c75b744febdb538ada85219ae6764193b442ce1bbaa4a3594182e85f7911c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
601
expires
Thu, 11 Aug 2022 16:06:09 GMT
RCe1e1b434f35b4ae6b2e3062f395d32e0-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
2 KB
1 KB
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RCe1e1b434f35b4ae6b2e3062f395d32e0-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
4cc71a038b77c6edee0568cc4d0d99e867b5fb334b34784a4df3add33756043d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
1020
expires
Thu, 11 Aug 2022 16:06:09 GMT
RC6f334b10b26f458fb9594f438b46577a-source.min.js
assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/
2 KB
1 KB
Script
General
Full URL
https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/3e5bac3e378b/RC6f334b10b26f458fb9594f438b46577a-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
ac5715344c53f972acf9f9786a383da5fd78b0a8f12e695522d399716203eab2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Mon, 25 Jul 2022 14:27:31 GMT
server
AkamaiNetStorage
etag
"792e99dba62b4eb519e76a9fe417022c:1658759251.1192"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://support.savethechildren.org
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
1059
expires
Thu, 11 Aug 2022 16:06:09 GMT
activityi;dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0
10657097.fls.doubleclick.net/ Frame 07B7
Redirect Chain
  • https://10657097.fls.doubleclick.net/activityi;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0?
  • https://10657097.fls.doubleclick.net/activityi;dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0?
449 B
373 B
Document
General
Full URL
https://10657097.fls.doubleclick.net/activityi;dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0?
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f6.1e100.net
Software
cafe /
Resource Hash
3f6a04ee0c324cc70b73d2d6f9d2aadd3975d1a09cd9fabe392361194d5c1313
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
348
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 11 Aug 2022 15:06:09 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 11 Aug 2022 15:06:09 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://10657097.fls.doubleclick.net/activityi;dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
fbevents.js
connect.facebook.net/en_US/
100 KB
27 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e75555ca161f289d4830a84a1856b37a9cb0077f78af600fb47c67c135baa8fd
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26506
x-xss-protection
0
pragma
public
x-fb-debug
vdK7UriybdcNHtG3zHV6Bkb8tkYYHHbsEbCpBe7S6KzlQXQIyB6VfcLG18Ydq+Sgvqg+jkyhIMlVItcAU4Gq2Q==
x-fb-trip-id
917726464
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 11 Aug 2022 15:06:09 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
ld.js
static.criteo.net/js/ld/
42 KB
14 KB
Script
General
Full URL
https://static.criteo.net/js/ld/ld.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
0e937847c7e07ed15db23b99d02385f8a76a534837159ec603319dab64a5a9ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
last-modified
Wed, 29 Jun 2022 07:49:23 GMT
server
nginx
etag
W/"62bc0403-a792"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 12 Aug 2022 15:06:09 GMT
savethechildren.js
d1n00d49gkbray.cloudfront.net/js/
73 KB
25 KB
Script
General
Full URL
https://d1n00d49gkbray.cloudfront.net/js/savethechildren.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6400:9:7c30:be80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dd674f0b8199125dfd7034a04f0ce6c54340f94ed822090b118e15a93dfb9986

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Thu, 11 Aug 2022 06:41:19 GMT
content-encoding
gzip
last-modified
Wed, 29 Jun 2022 15:02:27 GMT
server
AmazonS3
age
30291
etag
W/"86e44efde64d32462e156f24206aa5b2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
RGH6edrCYNdTDp1Jr7x.Fr0QILIUPOje
via
1.1 08bbe291f260c2b80a00874a80ade07c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
gUDKlP_aj0brqiHvtdHLn7hTYaNj5lkAHkecavRwWhQ8FAJIUWLUwQ==
iu3
s.amazon-adsystem.com/ Frame BFD3
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D7b5e267f-6cf6-c436-4330-cc79e3ea1453%26type%3D4%26m%3D1&ex-fch=416613&ex-src=https://www.savethechildren.org/&ex-hargs=v%3D1.0%3Bc%3D253...
  • https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D7b5e267f-6cf6-c436-4330-cc79e3ea1453%26type%3D4%26m%3D1&ex-fch=416613&ex-src=https://www.savethechildren.org/&ex-hargs=v%3D1.0%3Bc%3D253...
1008 B
2 KB
Document
General
Full URL
https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D7b5e267f-6cf6-c436-4330-cc79e3ea1453%26type%3D4%26m%3D1&ex-fch=416613&ex-src=https://www.savethechildren.org/&ex-hargs=v%3D1.0%3Bc%3D2536428905417%3Bp%3D7B5E267F-6CF6-C436-4330-CC79E3EA1453&cb=73107274862259870&dcc=t
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
412ccaf290c8ab395d1597704c95399eb80897f6518d12e0d0604fb309249dbf
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
1008
Content-Type
text/html;charset=ISO-8859-1
Date
Thu, 11 Aug 2022 15:06:10 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Permissions-Policy
interest-cohort=()
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
WS5FWRQQMXPM86DGHD9F

Redirect headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Date
Thu, 11 Aug 2022 15:06:09 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D7b5e267f-6cf6-c436-4330-cc79e3ea1453%26type%3D4%26m%3D1&ex-fch=416613&ex-src=https://www.savethechildren.org/&ex-hargs=v%3D1.0%3Bc%3D2536428905417%3Bp%3D7B5E267F-6CF6-C436-4330-CC79E3EA1453&cb=73107274862259870&dcc=t
Permissions-Policy
interest-cohort=()
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
Z4H7NT7FCAN6APTDSNNY
everflow.js
www.dgtrx.com/scripts/sdk/
58 KB
18 KB
Script
General
Full URL
https://www.dgtrx.com/scripts/sdk/everflow.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.238 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
238.72.98.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
5b9c72f61918d403ff3b4847600ecf00a4d01eef3f0e0f85ccf357920514e533

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
via
1.1 google
server
nginx
vary
Origin
content-type
text/javascript
content-encoding
gzip
cache-control
max-age=14400
x-eflow-request-id
2ac2a7fa-ce07-48c5-ab06-0328f76c3869
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pixel.js
a.tribalfusion.com/pixel/tags/Save%20the%20Children/791263/
8 KB
2 KB
Script
General
Full URL
https://a.tribalfusion.com/pixel/tags/Save%20the%20Children/791263/pixel.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:98f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b986d774c858e94ecb4cd87d7a43e08cbdde1b0896e047f52c0ad07ffa6be4ac

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
p3p
CP="NOI DEVo TAIa OUR BUS"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2002
x-function
151
last-modified
Fri, 13 Aug 2021 06:35:37 GMT
server
cloudflare
x-reuse-index
376
etag
14094569274683928320
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=3600, private
cf-ray
7391dfa20cc99c0c-FRA
expires
Thu, 11 Aug 2022 16:06:09 GMT
visitor.js
app.leadsrx.com/
18 KB
19 KB
Script
General
Full URL
https://app.leadsrx.com/visitor.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.200.137.219 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-200-137-219.us-west-2.compute.amazonaws.com
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 /
Resource Hash
6b5116bd2cb4809c6634b99a9b1ea0a0aeda596a94817682a0e4811e35eccc58

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
last-modified
Thu, 11 Aug 2022 12:41:10 GMT
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
accept-ranges
bytes
etag
"492f-5e5f67ae6b7bd"
content-length
18735
content-type
application/javascript
container.js
tags.wdsvc.net/
Redirect Chain
  • https://tags.wdsvc.net/controller.js?id=100229
  • https://tags.wdsvc.net/container.js?id=100229&v=4.00&t=1660230369934
27 KB
27 KB
Script
General
Full URL
https://tags.wdsvc.net/container.js?id=100229&v=4.00&t=1660230369934
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Server
52.5.60.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-5-60-62.compute-1.amazonaws.com
Software
/
Resource Hash
7fd9fe85828dfef147010b71ba41bc88afcfe007cb108560dd3d426853b77202

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:10 GMT
Content-Type
text/javascript
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Keep-Alive
timeout=5
Content-length
27242
Expires
Mon, 3 Jan 2005 13:00:00 GMT

Redirect headers

location
https://tags.wdsvc.net/container.js?id=100229&v=4.00&t=1660230369934
Date
Thu, 11 Aug 2022 15:06:09 GMT
Cache-Control
private, no-cache
Connection
keep-alive
Keep-Alive
timeout=5
Transfer-Encoding
chunked
up_loader.1.1.0.js
js.adsrvr.org/
4 KB
2 KB
Script
General
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
65.9.65.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-65-116.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 07:27:02 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Sep 2020 15:15:34 GMT
Server
AmazonS3
Age
27548
ETag
W/"98d98b3499058b76d58073cf8ede2f10"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/x-javascript
Via
1.1 2a3a093b493a82493f3431437cb166ac.cloudfront.net (CloudFront)
Connection
keep-alive
Transfer-Encoding
chunked
X-Amz-Cf-Pop
FRA56-C1
X-Amz-Cf-Id
ykj43KVuRBCNG48UTlBeyX9oEhPOOCZ4jmUApyRF-fi3uqGqs61Y-A==
spx
dx.mountain.com/
13 KB
4 KB
Script
General
Full URL
https://dx.mountain.com/spx?dxver=4.0.0&shaid=32293&tdr=&plh=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&cb=114786890054352&term=value
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.238.33.223 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-238-33-223.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ae2b7a9f9989857015454a6453010bdb7e81cfedf4324136ce85417720ccd5bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
connection
close
content-type
application/javascript;charset=utf-8
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
expires
Thu, 01 Jan 1970 00:00:00 GMT
js
www.googletagmanager.com/gtag/
105 KB
41 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-11620455
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1662126a3a9761c6183106d3bfa6e13c4f1a83c18b3e537985c1635c53be1662
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41656
x-xss-protection
0
expires
Thu, 11 Aug 2022 15:06:09 GMT
TC-4134-1.gif
pt.ispot.tv/v2/
43 B
312 B
Image
General
Full URL
https://pt.ispot.tv/v2/TC-4134-1.gif?app=web&type=visit
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0227e0e4dea130eb6f3163aa3ab03720dce83a0e219c282189b03bc5b8a727e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:09 GMT
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-type
image/gif
content-length
43
expires
0
bat.js
bat.bing.com/
38 KB
12 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a9de570d9caa/b01a1f4bb0c4/launch-d47d2de11878.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
12dd3e968ced8f01649560da4cf975edff617d25ba4585dda428377529220da0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
last-modified
Thu, 28 Jul 2022 17:32:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 2C4DF895115549199F6C0BC701F930E2 Ref B: FRA31EDGE0718 Ref C: 2022-08-11T15:06:09Z
etag
"80a8697a8a2d81:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
date
Thu, 11 Aug 2022 15:06:09 GMT
accept-ranges
bytes
content-length
11367
js
www.googletagmanager.com/gtag/
106 KB
41 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-85748307-2&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFG5K96
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a6ff1d594bec9962bf6d93f81fa81a82b3b6ff7f49dce448d05e3ce8af924485
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41889
x-xss-protection
0
expires
Thu, 11 Aug 2022 15:06:09 GMT
js
www.googletagmanager.com/gtag/
174 KB
62 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-1069852215&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFG5K96
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
574cff1c54a45a0ec194c6f3124a37cdf61349139540125c352b206ab57bfb46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63698
x-xss-protection
0
expires
Thu, 11 Aug 2022 15:06:09 GMT
js
www.googletagmanager.com/gtag/
105 KB
41 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-11620455&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFG5K96
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c60cf2c424f44ed06875abc9837c96c17765accfaa03ea9eca885f828ec1d8c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41661
x-xss-protection
0
expires
Thu, 11 Aug 2022 15:06:09 GMT
api.min.css
a.omappapi.com/app/js/
18 KB
3 KB
Stylesheet
General
Full URL
https://a.omappapi.com/app/js/api.min.css
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e01::883:1 , Slovenia, ASN200325 (BUNNYCDN, DE),
Reverse DNS
Software
BunnyCDN-AMS-883 /
Resource Hash
4b99a75a42582fd22e780855dfb50880df624ce43988616f4b19dc7ba90f1250

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
br
cdn-edgestorageid
879
perma-cache
HIT
cdn-storageserver
DE-199
cdn-cachedat
08/10/2022 18:36:34
cdn-pullzone
293267
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode
200
server
BunnyCDN-AMS-883
access-control-allow-origin
*
last-modified
Wed, 10 Aug 2022 18:34:14 GMT
cdn-proxyver
1.02
cdn-fileserver
413
etag
W/"62f3fa26-464c"
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid
cf0bdf8f8e9ab73341162dbe8158d20c
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
71376
api.omappapi.com/v2/embed/
8 KB
3 KB
XHR
General
Full URL
https://api.omappapi.com/v2/embed/71376?d=support.savethechildren.org
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-120.fra6.r.cloudfront.net
Software
Pagely Gateway/1.5.1 /
Resource Hash
2a8d18707c60dfef2fee979ba6ac8de68a40e31bedaa656f26cf148cf551705c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
x-cache-config
0 0
x-amz-cf-pop
FRA6-C1
x-cache-status
HIT
x-cache
Miss from cloudfront
access-control-allow-headers
X-CSRF-Token
x-optinmonster-account
80223
x-user-agent
standard--
last-modified
Thu, 19 Aug 2021 16:16:48 GMT
server
Pagely Gateway/1.5.1
etag
W/"603edebe0227f08d179d982c63e36159"
vary
Accept-Encoding, User-Agent
content-type
application/json
via
1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront)
access-control-expose-headers
X-OptinMonster-Account, X-User-Agent
cache-control
public, max-age=30, stale-while-revalidate=1800
access-control-allow-origin
*
x-amz-cf-id
JFTiCTtPP0WdLXB9mk33VY2ZnNGaBIqdCZ8YRR1RcGC-cq6tAZooBg==
expires
Thu, 11 Aug 2022 14:59:03 GMT
s5262599990795
smetrics.savethechildren.org/b/ss/stcf.prod.us/5.1/JS-2.22.4-LCUM/
43 B
291 B
XHR
General
Full URL
https://smetrics.savethechildren.org/b/ss/stcf.prod.us/5.1/JS-2.22.4-LCUM/s5262599990795
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
x-content-type-options
nosniff
x-c
main-1661.I2f39db.M0-585
p3p
CP="This is not a P3P policy"
vary
*
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 12 Aug 2022 15:06:09 GMT
server
jag
xserver
anedge-69c8d8cc76-zrqsk
etag
3565317570209677312-4619676760495333156
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif;charset=utf-8
access-control-allow-origin
https://support.savethechildren.org
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
expires
Wed, 10 Aug 2022 15:06:09 GMT
m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40... Frame AD5B
77 KB
28 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40dIAOFshM.L.B1.O/am=B4A/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrjTxczZTp0YlE3VT1NAJ06-MGXdrA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4568538c8bb3368c4b9fe611cc7dcec27e65452a4753becafbc3e0861f34abb1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 16:31:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
167699
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28787
x-xss-protection
0
last-modified
Sat, 30 Jul 2022 01:24:49 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 09 Aug 2023 16:31:10 GMT
logging.js
support.savethechildren.org/js/convio/
656 B
600 B
Script
General
Full URL
https://support.savethechildren.org/js/convio/logging.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/yui3/yui/yui-min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
9949830afb880a5b2473a3638a93f29952c71695d3190e35af43e8b75c989607

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Cteonnt-Length
656
Date
Thu, 11 Aug 2022 15:06:09 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Feb 2013 18:22:03 GMT
Server
Apache
ETag
"290-4d4fe4946c8c0"
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=415
Content-Length
239
s52914951360069
smetrics.savethechildren.org/b/ss/stcf.prod.us/5.1/JS-2.22.4-LCUM/
43 B
212 B
XHR
General
Full URL
https://smetrics.savethechildren.org/b/ss/stcf.prod.us/5.1/JS-2.22.4-LCUM/s52914951360069
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
x-content-type-options
nosniff
x-c
main-1661.I2f39db.M0-585
p3p
CP="This is not a P3P policy"
vary
*
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 12 Aug 2022 15:06:09 GMT
server
jag
xserver
anedge-69c8d8cc76-7z728
etag
3565317569648852992-4619618174623972165
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif;charset=utf-8
access-control-allow-origin
https://support.savethechildren.org
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
expires
Wed, 10 Aug 2022 15:06:09 GMT
s52339107209067
smetrics.savethechildren.org/b/ss/stcf.prod.us/5.1/JS-2.22.4-LCUM/
43 B
210 B
XHR
General
Full URL
https://smetrics.savethechildren.org/b/ss/stcf.prod.us/5.1/JS-2.22.4-LCUM/s52339107209067
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
x-content-type-options
nosniff
x-c
main-1661.I2f39db.M0-585
p3p
CP="This is not a P3P policy"
vary
*
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 12 Aug 2022 15:06:09 GMT
server
jag
xserver
anedge-69c8d8cc76-5qkfl
etag
3565317570866184192-4619771303038140413
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif;charset=utf-8
access-control-allow-origin
https://support.savethechildren.org
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
expires
Wed, 10 Aug 2022 15:06:09 GMT
175734969458030
connect.facebook.net/signals/config/
295 KB
84 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/175734969458030?v=2.9.73&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
63e22009e53a6fb18693088f8ac6bd2a8975cf92c534132f9132acc27f179c25
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
HJ6BsgGeqJTuZD4wWr9oQW1LdvJb+79iA5YY+f0w2AAhDGSOQDYtUtvwdTcaMyHoRih2wt4KFShpoM0zzs8R3g==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 11 Aug 2022 15:06:09 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts
1660230369768
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
syncframe
gum.criteo.com/ Frame CBCA
15 KB
6 KB
Document
General
Full URL
https://gum.criteo.com/syncframe?topUrl=support.savethechildren.org&origin=onetag&us_privacy=1---
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
507add04d1c6597d1eaca7599452be07bd58c4fca04d195808df2909d610d9e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-length
6145
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 11 Aug 2022 15:06:09 GMT
server-processing-duration-in-ticks
2198
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
analytics.js
www.google-analytics.com/ Frame AD5B
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40dIAOFshM.L.B1.O/am=B4A/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrjTxczZTp0YlE3VT1NAJ06-MGXdrA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
249
date
Thu, 11 Aug 2022 15:02:00 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 11 Aug 2022 17:02:00 GMT
pay
pay.google.com/gp/p/ui/ Frame AD5B
1 MB
352 KB
XHR
General
Full URL
https://pay.google.com/gp/p/ui/pay
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c03::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
05983ece9df42a44bd25fd5e44712cdae01545367d2aad72728b60fc9721ad90
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Oc6luHKM6Rz5Up0gqksQeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-Oc6luHKM6Rz5Up0gqksQeQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
same-site
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge
server
ESF
cross-origin-opener-policy
unsafe-none
date
Thu, 11 Aug 2022 15:06:09 GMT
x-frame-options
DENY
content-type
text/html; charset=utf-8
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control
private, max-age=3600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy
script-src 'report-sample' 'nonce-Oc6luHKM6Rz5Up0gqksQeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-Oc6luHKM6Rz5Up0gqksQeQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
expires
Thu, 11 Aug 2022 15:06:09 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-85748307-2&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
249
date
Thu, 11 Aug 2022 15:02:00 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 11 Aug 2022 17:02:00 GMT
conversion_async.js
www.googleadservices.com/pagead/
40 KB
15 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1069852215&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
b3b810fd46e7aad5b789896519011ab5366b39dbb19a5663c53525f756e89bfb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15160
x-xss-protection
0
server
cafe
etag
9823212955285023900
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 11 Aug 2022 15:06:09 GMT
json
api.omappapi.com/v3/geolocate/
548 B
955 B
XHR
General
Full URL
https://api.omappapi.com/v3/geolocate/json
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-120.fra6.r.cloudfront.net
Software
Pagely Gateway/1.5.1 /
Resource Hash
2ecfa9d465c1e7a2a3af852a7069c53749e619416525d9b9180bd3c22f30fbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
via
1.1 163be08bc1bc44818353c4fd88655bee.cloudfront.net (CloudFront)
x-cache-config
0 0
x-amz-cf-pop
FRA6-C1
x-cache-status
BYPASS
x-cache
Miss from cloudfront
content-length
548
x-user-agent
standard--
server
Pagely Gateway/1.5.1
x-ratelimit-remaining
999
content-type
application/json
access-control-allow-origin
*
x-ratelimit-reset
1660230429
x-ratelimit-limit
1000
x-pagely-debug
mainblock
x-amz-cf-id
0It7xOdEcY-vaXXGsWwoaRKjoM4ByTTDCp8Fy9DRzz5Sl_LTGJ__fg==
webfont.js
a.omappapi.com/app/js/webfont/1.5.18/
16 KB
7 KB
Script
General
Full URL
https://a.omappapi.com/app/js/webfont/1.5.18/webfont.js
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e01::883:1 , Slovenia, ASN200325 (BUNNYCDN, DE),
Reverse DNS
Software
BunnyCDN-AMS-883 /
Resource Hash
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
br
cdn-edgestorageid
879
perma-cache
HIT
cdn-storageserver
DE-197
cdn-cachedat
08/10/2022 18:32:46
cdn-pullzone
293267
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode
200
server
BunnyCDN-AMS-883
access-control-allow-origin
*
last-modified
Fri, 05 Aug 2022 15:30:54 GMT
cdn-proxyver
1.02
cdn-fileserver
419
etag
W/"62ed37ae-40cb"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid
b5fd29adc47a875e66e419d40ca4c606
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
displayAd.js
s.tribalfusion.com/
678 B
729 B
Script
General
Full URL
https://s.tribalfusion.com/displayAd.js?dver=0.8&th=7238200512
Requested by
Host: a.tribalfusion.com
URL: https://a.tribalfusion.com/pixel/tags/Save%20the%20Children/791263/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:98f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d199c786c26bd0b4aadfa14ab7abb7f4d8405c81aea1ca29e41305e636948d3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
p3p
CP="NOI DEVo TAIa OUR BUS"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
328
x-function
153
last-modified
Wed, 11 Aug 2021 04:08:51 GMT
server
cloudflare
x-reuse-index
2
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
private
cf-ray
7391dfa39f4f9c0c-FRA
expires
Wed, 09 Nov 2022 15:06:09 GMT
/
adservice.google.com/ddm/fls/i/dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/ Frame 410E
448 B
816 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/
Requested by
Host: 10657097.fls.doubleclick.net
URL: https://10657097.fls.doubleclick.net/activityi;dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
608be4813d58c1eadae67a684487cd2bd7403194f3434217c4e0c4f1303cf9e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://10657097.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
347
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 11 Aug 2022 15:06:09 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
adservice.google.com/ddm/fls/i/dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/ Frame AC32
449 B
418 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/
Requested by
Host: 10657097.fls.doubleclick.net
URL: https://10657097.fls.doubleclick.net/activityi;dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eae834eb813fa22be833b5169543005a1626e16a574d3286ec00f08066370e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://10657097.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
348
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 11 Aug 2022 15:06:09 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
graphql
payments.braintree-api.com/
2 KB
2 KB
XHR
General
Full URL
https://payments.braintree-api.com/graphql
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.156.167.229 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-167-229.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2472edd598fb876be8cf0c6ca4404a6bf419d817ab07bb9f3fefff01a7c8429a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IjIwMTgwNDI2MTYtcHJvZHVjdGlvbiIsImlzcyI6Imh0dHBzOi8vYXBpLmJyYWludHJlZWdhdGV3YXkuY29tIn0.eyJleHAiOjE2NjAzMTY3NjksImp0aSI6IjlhMTEzMWY4LTkxZWEtNDQ5Ni1hY2FmLWE4Y2ZiMWUxYTk4MyIsInN1YiI6IjR0eWI4OXpuazdqM3Q2N3QiLCJpc3MiOiJodHRwczovL2FwaS5icmFpbnRyZWVnYXRld2F5LmNvbSIsIm1lcmNoYW50Ijp7InB1YmxpY19pZCI6IjR0eWI4OXpuazdqM3Q2N3QiLCJ2ZXJpZnlfY2FyZF9ieV9kZWZhdWx0IjpmYWxzZX0sInJpZ2h0cyI6WyJtYW5hZ2VfdmF1bHQiXSwic2NvcGUiOlsiQnJhaW50cmVlOlZhdWx0Il0sIm9wdGlvbnMiOnt9fQ.OX5jf6UJFjTCySIPadppI2I4_a6CWXC0QfarFtiqtw4tgY-OsVvXs2xDu0eBRawGbDLIBTXtd5QwXfy-sAPlXQ
Braintree-Version
2018-05-10
Content-Type
application/json

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
X-Content-Type-Options
nosniff
server
nginx
X-Frame-Options
DENY
vary
Braintree-Version, Accept-Encoding
Content-Type
application/json
access-control-allow-origin
https://support.savethechildren.org
Cache-Control
no-cache, no-store
braintree-version
2016-10-07
paypal-debug-id
af01c54062914
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
Content-Length
1080
graphql
payments.braintree-api.com/ Frame
0
0
Preflight
General
Full URL
https://payments.braintree-api.com/graphql
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.156.167.229 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-167-229.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,braintree-version,content-type
Access-Control-Request-Method
POST
Origin
https://support.savethechildren.org
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
access-control-allow-headers
authorization,braintree-version,content-type
access-control-allow-methods
GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://support.savethechildren.org
access-control-max-age
1800
date
Thu, 11 Aug 2022 15:06:10 GMT
paypal-debug-id
c01f81b962b94
server
nginx
transfer-encoding
chunked
5439503.js
bat.bing.com/p/action/
1 KB
852 B
Script
General
Full URL
https://bat.bing.com/p/action/5439503.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9831a5c4f65805f968ee933a01864d965eb16c84f57f68156d122b654bfed8a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 17EFA236C73A4D60B377DDF3951944F8 Ref B: FRA31EDGE0718 Ref C: 2022-08-11T15:06:09Z
date
Thu, 11 Aug 2022 15:06:09 GMT
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private,max-age=60
content-length
666
0
bat.bing.com/action/
0
176 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=5439503&Ver=2&mid=45887168-a98d-4a45-90eb-99244d14ccb6&sid=21e8bd10198711eda4c46b5a35b03ed9&vid=21e8d740198711eda54321aaef4f6b54&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&p=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&r=&lt=2526&evt=pageLoad&sv=1&rn=232356
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: F9BBC130A761407F8FF41E2B146BF807 Ref B: FRA31EDGE0718 Ref C: 2022-08-11T15:06:09Z
date
Thu, 11 Aug 2022 15:06:09 GMT
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
sid
mug.criteo.com/ Frame CBCA
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=onetag&domain=savethechildren.org&sn=ChromeSyncframe&so=0&topUrl=support.savethechildren.org&cw=1&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=6K5E-nxlb1JsVHFqNlZCVGdPM3NkcUJ2ZkdXOGcwTm9nWGVGV0xDNElBK09qR3Z1Vmw4VGYwNmJVbDVROEliVnN0eGtrRWMvNCtZTDUyMDhlZ255aWx0THFRVHZHZVJndDAvNDBNMjJPODNZUWFoNlpQa0s1b3BZUU9yNS...
473 B
653 B
Fetch
General
Full URL
https://mug.criteo.com/sid?cpp=6K5E-nxlb1JsVHFqNlZCVGdPM3NkcUJ2ZkdXOGcwTm9nWGVGV0xDNElBK09qR3Z1Vmw4VGYwNmJVbDVROEliVnN0eGtrRWMvNCtZTDUyMDhlZ255aWx0THFRVHZHZVJndDAvNDBNMjJPODNZUWFoNlpQa0s1b3BZUU9yNS9yci9zUnhQWHFCRllvV0ZZNzZBNHhvZmJHUFBPNnJtVnNNUGxOa04rVjBpeXNMTDVKTzFxNFY1WG5sYUhTSU1PZ0g1WFZYK05uYUJqRWloR25oMXVtanFCSEZQUHFqWWtHWUVUdzNVQktpM0UrMktoR09uS1UyVklIaUZQcTA5Y0xuRmVSQytZV0FoemxmQThobkVEdm4xajMrR3puUT09fA&cppv=2
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
03fb95023db93ff6e7cab0dbb741bafd0dd7906a7ac57760b5ab5a5a67b01757
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
4650
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:09 GMT
strict-transport-security
max-age=31536000; preload;
content-type
text/html; charset=utf-8
location
https://mug.criteo.com/sid?cpp=6K5E-nxlb1JsVHFqNlZCVGdPM3NkcUJ2ZkdXOGcwTm9nWGVGV0xDNElBK09qR3Z1Vmw4VGYwNmJVbDVROEliVnN0eGtrRWMvNCtZTDUyMDhlZ255aWx0THFRVHZHZVJndDAvNDBNMjJPODNZUWFoNlpQa0s1b3BZUU9yNS9yci9zUnhQWHFCRllvV0ZZNzZBNHhvZmJHUFBPNnJtVnNNUGxOa04rVjBpeXNMTDVKTzFxNFY1WG5sYUhTSU1PZ0g1WFZYK05uYUJqRWloR25oMXVtanFCSEZQUHFqWWtHWUVUdzNVQktpM0UrMktoR09uS1UyVklIaUZQcTA5Y0xuRmVSQytZV0FoemxmQThobkVEdm4xajMrR3puUT09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1397
content-length
541
expires
0
jquery-detect-existing.js
support.savethechildren.org/jquery/
532 B
684 B
Script
General
Full URL
https://support.savethechildren.org/jquery/jquery-detect-existing.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/yui3/yui/yui-min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
adae8181e3273af1702575e59e9c29b34eedf74943cdde9758a4ccf8e39c5641

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Cteonnt-Length
532
Date
Thu, 11 Aug 2022 15:06:09 GMT
Content-Encoding
gzip
Last-Modified
Tue, 24 Jul 2012 19:53:23 GMT
Server
Apache
ETag
"214-4c598b70372c0"
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=399
Content-Length
323
/
www.facebook.com/tr/
44 B
297 B
Image
General
Full URL
https://www.facebook.com/tr/?id=175734969458030&ev=PageView&dl=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&rl=&if=false&ts=1660230369882&sw=1600&sh=1200&v=2.9.73&r=stable&ec=0&o=30&par[0]=%7B%22extractorID%22%3A%22476958242912126%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22USD%22%7D%7D%7D&par[1]=%7B%22extractorID%22%3A%222690107274549883%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22USD%22%7D%7D%7D&par[2]=%7B%22extractorID%22%3A%22512804019569006%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[3]=%7B%22extractorID%22%3A%22554416668662072%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[4]=%7B%22extractorID%22%3A%221151582051705481%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&fbp=fb.1.1660230369881.1409078326&it=1660230369652&coo=false&rqm=GET
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Thu, 11 Aug 2022 15:06:09 GMT
/
www.facebook.com/tr/
44 B
101 B
Image
General
Full URL
https://www.facebook.com/tr/?id=175734969458030&ev=ViewContent&dl=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&rl=&if=false&ts=1660230369883&cd[content_type]=product&cd[content_ids]=%5B%22donation-form-6827-one-time%22%2C%22donation-form-6827-tip-up-one-time%22%5D&sw=1600&sh=1200&v=2.9.73&r=stable&ec=1&o=30&fbp=fb.1.1660230369881.1409078326&it=1660230369652&coo=false&rqm=GET
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Thu, 11 Aug 2022 15:06:09 GMT
/
www.facebook.com/tr/
44 B
101 B
Image
General
Full URL
https://www.facebook.com/tr/?id=175734969458030&ev=ViewContent&dl=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&rl=&if=false&ts=1660230369884&cd[content_type]=product&cd[content_ids]=%5B%22donation-form-6827-one-time%22%2C%22donation-form-6827-tip-up-one-time%22%5D&sw=1600&sh=1200&v=2.9.73&r=stable&ec=2&o=30&fbp=fb.1.1660230369881.1409078326&it=1660230369652&coo=false&rqm=GET
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Thu, 11 Aug 2022 15:06:09 GMT
collect
www.google-analytics.com/j/
1 B
21 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=302639736&t=pageview&_s=1&dl=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&dp=%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&ul=en-us&de=windows-1252&dt=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=313783516&gjid=1995471084&cid=1304497899.1660230370&tid=UA-85748307-2&_gid=1679020176.1660230370&_r=1&gtm=2ou880&did=dMWZhNz&gdid=dMWZhNz&z=80147953
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://support.savethechildren.org
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=302639736&t=pageview&_s=2&dl=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&dp=%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&ul=en-us&de=windows-1252&dt=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=&gjid=&cid=1304497899.1660230370&tid=UA-85748307-2&_gid=1679020176.1660230370&gtm=2ou880&did=dMWZhNz&gdid=dMWZhNz&z=348666239
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 03:00:39 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
43531
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
m=Wt6vjf,hhhU8,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40... Frame AD5B
18 KB
7 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40dIAOFshM.L.B1.O/am=B4A/d=1/exm=Das5Le,IZT63,PrPYRd,Ru0Pgb,ZyYHPb,_b,_r,_tp,hc6Ubd,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrjTxczZTp0YlE3VT1NAJ06-MGXdrA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d7f7eebdf3bf6532a38569d70a76df396dd8751cac0aaea58c54bfe9569e19d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 16:31:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
167697
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7487
x-xss-protection
0
last-modified
Sat, 30 Jul 2022 01:24:49 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 09 Aug 2023 16:31:12 GMT
m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40... Frame AD5B
37 KB
14 KB
Script
General
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40dIAOFshM.L.B1.O/am=B4A/d=1/exm=Das5Le,FCpbqb,IZT63,PrPYRd,Ru0Pgb,WhJNk,Wt6vjf,ZyYHPb,_b,_r,_tp,hc6Ubd,hhhU8,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrjTxczZTp0YlE3VT1NAJ06-MGXdrA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1a441c7ccaa6860be3bf2316f83b10305ee23678770a673999ff05cacf651d93
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Tue, 09 Aug 2022 16:31:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
167697
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14138
x-xss-protection
0
last-modified
Sat, 30 Jul 2022 01:24:49 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Wed, 09 Aug 2023 16:31:12 GMT
log
play.google.com/ Frame AD5B
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Thu, 11 Aug 2022 15:06:10 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Thu, 11 Aug 2022 15:06:10 GMT
expires
Thu, 11 Aug 2022 15:06:10 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame AD5B
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Thu, 11 Aug 2022 15:06:10 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Thu, 11 Aug 2022 15:06:10 GMT
expires
Thu, 11 Aug 2022 15:06:10 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame AD5B
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Thu, 11 Aug 2022 15:06:10 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Thu, 11 Aug 2022 15:06:10 GMT
expires
Thu, 11 Aug 2022 15:06:10 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1069852215/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1069852215/?random=1660230369977&cv=9&fst=1660230369977&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa880&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&tiba=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&auid=1491197135.1660230370&hn=www.googleadservices.com&us_privacy=1---&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1dde5980d2c7274a0fc6d4d4e585b7e86f3012eade0a0e1eae6a7b9ea9fb58b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1162
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1069852215/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1069852215/?random=1660230369979&cv=9&fst=1660230369979&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa880&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&tiba=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&auid=1491197135.1660230370&hn=www.googleadservices.com&us_privacy=1---&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ee1ebe840d3253d382c185fa3901c7bed9a1f42a069355e17daec30b39d093c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1161
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
log
play.google.com/ Frame AD5B
131 B
671 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Thu, 11 Aug 2022 15:06:10 GMT
/
adservice.google.de/ddm/fls/i/dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/ Frame C821
194 B
242 B
Document
General
Full URL
https://adservice.google.de/ddm/fls/i/dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CKrHs4uIv_kCFcpQwgodO8cORw;cat=sitew0;ord=910296313129.8636;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://adservice.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=0
content-encoding
gzip
content-length
177
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 11 Aug 2022 15:06:10 GMT
expires
Thu, 11 Aug 2022 15:06:10 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
adservice.google.de/ddm/fls/i/dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/ Frame 08A8
194 B
870 B
Document
General
Full URL
https://adservice.google.de/ddm/fls/i/dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=COLFs4uIv_kCFQ2XGQodIv0PxA;cat=sitew0;ord=2526205565704.6313;src=10657097;type=sitew0;~oref=https://support.savethechildren.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://adservice.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=0
content-encoding
gzip
content-length
177
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 11 Aug 2022 15:06:10 GMT
expires
Thu, 11 Aug 2022 15:06:10 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
jquery-1.6.4.min.js
support.savethechildren.org/jquery/
130 KB
41 KB
Script
General
Full URL
https://support.savethechildren.org/jquery/jquery-1.6.4.min.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/yui3/yui/yui-min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
931bf6ce88f5237d3795bca1fcfb831181a75de7add4b03e6e7b17b3c79a8ca4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Cteonnt-Length
133384
Date
Thu, 11 Aug 2022 15:06:10 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 May 2020 05:05:40 GMT
Server
Apache
ETag
"20908-5a6c26584b2fd"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=216
setuid
ib.adnxs.com/
Redirect Chain
  • https://s.tribalfusion.com/visitor?%7B%22tagKey%22%3A%222481917101%22%2C%22th%22%3A7238200512%2C%22version%22%3A%221.0%22%2C%22tKey%22%3A%22apmneMnEbGXFZbbTtFVn6bIMrMBSfSwyd%22%2C%22url%22%3A%22htt...
  • https://a4.tribalfusion.com/ipg?ip6=2a01:4a0:1338:92::12&kv=%7B%22ord%22%3A%2016063202%2C%20%22clientID%22%3A%20791263%7D&redirect=https://ib.adnxs.com/getuidu?https://a.tribalfusion.com/i.match?p=...
  • https://ib.adnxs.com/setuid?entity=305&code=$TF_USER_ID_ENC$
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=305&code=$TF_USER_ID_ENC$
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Server
37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:10 GMT
X-Proxy-Origin
80.255.7.100; 80.255.7.100; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
76b115d6-3d8b-4c7a-ba26-69e8b53bd635
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
cf-cache-status
DYNAMIC
x-function
201
server
cloudflare
x-reuse-index
119
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
7391dfa73d469076-FRA
p3p
CP="NOI DEVo TAIa OUR BUS"
location
https://ib.adnxs.com/setuid?entity=305&code=$TF_USER_ID_ENC$
cache-control
no-cache, private
content-type
text/html
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:00 GMT
ajax
www.trustedsite.com/rpc/
6 B
951 B
Script
General
Full URL
https://www.trustedsite.com/rpc/ajax?do=tmjs-visit&host=support.savethechildren.org&rand=1660230370154
Requested by
Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.209.226.105 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-209-226-105.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
a4aa9f775af34f63386d8b4d8a14fce2225c317c3f93cbafdeb5a8524eb542a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-security-policy-report-only
report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
content-length
26
x-content-type-options
nosniff
5439503
www.clarity.ms/tag/uet/
2 KB
2 KB
Script
General
Full URL
https://www.clarity.ms/tag/uet/5439503
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/5439503.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:27::cafe:1806 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
e2fd55a8f4de5b2168adabe37df04032a92d8e182bb0a3136c0ebd301b76ca1a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:09 GMT
x-powered-by
ASP.NET
x-azure-ref
04hr1YgAAAAAFnRLX4wzKSJmQlyWYoWvwTE9TMzBFREdFMDIxMgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
request-context
appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
content-length
1542
expires
-1
205.svg
cdn.ywxi.net/meter/support.savethechildren.org/
20 KB
8 KB
Image
General
Full URL
https://cdn.ywxi.net/meter/support.savethechildren.org/205.svg?ts=1660040836909&l=en-US
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:800:14:6bfc:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
1a0989896f2933670321396aa9d0581db5ec8bdf3327691ca35f9c4bfa98c8fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 14:14:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3088
content-security-policy-report-only
report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
x-cache
Hit from cloudfront
content-length
7400
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/svg+xml
via
1.1 2f0580a0593ad9d3fb82aee9226d8178.cloudfront.net (CloudFront)
cache-control
public
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
Hp4lFGUddyN5fs21TzLwfDO7K_qFGYjlS7reS7Q8MInegTG7JeSyYg==
expires
Thu, 11 Aug 2022 15:14:42 GMT
4tyb89znk7j3t67t
client-analytics.braintreegateway.com/ Frame
0
0
Preflight
General
Full URL
https://client-analytics.braintreegateway.com/4tyb89znk7j3t67t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.234.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-234-137.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://support.savethechildren.org
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://support.savethechildren.org
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Thu, 11 Aug 2022 15:06:10 GMT
Server
nginx
4tyb89znk7j3t67t
client-analytics.braintreegateway.com/ Frame
0
0
Preflight
General
Full URL
https://client-analytics.braintreegateway.com/4tyb89znk7j3t67t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.234.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-234-137.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://support.savethechildren.org
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://support.savethechildren.org
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Thu, 11 Aug 2022 15:06:10 GMT
Server
nginx
4tyb89znk7j3t67t
client-analytics.braintreegateway.com/ Frame
0
0
Preflight
General
Full URL
https://client-analytics.braintreegateway.com/4tyb89znk7j3t67t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.234.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-234-137.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://support.savethechildren.org
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://support.savethechildren.org
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Thu, 11 Aug 2022 15:06:10 GMT
Server
nginx
4tyb89znk7j3t67t
client-analytics.braintreegateway.com/ Frame
0
0
Preflight
General
Full URL
https://client-analytics.braintreegateway.com/4tyb89znk7j3t67t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.234.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-234-137.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://support.savethechildren.org
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://support.savethechildren.org
Access-Control-Max-Age
3000
Connection
keep-alive
Content-Length
0
Date
Thu, 11 Aug 2022 15:06:10 GMT
Server
nginx
4tyb89znk7j3t67t
client-analytics.braintreegateway.com/
0
292 B
XHR
General
Full URL
https://client-analytics.braintreegateway.com/4tyb89znk7j3t67t
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.234.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-234-137.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/json

Response headers

Date
Thu, 11 Aug 2022 15:06:10 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://support.savethechildren.org
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
4tyb89znk7j3t67t
client-analytics.braintreegateway.com/
0
292 B
XHR
General
Full URL
https://client-analytics.braintreegateway.com/4tyb89znk7j3t67t
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.234.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-234-137.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/json

Response headers

Date
Thu, 11 Aug 2022 15:06:10 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://support.savethechildren.org
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
4tyb89znk7j3t67t
client-analytics.braintreegateway.com/
0
292 B
XHR
General
Full URL
https://client-analytics.braintreegateway.com/4tyb89znk7j3t67t
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.234.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-234-137.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/json

Response headers

Date
Thu, 11 Aug 2022 15:06:10 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://support.savethechildren.org
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
4tyb89znk7j3t67t
client-analytics.braintreegateway.com/
0
292 B
XHR
General
Full URL
https://client-analytics.braintreegateway.com/4tyb89znk7j3t67t
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.67.234.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-67-234-137.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/json

Response headers

Date
Thu, 11 Aug 2022 15:06:10 GMT
Server
nginx
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://support.savethechildren.org
Connection
keep-alive
Access-Control-Allow-Headers
Content-Length
0
fb.js
c.paypal.com/da/r/
57 KB
20 KB
Script
General
Full URL
https://c.paypal.com/da/r/fb.js
Requested by
Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.39.0/js/data-collector.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frd/E2BA) /
Resource Hash
5653386a8725820e2a79eac4ea2fe4a1689bd997e943211069e96fd6e58b94ba
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
248797
x-cache
HIT
paypal-debug-id
8eee85a658fb9
access-control-max-age
86400
access-control-allow-methods
GET
server-timing
content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=2
dc
ccg11-origin-www-1.paypal.com
content-length
19828
last-modified
Wed, 20 Jul 2022 20:39:48 GMT
server
ECAcc (frd/E2BA)
traceparent
00-00000000000000000008eee85a658fb9-cef7281caf614cab-01
etag
"62d86814-e22f"
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
access-control-allow-credentials
false
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 12 Aug 2022 15:06:10 GMT
/
www.google.com/pagead/1p-user-list/1069852215/
42 B
548 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/1069852215/?random=1660230369977&cv=9&fst=1660230000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa880&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&tiba=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&async=1&fmt=3&is_vtc=1&random=4003095424&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1069852215/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/1069852215/?random=1660230369977&cv=9&fst=1660230000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa880&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&tiba=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&async=1&fmt=3&is_vtc=1&random=4003095424&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
event
widget.us.criteo.com/
Redirect Chain
  • https://sslwidget.criteo.com/event?a=33523&v=5.12.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3Ddonation-form-6827-one-time%26ui_ecommerce%3D0%26ui_sponsor%3D0&p2=e%3Dvp%26p%3Ddonation-form-6827-one...
  • https://widget.us.criteo.com/event?a=33523&v=5.12.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3Ddonation-form-6827-one-time%26ui_ecommerce%3D0%26ui_sponsor%3D0&p2=e%3Dvp%26p%3Ddonation-form-6827-one...
9 KB
4 KB
Script
General
Full URL
https://widget.us.criteo.com/event?a=33523&v=5.12.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3Ddonation-form-6827-one-time%26ui_ecommerce%3D0%26ui_sponsor%3D0&p2=e%3Dvp%26p%3Ddonation-form-6827-one-time%26ui_ecommerce%3D0%26ui_sponsor%3D0&p3=e%3Ddis&adce=1&bundle=GD4val9keUlMJTJCR0RVREt2ZHY5UndYMU5BJTJGek5namJ3V1IlMkYlMkZ3S1d4TWJkc1hkYTNvN2wlMkYxR3pMMVplOEElMkY2dmg0OGQ4QjFlSmFLRnlwSmRaZVJPRUl2V2ppUkJ1ZmFJS0VmZUFXNTNQMiUyRjAxMFJ4RjVqZ1RIZllLd2dPTU12c0xObktnSUNIMkdzNmZMaGRja2d2SVZOVkZxU2VVNlNzTGNFS2l0MUxZaHI3eVhsWSUzRA&tld=savethechildren.org&fu=https%253A%252F%252Fsupport.savethechildren.org%252Fsite%252FDonation2%253Fdf_id%253D6827%2526mfc_pref%253DT%25266827.donation%253Dform1%2526smtrctid%253DAAyoE7%2526cid%253DEmail%253A%253AEmer_Kentucky_Flood%253ANew_Leads%253A081022&dtycbr=64666&cs=1---&cv=1
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Server
74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
0913ce55751921ac33e38702ae82f921bef021fe0c2de86f3744944ec9249852
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
server
Kestrel
timing-allow-origin
*
strict-transport-security
max-age=31536000; preload;
p3p
NON DSP COR CURa PSA PSD OUR BUS NAV STA
access-control-allow-origin
*
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
17864809
content-type
application/x-javascript
expires
0

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:09 GMT
content-encoding
gzip
server
Kestrel
location
https://widget.us.criteo.com/event?a=33523&v=5.12.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3Ddonation-form-6827-one-time%26ui_ecommerce%3D0%26ui_sponsor%3D0&p2=e%3Dvp%26p%3Ddonation-form-6827-one-time%26ui_ecommerce%3D0%26ui_sponsor%3D0&p3=e%3Ddis&adce=1&bundle=GD4val9keUlMJTJCR0RVREt2ZHY5UndYMU5BJTJGek5namJ3V1IlMkYlMkZ3S1d4TWJkc1hkYTNvN2wlMkYxR3pMMVplOEElMkY2dmg0OGQ4QjFlSmFLRnlwSmRaZVJPRUl2V2ppUkJ1ZmFJS0VmZUFXNTNQMiUyRjAxMFJ4RjVqZ1RIZllLd2dPTU12c0xObktnSUNIMkdzNmZMaGRja2d2SVZOVkZxU2VVNlNzTGNFS2l0MUxZaHI3eVhsWSUzRA&tld=savethechildren.org&fu=https%253A%252F%252Fsupport.savethechildren.org%252Fsite%252FDonation2%253Fdf_id%253D6827%2526mfc_pref%253DT%25266827.donation%253Dform1%2526smtrctid%253DAAyoE7%2526cid%253DEmail%253A%253AEmer_Kentucky_Flood%253ANew_Leads%253A081022&dtycbr=64666&cs=1---&cv=1
strict-transport-security
max-age=31536000; preload;
access-control-allow-origin
*
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
7174532
timing-allow-origin
*
content-length
0
expires
0
log
play.google.com/ Frame AD5B
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Thu, 11 Aug 2022 15:06:10 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Thu, 11 Aug 2022 15:06:10 GMT
expires
Thu, 11 Aug 2022 15:06:10 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame AD5B
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Thu, 11 Aug 2022 15:06:10 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Thu, 11 Aug 2022 15:06:10 GMT
expires
Thu, 11 Aug 2022 15:06:10 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame AD5B
131 B
155 B
XHR
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
X-Goog-AuthUser
0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
server
Playlog
access-control-allow-headers
X-Playlog-Web
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin
https://pay.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/plain; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131
x-xss-protection
0
expires
Thu, 11 Aug 2022 15:06:10 GMT
log
play.google.com/ Frame
0
0
Preflight
General
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Thu, 11 Aug 2022 15:06:10 GMT
expires
Thu, 11 Aug 2022 15:06:10 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
/
www.google.com/pagead/1p-user-list/1069852215/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/1069852215/?random=1660230369979&cv=9&fst=1660230000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa880&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&tiba=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&async=1&fmt=3&is_vtc=1&random=4098441428&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1069852215/
42 B
548 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/1069852215/?random=1660230369979&cv=9&fst=1660230000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa880&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&tiba=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&async=1&fmt=3&is_vtc=1&random=4098441428&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pr
s.amazon-adsystem.com/v3/ Frame E3BB
6 KB
6 KB
Document
General
Full URL
https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D7b5e267f-6cf6-c436-4330-cc79e3ea1453%26type%3D4%26m%3D1&ex-fch=416613&ex-src=https://www.savethechildren.org/&ex-hargs=v%3D1.0%3Bc%3D2536428905417%3Bp%3D7B5E267F-6CF6-C436-4330-CC79E3EA1453&cb=73107274862259870&dcc=t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
e9b9993d6c2391b9afef86ba3352e27eeca0e630aae66fd8ac558383e84d837e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D7b5e267f-6cf6-c436-4330-cc79e3ea1453%26type%3D4%26m%3D1&ex-fch=416613&ex-src=https://www.savethechildren.org/&ex-hargs=v%3D1.0%3Bc%3D2536428905417%3Bp%3D7B5E267F-6CF6-C436-4330-CC79E3EA1453&cb=73107274862259870&dcc=t
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
5831
Content-Type
text/html;charset=ISO-8859-1
Date
Thu, 11 Aug 2022 15:06:10 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Permissions-Policy
interest-cohort=()
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
x-amz-rid
ECWG2QTGR4BGE16BQ9BT
/
tags.wdsvc.net/tpc-eval/
21 B
284 B
Script
General
Full URL
https://tags.wdsvc.net/tpc-eval/?lid=1828d71030a-tags1-1fca69326255a8
Requested by
Host: tags.wdsvc.net
URL: https://tags.wdsvc.net/controller.js?id=100229
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.5.60.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-5-60-62.compute-1.amazonaws.com
Software
/
Resource Hash
b0e70b299ab9c122ad93531fa8e5309833baecd53dd55c992c538f8b33bfa22d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:10 GMT
Content-Type
text/javascript
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Keep-Alive
timeout=5
Content-length
21
Expires
Mon, 3 Jan 2005 13:00:00 GMT
jquery-noconflict.js
support.savethechildren.org/jquery/
1 KB
936 B
Script
General
Full URL
https://support.savethechildren.org/jquery/jquery-noconflict.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/yui3/yui/yui-min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
53380404709f3d3e845a1e33be4d4e0bac1a77845e10f68111ffb474a4bf0961

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Cteonnt-Length
1135
Date
Thu, 11 Aug 2022 15:06:10 GMT
Content-Encoding
gzip
Last-Modified
Tue, 24 Jul 2012 19:53:23 GMT
Server
Apache
ETag
"46f-4c598b70372c0"
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=285
Content-Length
574
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1069852215/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1069852215/?random=1660230370400&cv=9&fst=1660230370400&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa880&sendb=1&ig=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&tiba=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&auid=1491197135.1660230370&hn=www.googleadservices.com&us_privacy=1---&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8ee982f24c149a904b8cfb2fba3c11d513218f7b9e225f7233c38b1b0b6d0735
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1160
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ Frame F8F0
0
18 B
Document
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://support.savethechildren.org
Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://support.savethechildren.org
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Thu, 11 Aug 2022 15:06:10 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
visitor.php
app.leadsrx.com/
105 B
530 B
XHR
General
Full URL
https://app.leadsrx.com/visitor.php?acctTag=yqahgl42094&tz=0&ref=&u=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&t=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&lc=null&anon=0&vin=null
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.200.137.219 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-200-137-219.us-west-2.compute.amazonaws.com
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40 / PHP/5.6.40
Resource Hash
6789ef8cfdfd353aafaf5b93d8f50aa548d04287f3edb01479bc1fcece9cfc16

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
https://support.savethechildren.org
date
Thu, 11 Aug 2022 15:06:11 GMT
access-control-allow-credentials
true
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
x-powered-by
PHP/5.6.40
content-length
105
content-type
text/html; charset=utf-8
i
c.paypal.com/v1/r/d/ Frame DF50
160 B
1 KB
Document
General
Full URL
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8E91) /
Resource Hash
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
141
content-security-policy-report-only
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type
text/html;charset=UTF-8
correlation-id
36fddf2f56557
date
Thu, 11 Aug 2022 15:06:09 GMT
paypal-debug-id
36fddf2f56557
server
ECAcc (frc/8E91)
server-timing
content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=156
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
*
traceparent
00-000000000000000000036fddf2f56557-2b2565b00697f6f9-01
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
1; mode=block
counter2.cgi
dub.stats.paypal.com/ Frame 4B4F
Redirect Chain
  • https://b.stats.paypal.com/counter.cgi?i=127.0.0.1&p=f4b366979908d74d5c52dfcf3d03d994&t=1660230370.244&a=14
  • https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=f4b366979908d74d5c52dfcf3d03d994&t=1660230370.244&a=14
42 B
299 B
Image
General
Full URL
https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=f4b366979908d74d5c52dfcf3d03d994&t=1660230370.244&a=14
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Server
64.4.245.84 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
Software
PayPal-B.Stats/1.0 /
Resource Hash
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:10 GMT
Server
PayPal-B.Stats/1.0
Connection
close
Content-Length
42
Content-Type
image/jpeg

Redirect headers

Location
https://dub.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=f4b366979908d74d5c52dfcf3d03d994&t=1660230370.244&a=14
Date
Thu, 11 Aug 2022 15:06:10 GMT
Server
PayPal-B.Stats/1.0
Connection
close
Content-Length
0
Content-Type
application/octet-stream
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://ib.adnxs.com/setuid/a9?entity=188&code=AnJsQRb2QhSwChEENFKQFA&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DxandrHMT%26id%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fsetuid%2Fa9%3Fentity%3D188%26code%3DAnJsQRb2QhSwChEENFKQFA%26redir%3Dhttps%253A%252F%252Fs.amazon-adsystem.com%252Fecm3%253Fex%253DxandrHMT%2526id%253D%2524UID
  • https://s.amazon-adsystem.com/ecm3?ex=xandrHMT&id=AnJsQRb2QhSwChEENFKQFA
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=xandrHMT&id=AnJsQRb2QhSwChEENFKQFA
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
1E6G38QF7QMPXDVK7TZ0
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:10 GMT
X-Proxy-Origin
80.255.7.100; 80.255.7.100; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
7c10c526-f6ad-4ab1-a128-ce5484806022
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://s.amazon-adsystem.com/ecm3?ex=xandrHMT&id=AnJsQRb2QhSwChEENFKQFA
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212284268
  • https://s.amazon-adsystem.com/ecm3?id=216633104240002434512&ex=neustar.biz
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?id=216633104240002434512&ex=neustar.biz
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
H1WWABG3N9SP6WVNA4EX
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
server
AAWebServer
location
https://s.amazon-adsystem.com/ecm3?id=216633104240002434512&ex=neustar.biz
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires
0
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?cm_dsp_id=198&external_user_id=pbpP5SbpRyq4FRFRkIrSPw&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DindexHMT%26id%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DindexHMT%26id%3D&cm_dsp_id=198&external_user_id=pbpP5SbpRyq4FRFRkIrSPw&C=1
  • https://s.amazon-adsystem.com/ecm3?ex=indexHMT&id=YvUa4iYo1VtiURA2PvR6pgAA
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=indexHMT&id=YvUa4iYo1VtiURA2PvR6pgAA
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
QN1H9PQWCP8E0GMH7FK3
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kqepZB1OwRdLMR6yG7T1rF2fWJ89qqVEteVXHochXDxP%2BkepNB%2BANb%2BbV%2BtybV%2Fa3cZiDO2OKui8LOCnyYuWLrN0Zuh9UnvWtjzsH8i%2Fum097SF5qv%2Fp1hJem5o%2Fg9wYy7YdIkUIM1u5ig%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
https://s.amazon-adsystem.com/ecm3?ex=indexHMT&id=YvUa4iYo1VtiURA2PvR6pgAA
cache-control
no-cache
cf-ray
7391dfa8aef05caa-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
0
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://x.bidswitch.net/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D
  • https://x.bidswitch.net/ul_cb/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D
  • https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=310320e12df20eb104f2f5e7285e8a9e
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=310320e12df20eb104f2f5e7285e8a9e
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
A89NX5754HBJWGY05MBN
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=310320e12df20eb104f2f5e7285e8a9e
Date
Thu, 11 Aug 2022 15:06:10 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://tags.bluekai.com/site/36840?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbluekai.com%26id%3D%24_BK_UUID
  • https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=$_BK_UUID
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=$_BK_UUID
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
V7KXSN1BHJXEXJEK4M7S
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location
https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=$_BK_UUID
date
Thu, 11 Aug 2022 15:06:10 GMT
content-length
0
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58516/sync?_origin=1&redir=true&uid=CpbrYoRZQE-CRW6QnwC2iQ
  • https://ups.analytics.yahoo.com/ups/58516/sync?_origin=1&redir=true&uid=CpbrYoRZQE-CRW6QnwC2iQ&verify=true
  • https://s.amazon-adsystem.com/ecm3?ex=yahooHMT&id=CpbrYoRZQE-CRW6QnwC2iQ
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=yahooHMT&id=CpbrYoRZQE-CRW6QnwC2iQ
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
Z6X4ZVK8JZWV725R2WQH
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location
https://s.amazon-adsystem.com/ecm3?ex=yahooHMT&id=CpbrYoRZQE-CRW6QnwC2iQ
date
Thu, 11 Aug 2022 15:06:10 GMT
server
ATS/9.1.0.46
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://t.myvisualiq.net/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D
  • https://t.myvisualiq.net/ul_cb/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D
  • https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=ab54dda0-331e-4fe0-8126-9689c24b48f7
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=ab54dda0-331e-4fe0-8126-9689c24b48f7
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
QNR5TDDZ5QJR2GH6R7A1
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

access-control-allow-origin
*
Date
Thu, 11 Aug 2022 15:06:10 GMT
Cache-Control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
Connection
keep-alive
Content-Length
0
Location
https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=ab54dda0-331e-4fe0-8126-9689c24b48f7
sync
amazon.partners.tremorhub.com/ Frame E3BB
43 B
183 B
Image
General
Full URL
https://amazon.partners.tremorhub.com/sync?UIAM&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dtelaria.com%26id%3D%5BPARTNER_ID%5D
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:612b:4264:f887:8ace:4fd:1ad4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
server
Apache-Coyote/1.1
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type
image/gif
cms
cms.analytics.yahoo.com/ Frame E3BB
0
123 B
Image
General
Full URL
https://cms.analytics.yahoo.com/cms?partner_id=AMAZON&ex=gemini
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.82.100.182 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spcms.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
via
http/1.1 spdc0109.pbp.ir2.yahoo.com (ApacheTrafficServer)
server
ATS
age
0
strict-transport-security
max-age=31536000
content-type
text/html;charset=utf-8
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://mwzeom.zeotap.com/mw?zpartnerid=1353&zurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dzeotap%26id%3D%7BZCOOKIE%7D
  • https://s.amazon-adsystem.com/ecm3?ex=zeotap&id=ef95123c-e472-41d5-418a-dcb6815dba48
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=zeotap&id=ef95123c-e472-41d5-418a-dcb6815dba48
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
1YBX2YV6KBJZ04WWYNDX
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date
Thu, 11 Aug 2022 15:06:10 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://s.amazon-adsystem.com/ecm3?ex=zeotap&id=ef95123c-e472-41d5-418a-dcb6815dba48
content-type
text/html; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
7391dfa80cadbbd4-FRA
access-control-allow-headers
*
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://ads.stickyadstv.com/user-matching?id=2545
  • https://s.amazon-adsystem.com/ecm3?id=c2b05442e4e35a4faf5bcdf9f0af943&ex=freewheel.tv&gdpr=0&gdpr_consent=
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?id=c2b05442e4e35a4faf5bcdf9f0af943&ex=freewheel.tv&gdpr=0&gdpr_consent=
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
08QK46P2SHHE6P736AZJ
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:10 GMT
Server
nginx
Access-Control-Allow-Origin
*
Location
https://s.amazon-adsystem.com/ecm3?id=c2b05442e4e35a4faf5bcdf9f0af943&ex=freewheel.tv&gdpr=0&gdpr_consent=
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
x-sticky-vk
1660230370890014-390
Expires
Thu, 11 Aug 2022 15:06:10 GMT
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://www.imdb.com/ads/idsync?cid=a706a6beb&ex=imdb.com
  • https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
871D9K1WW1PFNYN69XWQ
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date
Thu, 11 Aug 2022 15:06:10 GMT
via
1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=ATVPDKIKX0DER:sid=:rid=CFCEA9WFZ9FWCDXTKF1P:sn=www.imdb.com
x-cache
Miss from cloudfront
vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
content-length
0
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
server
Server
x-amz-rid
CFCEA9WFZ9FWCDXTKF1P
strict-transport-security
max-age=31536000; includeSubDomains
location
https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com
permissions-policy
interest-cohort=()
x-robots-tag
noindex, nofollow
x-amz-cf-id
G4ytPobgtId274rB049oA9nyVm7myh5WQsu3RmllCP4eGDJ-UZbcTQ==
usermatch.gif
beacon.krxd.net/ Frame E3BB
0
337 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?partner=amzn&partner_uid=qH2CoAIFSzetqVAHOEbCKg&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dkrux.com%26id%3D
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.211.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-211-80.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
cache-control
private, no-cache, no-store
x-request-time
D=31 t=1660230370
x-served-by
beacon-n022-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
pixel.gif
usersync.samplicio.us/amazon/ Frame E3BB
0
263 B
Image
General
Full URL
https://usersync.samplicio.us/amazon/pixel.gif?https://s.amazon-adsystem.com/ecm3?ex=luc.id&id=
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.225.217.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-225-217-42.compute-1.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Server
nginx/1.20.0
Location
https://s.amazon-adsystem.com/ecm3?ex=luc.id&id=
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
0
dspreply
public-prod-dspcookiematching.dmxleo.com/ Frame E3BB
0
122 B
Image
General
Full URL
https://public-prod-dspcookiematching.dmxleo.com/dspreply?dspId=1868&dspUserId=Cf56DbvlTWGBk_Juh8mvNw&redir=https://s.amazon-adsystem.com/ecm3?ex=dailymotionHMT1&id=
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
188.65.124.66 , France, ASN41690 (DAILYMOTION For peering related business, please mail peering@dailymotion.com, FR),
Reverse DNS
ingress-03-pub-prod-ix7.vip.dailymotion.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-dm-lb-name
ingress-nginx-nginx-in-cluster-9dk5s
date
Thu, 11 Aug 2022 15:06:11 GMT
content-length
0
strict-transport-security
max-age=15724800; includeSubDomains
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://ads.samba.tv/cookie_sync?https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsamba.tv%26id%3D
  • https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=fd095e0ffb6c6ed0
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=fd095e0ffb6c6ed0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
VNGN5F3AMH5PDGBS1YD9
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date
Thu, 11 Aug 2022 15:06:11 GMT
x-content-type-options
nosniff
location
https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=fd095e0ffb6c6ed0
x-frame-options
SAMEORIGIN
access-control-allow-methods
HEAD,OPTIONS,GET
content-type
text/html; charset=utf-8
access-control-allow-origin
*
content-security-policy
default-src 'self'
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type, Authorization
content-length
93
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Gl7RRfZrTjGMFXgxlSJ_ig&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Gl7RRfZrTjGMFXgxlSJ_ig
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Gl7RRfZrTjGMFXgxlSJ_ig
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
NNMJW5ZVAQGR7W6R2F4C
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=Gl7RRfZrTjGMFXgxlSJ_ig
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=139200&dpuuid=dfOuByEWQ1yfcsUMpXzZaQ&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D
  • https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=89340451392778590324404272840646099861
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=89340451392778590324404272840646099861
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
PJY049QC1CAY9N5EM4WQ
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

DCS
dcs-prod-irl1-1-v038-09331a469.edge-irl1.demdex.com 3 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
8Ev8PqjLSmc=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=89340451392778590324404272840646099861
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://odr.mookie1.com/t/v2?tagid=V2_393725&AMAZON_REGION_SPECIFIC_ENDPOINT=s.amazon-adsystem.com&src.visitorID=eVLhHxFzQhKmVhdBv4w3hg
  • https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10815957456790300460&gdpr=&gdpr_consent=
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10815957456790300460&gdpr=&gdpr_consent=
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
H2E5XPWHZB2DYA7W6DCP
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:11 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location
https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10815957456790300460&gdpr=&gdpr_consent=
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
z
px.surveywall-api.survata.com/ Frame E3BB
0
0

ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D
  • https://c1.adform.net/serving/cookie/match?CC=1&party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D
  • https://s.amazon-adsystem.com/ecm3?ex=adform.net&id=6928307882303753497
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=adform.net&id=6928307882303753497
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
P6VT4MM12Z1BHSVASYD4
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:11 GMT
server
nginx
location
https://s.amazon-adsystem.com/ecm3?ex=adform.net&id=6928307882303753497
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID
  • https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=22b98d79-1987-11ed-8471-10b91cd50406
  • https://s.amazon-adsystem.com/ecm3?ex=spotx.com&id=22b98d20-1987-11ed-8471-10b91cd50406
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=spotx.com&id=22b98d20-1987-11ed-8471-10b91cd50406
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
9BFM3M5EXMHW02MCP5TH
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Thu, 11 Aug 2022 15:06:11 GMT
Server
nginx
Location
https://s.amazon-adsystem.com/ecm3?ex=spotx.com&id=22b98d20-1987-11ed-8471-10b91cd50406
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
43
Connection
keep-alive
Content-Length
0
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://bs.serving-sys.com/Serving?cn=cs&rtu=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsizmek%26id%3D%5B%25tp_UserID%25%5D
  • https://lm.serving-sys.com/lm/acs?json={%22GUID%22:%2203f9498f-f646-46f4-9229-253009a5c9e3%22,%22Time%22:%2220220811T150611.215998%22}&rtu=https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=[%tp_UserID%]
  • https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=03f9498f-f646-46f4-9229-253009a5c9e3
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=03f9498f-f646-46f4-9229-253009a5c9e3
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
FDKBHB5P65380G4JDN52
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=03f9498f-f646-46f4-9229-253009a5c9e3
Server
LogModule 0.4
Content-Length
204
Content-Type
text/html; charset=UTF-8
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=a9&google_cm&ex=doubleclick.net
  • https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEAQGbkJJCF-MNkAnj6CN090&google_cver=1
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEAQGbkJJCF-MNkAnj6CN090&google_cver=1
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
AT27QYYGBQ8XY6NT6CM0
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:11 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEAQGbkJJCF-MNkAnj6CN090&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
311
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
v2
usermatch.krxd.net/um/ Frame E3BB
20 B
20 B
Image
General
Full URL
https://usermatch.krxd.net/um/v2?partner=amzn
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.189.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-189-152.compute-1.amazonaws.com
Software
/
Resource Hash
3ece40b974c6084c091fff702b34d48d9c4b0aaa273b63239cd34225ea20c002

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:11 GMT
x-age
0
content-length
20
content-type
text/plain; charset=utf-8
x-served-by
usermatch-a021-ash-prod.krxd.net
x-cache
MISS
x-cache-hits
0
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://sb.scorecardresearch.com/p?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25
  • https://sb.scorecardresearch.com/p2?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25
  • https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=96cef1e4162849107999b9e22dc81559
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=96cef1e4162849107999b9e22dc81559
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
6YJ9EDVH5S3T0EHRQYD3
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location
https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=96cef1e4162849107999b9e22dc81559
date
Thu, 11 Aug 2022 15:06:11 GMT
via
1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
content-length
0
x-amz-cf-id
RjHPyObJ8V76C0jNWv8QmgCl0fWSczBPShhOhIfN-_dWNPm1lToztA==
x-cache
Miss from cloudfront
cm
us-u.openx.net/w/1.0/ Frame E3BB
43 B
304 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:11 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184155&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex%26id%3D__UID__
  • https://s.amazon-adsystem.com/ecm3?ex=index&id=K6ct0nYcnyMSA1MCR5EUkzc4dBM4ZgIC
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=index&id=K6ct0nYcnyMSA1MCR5EUkzc4dBM4ZgIC
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
ZZMB4R9KP0AF35WNAK7A
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:11 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3p9DgKlWwkmjmWPMbZ%2FnlBwRoK9IyOZ%2FpyCM0yS4vGfso6vMLnkakN9LRFGGXF8OTw0wVY3cnHIKl6dm%2FwIstqu2Q%2BvFHQD%2FpDuMi2%2F61RdQcxR3qA28c0T0Mz8uqjOffoEukUgjuWPmQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
https://s.amazon-adsystem.com/ecm3?ex=index&id=K6ct0nYcnyMSA1MCR5EUkzc4dBM4ZgIC
cache-control
no-cache
cf-ray
7391dfad6bc69293-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
0
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://uipglob.semasio.net/amazon/1/get?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D
  • https://uipglob.semasio.net/amazon/1/get2?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D
  • https://s.amazon-adsystem.com/ecm3?ex=semasio&id=7BFF9EC88BF577A4
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=semasio&id=7BFF9EC88BF577A4
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
8877RNMN9PE4CG3Y31A2
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:11 GMT
frontend-id
7
location
https://s.amazon-adsystem.com/ecm3?ex=semasio&id=7BFF9EC88BF577A4
p3p
policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin
*
uip-response-status
Ok
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
routing-server-id
-1
expires
Sat, 01 Jan 2011 12:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com
  • https://s.amazon-adsystem.com/ecm3?id=7703064413273786036&ex=appnexus.com
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?id=7703064413273786036&ex=appnexus.com
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
VAB3Q7E3E17HE8ENBNPZ
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
X-Proxy-Origin
80.255.7.100; 80.255.7.100; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
06f3c0b1-f331-4444-a73a-a5bfc8cbd04f
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://s.amazon-adsystem.com/ecm3?id=7703064413273786036&ex=appnexus.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame E3BB
0
225 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzgmdGw9MTI5NjAw&piggybackCookie=FL2tWYivSWaLDXvJ5gU3lA&rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3DpubmaticHMT%26id%3D%24%7BDSP_UID%7D
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:11 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2179&pt=n
  • https://s.amazon-adsystem.com/ecm3?id=mz8qOXUhMf7VGTpOtINOmg&ex=rubiconproject.com&status=ok
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?id=mz8qOXUhMf7VGTpOtINOmg&ex=rubiconproject.com&status=ok
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
YMKWD45JAVNANB5P4KGW
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?id=mz8qOXUhMf7VGTpOtINOmg&ex=rubiconproject.com&status=ok
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=a9&google_hm=smoQdmHfTayp0fVDbTJ6Pg&
  • https://s.amazon-adsystem.com/ecm3?ex=googleHMT
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=googleHMT
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
KBG33V7Q16D63KVN0EMV
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:11 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://s.amazon-adsystem.com/ecm3?ex=googleHMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
244
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
loadus.exelator.com/load/ Frame E3BB
0
324 B
Image
General
Full URL
https://loadus.exelator.com/load/?p=204&g=8888&j=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:11 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://lciapi.ninthdecimal.com/v1/lci/sync/adv-amzn/c-23445/?rdr=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3F%26ex%3Dninthdecimal.com%26id%3D%24%7BND_UID%7D
  • https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=2D1EC868E31AF5624469CB4802278A39
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=2D1EC868E31AF5624469CB4802278A39
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
0AKRS42NT6ASJZXF74YK
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Thu, 11 Aug 2022 15:06:11 GMT
Server
openresty/1.15.8.2
P3P
CP="This is not a P3P policy! See http://www.ninthdecimal.com/privacy-policy-terms-of-service for more info."
Location
https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=2D1EC868E31AF5624469CB4802278A39
Cache-Control
no-cache, private
Connection
keep-alive
Content-Type
text/html
Content-Length
151
Expires
Thu, 11 Aug 2022 15:06:10 GMT
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://pi.ispot.tv/v2/TC-3673-1.gif?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dispot.tv%26id%3D%7BISID%7D
  • https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=38aceb61934f90fe45f146875d93d4f0eebe89aa561bc8c3c6dc82d204f8bcab
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=38aceb61934f90fe45f146875d93d4f0eebe89aa561bc8c3c6dc82d204f8bcab
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
1JZTD7QDSPB9XQXXBQBE
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:11 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=38aceb61934f90fe45f146875d93d4f0eebe89aa561bc8c3c6dc82d204f8bcab
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-length
0
retry-after
0
expires
0
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame E3BB
0
166 B
Image
General
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
ecm3
s.amazon-adsystem.com/ Frame E3BB
Redirect Chain
  • https://sync.taboola.com/sg/amazon-a9-network/1/rtb
  • https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=d35a96c7-60b7-4ef6-827f-8d461cb80722-tuct9eea063
43 B
556 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=d35a96c7-60b7-4ef6-827f-8d461cb80722-tuct9eea063
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xr-HMT_ns_n-ix-HMT_bsw_bk_n-y-HMT_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-kr-new_n-lucid_n-dm-HMT_n-samba.tv_n-rb-HMT3_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_n-pm-HMT_rb_n-g-hmt_nsln_nd_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-kr-new=qH2CoAIFSzetqVAHOEbCKg&dmt=3&ex-pl-n-g-hmt=smoQdmHfTayp0fVDbTJ6Pg&ep=mfS4I4Lxm4iN8M-0MyueFf47OnoKeVEDv81awnuASMwKtWFQbTk8G6o696kFsQW7A_W9QtWWKALDK4mF5JVAmCkbXl0Qp8nVg8nXIK6-P3s-4M0sUB_GMjTD9UgEZZCKGaBNwLzp0W8bLp8i0B9P7QOPk6awLWMRd3QL3D5KMA0xnPBHbpMtpNyKZBpJR8x4-BpFJ-eY0N52OHJJcNUVEHud5KPm1pCU3JWY-AHRT6UqgXEWOMDJ4I-vCglnr8jVWwWGiDFAOI1KzA0UmgmqONNigvAGCBdYDUbOvJCYUd3Dtqc8tjBb__oodbcCWimXdhWP43SvFepAe_ai7AuCzCP5V77M_dmdXxxH6h_4wJakHUNYZRxotuqQ3v6b9w_VDdX6ejy2q6AA17GWynXZ1gzoF0Li3qAQkk6Mm8hcS7i6UsnZASnDu-WuKyp8asAP
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:11 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
J89HKP0YXET9EDC774YK
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location
https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=d35a96c7-60b7-4ef6-827f-8d461cb80722-tuct9eea063
date
Thu, 11 Aug 2022 15:06:11 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
40387
/
www.google.com/pagead/1p-user-list/1069852215/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/1069852215/?random=1660230370400&cv=9&fst=1660230000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa880&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&tiba=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&async=1&fmt=3&is_vtc=1&random=2772552467&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1069852215/
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/1069852215/?random=1660230370400&cv=9&fst=1660230000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa880&sendb=1&data=event%3Dform_submit&frm=0&url=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&tiba=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&async=1&fmt=3&is_vtc=1&random=2772552467&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:10 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
jquery-ui-1.8.16.custom.min.js
support.savethechildren.org/jquery/plugins/ui/
206 KB
59 KB
Script
General
Full URL
https://support.savethechildren.org/jquery/plugins/ui/jquery-ui-1.8.16.custom.min.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/yui3/yui/yui-min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
c6692607384f0b261f38edee88dc75ee817827d26aecc4ae765ada9aa92dd36b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Cteonnt-Length
210463
Date
Thu, 11 Aug 2022 15:06:10 GMT
Content-Encoding
gzip
Last-Modified
Tue, 07 Feb 2012 18:21:34 GMT
Server
Apache
ETag
"3361f-4b863d94fc780"
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
private
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=408
st
px.mountain.com/
2 KB
2 KB
Script
General
Full URL
https://px.mountain.com/st?ga_tracking_id=UA-85748307-2&ga_client_id=1304497899.1660230370&shpt=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22UA-85748307-2%22%2C%22ga_client_id%22%3A%221304497899.1660230370%22%2C%22shpt%22%3A%222022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children%22%2C%22dcm_cid%22%3A%221304497899.1660230370%22%2C%22dcm_gid%22%3A%221679020176.1660230370%22%2C%22ga_gclid%22%3A%221304497899.1660230370%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getClientIdByGA%22%3A%22OK%22%2C%22ga_gclid%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1304497899.1660230370&dcm_gid=1679020176.1660230370&dxver=4.0.0&shaid=32293&plh=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&cb=114786890054352&term=value&shadditional=googletagmanager%3Dtrue%2Ccriteo%3Dtrue
Requested by
Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32293&tdr=&plh=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&cb=114786890054352&term=value
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.235.191.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-235-191-156.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
061eed8b24902bff5ef99aa23522b59cba44f7487e7bafdb52ca521107c3fe6c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 11 Aug 2022 15:06:11 GMT
content-encoding
gzip
connection
close
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
content-type
application/javascript;charset=utf-8
fb.js
c.paypal.com/da/r/ Frame DF50
57 KB
19 KB
Script
General
Full URL
https://c.paypal.com/da/r/fb.js
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frd/E2BA) /
Resource Hash
5653386a8725820e2a79eac4ea2fe4a1689bd997e943211069e96fd6e58b94ba
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
248797
x-cache
HIT
paypal-debug-id
8eee85a658fb9
access-control-max-age
86400
access-control-allow-methods
GET
server-timing
content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=2
dc
ccg11-origin-www-1.paypal.com
content-length
19828
last-modified
Wed, 20 Jul 2022 20:39:48 GMT
server
ECAcc (frd/E2BA)
traceparent
00-00000000000000000008eee85a658fb9-cef7281caf614cab-01
etag
"62d86814-e22f"
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
access-control-allow-credentials
false
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 12 Aug 2022 15:06:10 GMT
p1
c.paypal.com/v1/r/d/b/ Frame DF50
125 B
715 B
XHR
General
Full URL
https://c.paypal.com/v1/r/d/b/p1
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F19) /
Resource Hash
b5fc945cabbe82a7bb8d33c73b8a4eb32d30505feac063e6a798b2c5a558e883
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
correlation-id
3308fedb85a8d
content-type
application/json
server
ECAcc (frc/8F19)
traceparent
00-00000000000000000003308fedb85a8d-0776e30da8865abf-01
strict-transport-security
max-age=63072000; includeSubDomains; preload
p3p
policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id
3308fedb85a8d
cache-control
max-age=0, no-cache, no-store, must-revalidate
server-timing
content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=253
timing-allow-origin
*
content-length
125
e
c.paypal.com/v1/r/d/b/ Frame DF50
0
142 B
XHR
General
Full URL
https://c.paypal.com/v1/r/d/b/e
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8EA2) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
correlation-id
7e410e11c5426
server
ECAcc (frc/8EA2)
traceparent
00-00000000000000000007e410e11c5426-e7ce667d867fd9a5-01
strict-transport-security
max-age=63072000; includeSubDomains; preload
paypal-debug-id
7e410e11c5426
cache-control
max-age=0, no-cache, no-store, must-revalidate
server-timing
content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=579
timing-allow-origin
*
p3
c6.paypal.com/v1/r/d/b/ Frame DF50
0
402 B
Image
General
Full URL
https://c6.paypal.com/v1/r/d/b/p3?f=f4b366979908d74d5c52dfcf3d03d994&s=BRAINTREE_SIGNIN
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::291 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://c.paypal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
via
1.1 varnish, 1.1 varnish
correlation-id
4c678bd8c43ad
traceparent
00-00000000000000000004c678bd8c43ad-02591da522a0c472-01
x-timer
S1660230371.812385,VS0,VE183
x-served-by
cache-hhn4064-HHN, cache-ams21030-AMS
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
paypal-debug-id
4c678bd8c43ad
cache-control
max-age=0, no-cache, no-store, must-revalidate
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
accept-ranges
bytes
timing-allow-origin
*
content-length
0
x-cache-hits
0, 0
clarity.js
www.clarity.ms/eus2-f/s/0.6.37/
53 KB
23 KB
Script
General
Full URL
https://www.clarity.ms/eus2-f/s/0.6.37/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/5439503
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:27::cafe:1806 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
9e8ba124b0c73a351df657b54d58db545fe810e16c0d9b07824a64864792a20d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:10 GMT
content-encoding
br
etag
"1d8aa4ff65ff896"
last-modified
Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by
ASP.NET
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript;charset=utf-8
cache-control
public,max-age=86400
x-azure-ref
04hr1YgAAAADGXkBx2s1AT5AChJW+zTQrTE9TMzBFREdFMDIxMgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges
bytes
request-context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
collect
n.clarity.ms/
0
183 B
XHR
General
Full URL
https://n.clarity.ms/collect
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin
https://support.savethechildren.org
date
Thu, 11 Aug 2022 15:06:10 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
collect
n.clarity.ms/
0
48 B
XHR
General
Full URL
https://n.clarity.ms/collect
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin
https://support.savethechildren.org
date
Thu, 11 Aug 2022 15:06:11 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
gs
gs.mountain.com/
144 B
733 B
Script
General
Full URL
https://gs.mountain.com/gs
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.12.117.226 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-12-117-226.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
c6dc3c193acc17f8fe814d7598d79d4a861fc367ef78208a5d9c879bb1638835

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:12 GMT
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
istio-envoy
access-control-allow-methods
GET, POST, OPTIONS
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-envoy-upstream-service-time
0
connection
close
content-type
application/javascript;charset=utf-8
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header
content-length
144
x-application-context
application:prod:8080
post-log
tags.wdsvc.net/
0
446 B
XHR
General
Full URL
https://tags.wdsvc.net/post-log?v=4.00&t=1660230370058
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.5.60.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-5-60-62.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-type
text/plain

Response headers

Access-Control-Allow-Origin
https://support.savethechildren.org
Date
Thu, 11 Aug 2022 15:06:12 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Keep-Alive
timeout=5
Content-length
0
Content-Type
text/html
/
insight.adsrvr.org/track/evnt/
70 B
261 B
Image
General
Full URL
https://insight.adsrvr.org/track/evnt/?adv=0ugbyxx&ct=0:fa8rm5p&fmt=3&td1=1828d71030a-tags1-1fca69326255a8
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:12 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
/
insight.adsrvr.org/track/conv/
70 B
260 B
Image
General
Full URL
https://insight.adsrvr.org/track/conv/?adv=0ugbyxx&ct=0:v28zupp&fmt=3&orderid=&vf=&v=&td1=1828d71030a-tags1-1fca69326255a8
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:12 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
/
insight.adsrvr.org/track/conv/
70 B
260 B
Image
General
Full URL
https://insight.adsrvr.org/track/conv/?adv=0ugbyxx&ct=0:rlc0tuy&fmt=3&orderid=&vf=&v=&td1=1828d71030a-tags1-1fca69326255a8
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:12 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
/
insight.adsrvr.org/track/evnt/
70 B
260 B
Image
General
Full URL
https://insight.adsrvr.org/track/evnt/?adv=0ugbyxx&ct=0:l703v0i&fmt=3&td1=1828d71030a-tags1-1fca69326255a8
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:12 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
st
px.mountain.com/
4 KB
2 KB
Script
General
Full URL
https://px.mountain.com/st?ga_tracking_id=UA-85748307-2&ga_client_id=1304497899.1660230370&shpt=2022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22UA-85748307-2%22%2C%22ga_client_id%22%3A%221304497899.1660230370%22%2C%22shpt%22%3A%222022%20Eastern%20Kentucky%20Flood%20Crisis%20Fund%20-%20Save%20the%20Children%22%2C%22dcm_cid%22%3A%221304497899.1660230370%22%2C%22dcm_gid%22%3A%221679020176.1660230370%22%2C%22ga_gclid%22%3A%221304497899.1660230370%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getClientIdByGA%22%3A%22OK%22%2C%22ga_gclid%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1304497899.1660230370&dcm_gid=1679020176.1660230370&dxver=4.0.0&shaid=32293&plh=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&term=value&shadditional=googletagmanager%3Dtrue%2Ccriteo%3Dtrue&cb=1660230371289303&shguid=c37b7f56-301b-3f0e-9745-317dfd3860a6&shgts=1660230372489
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
44.235.191.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-235-191-156.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ead2a9ed9ee423fa940f5f22bfa1b1251952857495a7fa31d8615581030f9779

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 11 Aug 2022 15:06:13 GMT
content-encoding
gzip
connection
close
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
content-type
application/javascript;charset=utf-8
generic
match.adsrvr.org/track/cmf/
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=22c3cd2e-1987-11ed-a184-dd6ec9f9c638&gdpr=&gdpr_consent=
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:13 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
/
insight.adsrvr.org/track/evnt/
70 B
260 B
Image
General
Full URL
https://insight.adsrvr.org/track/evnt/?adv=tl1i3bn&ct=0:kr1qq9a&fmt=3
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:13 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
AjaxHelper;jsessionid=00000000.app30034b
support.savethechildren.org/site/
35 KB
9 KB
XHR
General
Full URL
https://support.savethechildren.org/site/AjaxHelper;jsessionid=00000000.app30034b?NONCE_TOKEN=71F7D0AFCC857F276BA9BC9CB728CA04
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.123.154.123 , United States, ASN15148 (BLACKBAUD-ASN, US),
Reverse DNS
cluster3.convio.net
Software
Apache /
Resource Hash
aeff7db24dbf341aabb4dd12727d36dca604d23f8e48704ac57053812db55920
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com; report-uri https://support.savethechildren.org/site/XFrameViolation
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:13 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html;charset=ISO-8859-1
Cache-Control
no-store
Content-Security-Policy
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com; report-uri https://support.savethechildren.org/site/XFrameViolation
Connection
Keep-Alive
Keep-Alive
timeout=15, max=498
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?CtsSyncId=D3061AC3C595412CA09E4518F54B387A&RedC=c.clarity.ms&MXFR=249634FB301E6F9802E22506341E6160
  • https://c.clarity.ms/c.gif?CtsSyncId=D3061AC3C595412CA09E4518F54B387A&MUID=065321CE8A88633207AE30338B24629B
42 B
368 B
Image
General
Full URL
https://c.clarity.ms/c.gif?CtsSyncId=D3061AC3C595412CA09E4518F54B387A&MUID=065321CE8A88633207AE30338B24629B
Protocol
H2
Server
20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:13 GMT
last-modified
Thu, 28 Jul 2022 20:41:52 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"82531c78c2a2d81:0"
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:13 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 415A17B92D4E42CB94AFD73DDA0EE131 Ref B: FRA31EDGE0718 Ref C: 2022-08-11T15:06:13Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?CtsSyncId=D3061AC3C595412CA09E4518F54B387A&MUID=065321CE8A88633207AE30338B24629B
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
uwt.js
static.ads-twitter.com/
56 KB
15 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFG5K96
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ae57d5e97bf1a0db8777b7531cd32cb09ee6f07bed183bb880469cc20f355086

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
content-encoding
gzip
last-modified
Thu, 28 Jul 2022 21:38:45 GMT
etag
"ca88912498e17137955859948f14e272+gzip+gzip"
vary
Accept-Encoding,Host
x-tw-cdn
FT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache
x-cache
HIT, HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
15196
x-served-by
cache-iad-kjyo7100175-IAD, cache-muc13943-MUC
activityi;dc_pre=CNjJmI2Iv_kCFSxIHgIdt0gJrg;src=4853738;type=dfp;cat=donat0;ord=6302841212190;gtm=2wg880;auiddc=1491197135.1660230370;~oref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonati...
4853738.fls.doubleclick.net/ Frame 5F62
Redirect Chain
  • https://4853738.fls.doubleclick.net/activityi;src=4853738;type=dfp;cat=donat0;ord=6302841212190;gtm=2wg880;auiddc=1491197135.1660230370;~oref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDona...
  • https://4853738.fls.doubleclick.net/activityi;dc_pre=CNjJmI2Iv_kCFSxIHgIdt0gJrg;src=4853738;type=dfp;cat=donat0;ord=6302841212190;gtm=2wg880;auiddc=1491197135.1660230370;~oref=https%3A%2F%2Fsupport...
718 B
549 B
Document
General
Full URL
https://4853738.fls.doubleclick.net/activityi;dc_pre=CNjJmI2Iv_kCFSxIHgIdt0gJrg;src=4853738;type=dfp;cat=donat0;ord=6302841212190;gtm=2wg880;auiddc=1491197135.1660230370;~oref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFG5K96
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f6.1e100.net
Software
cafe /
Resource Hash
bc2dfacec7f6863ffd08495bd9eafbc46209bfe52511905529d52e687a14b505
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
about:blank
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=0
content-encoding
gzip
content-length
526
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 11 Aug 2022 15:06:13 GMT
expires
Thu, 11 Aug 2022 15:06:13 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 11 Aug 2022 15:06:13 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://4853738.fls.doubleclick.net/activityi;dc_pre=CNjJmI2Iv_kCFSxIHgIdt0gJrg;src=4853738;type=dfp;cat=donat0;ord=6302841212190;gtm=2wg880;auiddc=1491197135.1660230370;~oref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
savethechildren.js
d1n00d49gkbray.cloudfront.net/js/
73 KB
25 KB
Script
General
Full URL
https://d1n00d49gkbray.cloudfront.net/js/savethechildren.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:6400:9:7c30:be80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dd674f0b8199125dfd7034a04f0ce6c54340f94ed822090b118e15a93dfb9986

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Thu, 11 Aug 2022 06:41:19 GMT
content-encoding
gzip
last-modified
Wed, 29 Jun 2022 15:02:27 GMT
server
AmazonS3
age
30295
etag
W/"86e44efde64d32462e156f24206aa5b2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
x-amz-version-id
RGH6edrCYNdTDp1Jr7x.Fr0QILIUPOje
via
1.1 08bbe291f260c2b80a00874a80ade07c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
apet9BsFqnbiEIsx8PJ-EzUtYgp8egxxD_YS1KfMR9adXVIgqhOliw==
obtp.js
amplify.outbrain.com/cp/
8 KB
4 KB
Script
General
Full URL
https://amplify.outbrain.com/cp/obtp.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-237-86.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
83db3bbe981876d41cce2ddff9a3f3eb388342c9d70a4112fd79b995dae26dd0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:13 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Jun 2022 14:06:31 GMT
Server
AkamaiNetStorage
ETag
"51de2e10510f823326f9b30ea6068a2a:1655820557.452892"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=1200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3249
Expires
Thu, 11 Aug 2022 15:26:13 GMT
Bootstrap.js
nexus.ensighten.com/choozle/10170/
29 KB
9 KB
Script
General
Full URL
https://nexus.ensighten.com/choozle/10170/Bootstrap.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFG5K96
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-24.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
82d252b0331bf97dded0f4bf4948272698618523d184b1cc476f3f1807f15b74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 22 Jul 2022 04:10:30 GMT
content-encoding
br
age
1767344
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 13 Jun 2022 14:49:13 GMT
server
AmazonS3
etag
W/"18ffa018e5b503b5b4ff4b33ae1fb30c"
vary
Accept-Encoding
x-amz-version-id
fT_tumJdhdhIumBYXlKaiUul3kyT.7tv
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
cache-control
max-age=300
x-amz-cf-pop
FRA56-C1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
xXfDXRhjO09kD2mzyyszuweTXLlZ_iSHlrQnhqOmVejta8dm2wo28A==
airpr.js
px.airpr.com/
7 KB
2 KB
Script
General
Full URL
https://px.airpr.com/airpr.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-10.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
529b9c583e6cf8da02c9cadf8c38b5714198f0fde2dcde01da2d5ee681228738

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 04:46:51 GMT
content-encoding
gzip
last-modified
Sat, 21 Apr 2018 18:03:55 GMT
server
nginx
age
37162
etag
"5adb7d0b-853"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 e7377cc861b31102786678df3616bf68.cloudfront.net (CloudFront)
cache-control
max-age=43200
x-amz-cf-pop
FRA53-C1
content-length
2131
x-amz-cf-id
E-aTDZA10hYdoPBESweKxHQ1uksXyXzWiBEwMvzqGBhJA5L05hpXyw==
expires
Thu, 11 Aug 2022 17:04:21 GMT
sv.js
track.securedvisit.com/js/
59 KB
24 KB
Script
General
Full URL
https://track.securedvisit.com/js/sv.js
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.35.161 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-35-161.compute-1.amazonaws.com
Software
nginx/1.20.2 /
Resource Hash
f9df1da2e337cc44e3d87a5dc93f8271933b5ee914c7046ef02e281014b6cda0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:13 GMT
content-encoding
gzip
last-modified
Thu, 11 Aug 2022 15:06:13 GMT
server
nginx/1.20.2
etag
W/"273cf9801333aefc61a4f311b0692f6a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
no-cache, max-age=0, must-revalidate, proxy-revalidate, private
expires
Thu, 11 Aug 2022 15:06:13 GMT
asyncPixelSync
pixel.sitescout.com/dmp/ Frame E2C1
0
0
Document
General
Full URL
https://pixel.sitescout.com/dmp/asyncPixelSync
Requested by
Host: support.savethechildren.org
URL: https://support.savethechildren.org/site/Donation2?df_id=6827&mfc_pref=T&6827.donation=form1&smtrctid=AAyoE7&cid=Email::Emer_Kentucky_Flood:New_Leads:081022
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0,no-cache,no-store
date
Thu, 11 Aug 2022 15:06:12 GMT
expires
Tue, 11 Oct 1977 12:34:56 GMT
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma
no-cache
server
AC1.1
5919bb7250f42d43
pixel.sitescout.com/iap/
0
191 B
Image
General
Full URL
https://pixel.sitescout.com/iap/5919bb7250f42d43
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:13 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
up
insight.adsrvr.org/track/ Frame 3540
0
181 B
Document
General
Full URL
https://insight.adsrvr.org/track/up?adv=a6t02yu&ref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&upid=xvch1ck&upv=1.1.0
Requested by
Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-type
text/html
date
Thu, 11 Aug 2022 15:06:13 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
sync
x.bidswitch.net/ Frame 5170
43 B
220 B
Image
General
Full URL
https://x.bidswitch.net/sync?dsp_id=46&user_id=k-wUPa-pXgKNLDGq6H7jDhoqciwg3e1yx8E3VKHg&expires=30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.105.16 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-105-16.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:13 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 5170
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-x80napXgKNLDGq6H7jDhoqciwg07t9lW-XZR0g&google_cm&google_hm=ay14ODBuYXBYZ0tOTERHcTZIN2pEaG9xY2l3ZzA3dDlsV...
  • https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-x80napXgKNLDGq6H7jDhoqciwg07t9lW-XZR0g&google_gid=CAESEMnWQSzRlRHaLe9Pf-TnZ-Y&google_cver=1&google_ula=913071,0
43 B
371 B
Image
General
Full URL
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-x80napXgKNLDGq6H7jDhoqciwg07t9lW-XZR0g&google_gid=CAESEMnWQSzRlRHaLe9Pf-TnZ-Y&google_cver=1&google_ula=913071,0
Protocol
H2
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:12 GMT
content-type
image/gif
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1163967
timing-allow-origin
*
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:13 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-x80napXgKNLDGq6H7jDhoqciwg07t9lW-XZR0g&google_gid=CAESEMnWQSzRlRHaLe9Pf-TnZ-Y&google_cver=1&google_ula=913071,0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
398
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 5170
Redirect Chain
  • https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7703064413273786036
43 B
370 B
Image
General
Full URL
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7703064413273786036
Protocol
H2
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:12 GMT
content-type
image/gif
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1937885
timing-allow-origin
*
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:13 GMT
X-Proxy-Origin
80.255.7.100; 80.255.7.100; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
45e7b2c2-7a5b-47bc-8b4b-63a2eb3ee26b
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7703064413273786036
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
1by1.png
cotads.adscale.de/ads/pixel/ Frame 5170
Redirect Chain
  • https://ih.adscale.de/adscale-ih/tpui?tpid=40&tpuid=k-A78jI5XgKNLDGq6H7jDhoqciwg1zn_6Usl0HWQ&cburl=https%3A%2F%2Fcotads.adscale.de%2Fads%2Fpixel%2F1by1.png%3Fuid%3D__ADSCALE_USER_ID__
  • https://ih.adscale.de/adscale-ih/tpui?tpid=40&tpuid=k-A78jI5XgKNLDGq6H7jDhoqciwg1zn_6Usl0HWQ&cburl=https%3A%2F%2Fcotads.adscale.de%2Fads%2Fpixel%2F1by1.png%3Fuid%3D__ADSCALE_USER_ID__&nut&uu=8aee10...
  • https://cotads.adscale.de/ads/pixel/1by1.png?uid=b7045c50fa6f50b4b2f2ea7d7ad0e7921875c9f5e49b4d3888ba2d1754e72813
321 B
720 B
Image
General
Full URL
https://cotads.adscale.de/ads/pixel/1by1.png?uid=b7045c50fa6f50b4b2f2ea7d7ad0e7921875c9f5e49b4d3888ba2d1754e72813
Protocol
H2
Server
2600:9000:2057:d400:1b:832b:ac00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
678743e83d255d34a3476fa3eed80d55d212874f0fe98285a54fbf293f8b73ee

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
L15pFHSGGE_bHbLCyc84fBPpy1DC4jsd
via
1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
last-modified
Tue, 08 Sep 2020 23:05:25 GMT
server
AmazonS3
age
539658
etag
"c1ab48a971e5c1a7eae346346487762d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604800
date
Fri, 05 Aug 2022 09:11:56 GMT
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
content-length
321
x-amz-cf-id
YVSRtiRtQMWKHPSEQRiBxYLY-I6AYhXFZ_XD8brVUIMo6nwIfPA8xg==

Redirect headers

location
https://cotads.adscale.de/ads/pixel/1by1.png?uid=b7045c50fa6f50b4b2f2ea7d7ad0e7921875c9f5e49b4d3888ba2d1754e72813
date
Thu, 11 Aug 2022 15:06:13 GMT
content-length
0
p3p
CP=NOI PSA OUR
rum
r.casalemedia.com/ Frame 5170
43 B
944 B
Image
General
Full URL
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-0xegCZXgKNLDGq6H7jDhoqciwg0dQkobtNxVwA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray
7391dfba38ae8fe6-FRA
pragma
no-cache
date
Thu, 11 Aug 2022 15:06:13 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4QFbwcpCQISg67QLluA36zUQpdCCU3Kkc8VpeUl15I%2BtxzMbu%2F0XMARY5WMzst%2FvBfSvyVlN7pSdXD2EgTOsQ7TkkxcAu6qnwuqch9XL1PkJ%2Bl%2F9AbhHLPJLrV3tSB6F%2FMYr"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0
match
ad.360yield.com/ul_cb/ Frame 5170
Redirect Chain
  • https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-hGsPM5XgKNLDGq6H7jDhoqciwg01S7hua5zdrg
  • https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-hGsPM5XgKNLDGq6H7jDhoqciwg01S7hua5zdrg
43 B
445 B
Image
General
Full URL
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-hGsPM5XgKNLDGq6H7jDhoqciwg01S7hua5zdrg
Protocol
H2
Server
99.81.70.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-81-70-153.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 11 Aug 2022 15:06:13 GMT
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-hGsPM5XgKNLDGq6H7jDhoqciwg01S7hua5zdrg
date
Thu, 11 Aug 2022 15:06:13 GMT
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cksync.php
contextual.media.net/ Frame 5170
45 B
785 B
Image
General
Full URL
https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-ajqSHZXgKNLDGq6H7jDhoqciwg1akyT5DB7m9A
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-93.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
server
Apache
date
Thu, 11 Aug 2022 15:06:13 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Thu, 11 Aug 2022 15:06:13 GMT
push
exchange.mediavine.com/usersync/ Frame 5170
40 B
40 B
Image
General
Full URL
https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-iRejT5XgKNLDGq6H7jDhoqciwg133UHmWLGYvQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.134.94 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-134-94.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
cache-control
private, no-cache
access-control-allow-credentials
true
content-encoding
gzip
vary
Origin, Accept-Encoding
content-type
text/html; charset=utf-8
cookie-sync
sync.outbrain.com/ Frame 5170
0
145 B
Image
General
Full URL
https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-f1OumJXgKNLDGq6H7jDhoqciwg1RQ9BYxQgi0g
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.31 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:13 GMT
Cache-Control
no-cache
X-TraceId
7a38399cc23f4fcd360f36333d3e5c3f
Content-Length
0
Pug
simage2.pubmatic.com/AdServer/ Frame 5170
0
225 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-Bf9jm5XgKNLDGq6H7jDhoqciwg2LiHnhzp34SQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8
tap.php
pixel.rubiconproject.com/ Frame 5170
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-PTuqF5XgKNLDGq6H7jDhoqciwg22kxB529hjVQ&expires=30
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
6f9fd0201ed801884e5299d5aabca094
Content-Type
image/gif
v1
match.sharethrough.com/sync/ Frame 5170
0
35 B
Image
General
Full URL
https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-lbKwVZXgKNLDGq6H7jDhoqciwg2TmFLM0AcBHg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.158.53.117 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-158-53-117.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
/
rtb-csync.smartadserver.com/redir/ Frame 5170
43 B
163 B
Image
General
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-KP2mLpXgKNLDGq6H7jDhoqciwg1LY3YEiDDE3g
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.89 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:12 GMT
transfer-encoding
chunked
content-type
image/gif
/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 5170
0
98 B
Image
General
Full URL
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-65OzdJXgKNLDGq6H7jDhoqciwg2p3V4UhP2YHg
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
43039
um
criteo-sync.teads.tv/ Frame 5170
23 B
172 B
Image
General
Full URL
https://criteo-sync.teads.tv/um?eid=80&uid=k-XTHHYZXgKNLDGq6H7jDhoqciwg2xdgtGY-WGKQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-242-245.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.8 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:13 GMT
cache-control
max-age=0, no-cache, no-store
expires
Thu, 11 Aug 2022 15:06:13 GMT
server
akka-http/10.2.8
content-length
23
content-type
image/gif
xuid
eb2.3lift.com/ Frame 5170
37 B
140 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=2711&xuid=k-9ytEfZXgKNLDGq6H7jDhoqciwg0Vy0lPuW-LSg&dongle=013b
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
sync
ups.analytics.yahoo.com/ups/58301/ Frame 5170
0
321 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-o__d_JXgKNLDGq6H7jDhoqciwg39oMOlJc2AWg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.46 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
server
ATS/9.1.0.46
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
m
ad.yieldlab.net/ Frame 5170
0
522 B
Image
General
Full URL
https://ad.yieldlab.net/m?dm_id=8666&ext_id=k-aF83z5XgKNLDGq6H7jDhoqciwg3x8053FVGbRA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
96.16.132.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-132-239.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:13 GMT
x-content-type-options
nosniff
x-frame-options
DENY
Cache-Control
no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection
keep-alive
x-xss-protection
1; mode=block
x-application-context
application
Expires
Wed, 10 Aug 2022 15:06:13 GMT
pixel
cm.adform.net/ Frame 5170
43 B
163 B
Image
General
Full URL
https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-1xJ3tJXgKNLDGq6H7jDhoqciwg1OLjlBQ5CF5w
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.41 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
last-modified
Wed, 20 Jul 2016 08:04:05 GMT
server
nginx
accept-ranges
bytes
etag
"578f3075-2b"
content-length
43
content-type
image/gif
sync
visitor.omnitagjs.com/visitor/ Frame 5170
49 B
235 B
Image
General
Full URL
https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-8eZJYpXgKNLDGq6H7jDhoqciwg2-knnshDO3_A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.255.84.153 Ivry-sur-Seine, France, ASN200271 (IGUANE-, FR),
Reverse DNS
Software
ayl-lb-fra02 /
Resource Hash
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:13 GMT
x-content-type-options
nosniff
server
ayl-lb-fra02
vary
Accept-Encoding
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
content-length
49
expires
0
ibs:dpid=28645&dpuuid=BGxPLCpUyp0sjwlLqBqVOOMJq9qGJeZh
dpm.demdex.net/ Frame 5170
Redirect Chain
  • https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
  • https://dpm.demdex.net/ibs:dpid=28645&dpuuid=BGxPLCpUyp0sjwlLqBqVOOMJq9qGJeZh
42 B
942 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=BGxPLCpUyp0sjwlLqBqVOOMJq9qGJeZh
Protocol
HTTP/1.1
Server
34.241.142.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-142-170.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v038-053ca907f.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
yniYZQbnQgU=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=BGxPLCpUyp0sjwlLqBqVOOMJq9qGJeZh
date
Thu, 11 Aug 2022 15:06:12 GMT
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
2817
content-length
198
strict-transport-security
max-age=31536000; preload;
content-type
text/html; charset=utf-8
9.gif
id5-sync.com/s/966/ Frame 5170
43 B
1 KB
Image
General
Full URL
https://id5-sync.com/s/966/9.gif?puid=k-wmWi9ZXgKNLDGq6H7jDhoqciwg11-l2UJyeT4Q
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.67 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216533.ip-141-95-98.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
transfer-encoding
chunked
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/gif;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p
CP="CAO PSA OUR"
28292
i6.liadm.com/s/ Frame 5170
Redirect Chain
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8fBRfJXgKNLDGq6H7jDhoqciwg34OnWk-BPcFw
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8fBRfJXgKNLDGq6H7jDhoqciwg34OnWk-BPcFw&_li_chk=true&previous_uuid=b0b391aa2ed74ef6870ee291a75cc459
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8fBRfJXgKNLDGq6H7jDhoqciwg34OnWk-BPcFw
43 B
419 B
Image
General
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8fBRfJXgKNLDGq6H7jDhoqciwg34OnWk-BPcFw
Protocol
HTTP/1.1
Server
2600:1f18:444a:4602:c0f3:1f8e:adeb:9564 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:14 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-8fBRfJXgKNLDGq6H7jDhoqciwg34OnWk-BPcFw
Date
Thu, 11 Aug 2022 15:06:14 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
sync
ad.sxp.smartclip.net/ Frame 5170
Redirect Chain
  • https://ad.sxp.smartclip.net/sync?type=host&dsp=69&dspuuid=k-90FeCpXgKNLDGq6H7jDhoqciwg3J2_PAmAo7vQ
  • https://ad.sxp.smartclip.net/sync?type=host&dsp=69&dspuuid=k-90FeCpXgKNLDGq6H7jDhoqciwg3J2_PAmAo7vQ&ang_testid=1
42 B
60 B
Image
General
Full URL
https://ad.sxp.smartclip.net/sync?type=host&dsp=69&dspuuid=k-90FeCpXgKNLDGq6H7jDhoqciwg3J2_PAmAo7vQ&ang_testid=1
Protocol
H3
Server
35.186.194.101 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
101.194.186.35.bc.googleusercontent.com
Software
openresty/1.19.9.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
via
1.1 google
server
openresty/1.19.9.1
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

date
Thu, 11 Aug 2022 15:06:13 GMT
via
1.1 google
server
openresty/1.19.9.1
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ad.sxp.smartclip.net/sync?type=host&dsp=69&dspuuid=k-90FeCpXgKNLDGq6H7jDhoqciwg3J2_PAmAo7vQ&ang_testid=1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sync
criteo-partners.tremorhub.com/ Frame 5170
43 B
182 B
Image
General
Full URL
https://criteo-partners.tremorhub.com/sync?UICR=k-vw8uC5XgKNLDGq6H7jDhoqciwg3i5LyVCIT_XQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:612b:4264:f887:8ace:4fd:1ad4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
server
Apache-Coyote/1.1
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type
image/gif
getusermatch.php
a.twiago.com/rtb/ Frame 5170
43 B
153 B
Image
General
Full URL
https://a.twiago.com/rtb/getusermatch.php?dataid=6&external_user_id=k-wWNBfZXgKNLDGq6H7jDhoqciwg094ry4MG7UHg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.215.5.31 , Germany, ASN6786 (CRONON-BERLIN-AS, DE),
Reverse DNS
Software
Apache / PHP/7.3.30
Resource Hash
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 11 Aug 2022 15:06:13 GMT
server
Apache
x-powered-by
PHP/7.3.30
content-length
43
content-type
image/gif
8c1f3064-f91b-4361-a834-ff140367eafb
https://support.savethechildren.org/
15 KB
0
Other
General
Full URL
blob:https://support.savethechildren.org/8c1f3064-f91b-4361-a834-ff140367eafb
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a899d637d49e28f84b577793f5c111c57fc2e631ddeacb567261b7bc6f96b58b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Length
15521
Content-Type
application/javascript
57a9f149-52e6-4f13-b949-1a76fc88a621
https://support.savethechildren.org/
15 KB
0
Other
General
Full URL
blob:https://support.savethechildren.org/57a9f149-52e6-4f13-b949-1a76fc88a621
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a899d637d49e28f84b577793f5c111c57fc2e631ddeacb567261b7bc6f96b58b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Length
15521
Content-Type
application/javascript
adsct
t.co/i/
43 B
338 B
Image
General
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=f327261f-5cdf-4543-aef8-f2be99721694&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=9944fb9d-5e84-48a4-9014-ef8430c94f1d&tw_document_href=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nvjd8&type=javascript&version=2.4.15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-response-time
162
date
Thu, 11 Aug 2022 15:06:13 GMT
server
tsa_o
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
092f3e2f4e3982e3b96f64364613c05a23e32f8817608eebdb8c86f07f9746b6
content-length
43
adsct
analytics.twitter.com/i/
43 B
355 B
Image
General
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=f327261f-5cdf-4543-aef8-f2be99721694&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=9944fb9d-5e84-48a4-9014-ef8430c94f1d&tw_document_href=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nvjd8&type=javascript&version=2.4.15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-response-time
103
date
Thu, 11 Aug 2022 15:06:13 GMT
server
tsa_o
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
06a5032ee968ea280eec471232623886d720ce577754332a11bf5e450e9b8bff
content-length
43
cachedClickId
tr.outbrain.com/
35 B
239 B
Script
General
Full URL
https://tr.outbrain.com/cachedClickId?marketerId=00569da938e06cb48f6f60ece5ae3d324c
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.31 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:14 GMT
content-encoding
gzip
X-TraceId
8bcaaa1cfad5766bafced8d4d6923438
Content-Length
56
Content-Type
application/javascript
unifiedPixel
tr.outbrain.com/
43 B
256 B
Image
General
Full URL
https://tr.outbrain.com/unifiedPixel?marketerId=00569da938e06cb48f6f60ece5ae3d324c&obApiVersion=1.1&obtpVersion=1.8.2&name=PAGE_VIEW&dl=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022&optOut=false&bust=06556355500876012&referrer=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.31 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date
Thu, 11 Aug 2022 15:06:14 GMT
Cache-Control
no-cache
X-TraceId
4b0e605448c8e4ee18d2ab305d321d76
content-encoding
gzip
Content-Length
60
Content-Type
image/gif;
usermatch.gif
beacon.krxd.net/ Frame 5170
Redirect Chain
  • https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
  • https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=kD97IbO0q2KsYh9bagylN0L0Lx3j66xl
0
337 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=kD97IbO0q2KsYh9bagylN0L0Lx3j66xl
Protocol
H2
Server
52.18.211.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-211-80.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
cache-control
private, no-cache, no-store
x-request-time
D=35 t=1660230379
x-served-by
beacon-n006-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=kD97IbO0q2KsYh9bagylN0L0Lx3j66xl
date
Thu, 11 Aug 2022 15:06:12 GMT
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
2792
content-length
218
strict-transport-security
max-age=31536000; preload;
content-type
text/html; charset=utf-8
serverComponent.php
nexus.ensighten.com/choozle/10170/
533 B
837 B
Script
General
Full URL
https://nexus.ensighten.com/choozle/10170/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/choozle/10170/code/&publishedOn=Mon%20Jun%2013%2014:49:02%20GMT%202022&ClientID=923&PageID=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/10170/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-24.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
d4685f7b71e8393bd0572c469c755a9dce70b52090352f52e2e784fd95821198

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-C1
x-cache
Miss from cloudfront
content-type
text/javascript
cache-control
no-cache, no-store
content-length
533
x-amz-cf-id
sj2v0Fl9QZYnjUU69Xjm3odoYKPSoNNmkPqjn_WZBst8SojYBFWAzQ==
expires
Thu, 11 Aug 2022 15:06:12 GMT
id
smetrics.savethechildren.org/
87 B
289 B
Script
General
Full URL
https://smetrics.savethechildren.org/id?callback=_airpr_ns.om_cookie
Requested by
Host: px.airpr.com
URL: https://px.airpr.com/airpr.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-176-210.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
1c2b8a03df4a4eea5e4ccd7c81f9a82206c67cac86ad50cf88bae793da7f4f7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-69c8d8cc76-tjqk6
vary
Origin
x-c
main-1661.I2f39db.M0-585
p3p
CP="This is not a P3P policy"
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
content-length
87
x-xss-protection
1; mode=block
dc_pre=CNjJmI2Iv_kCFSxIHgIdt0gJrg;src=4853738;type=dfp;cat=donat0;ord=6302841212190;gtm=2wg880;auiddc=*;~oref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%...
adservice.google.com/ddm/fls/z/ Frame 5F62
42 B
63 B
Image
General
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CNjJmI2Iv_kCFSxIHgIdt0gJrg;src=4853738;type=dfp;cat=donat0;ord=6302841212190;gtm=2wg880;auiddc=*;~oref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022
Requested by
Host: 4853738.fls.doubleclick.net
URL: https://4853738.fls.doubleclick.net/activityi;dc_pre=CNjJmI2Iv_kCFSxIHgIdt0gJrg;src=4853738;type=dfp;cat=donat0;ord=6302841212190;gtm=2wg880;auiddc=1491197135.1660230370;~oref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4853738.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:13 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
iframe
d1eoo1tco6rr5e.cloudfront.net/azud70w/dsx8icm/ Frame 6230
Redirect Chain
  • https://insight.adsrvr.org/tags/azud70w/dsx8icm/iframe
  • https://d1eoo1tco6rr5e.cloudfront.net/azud70w/dsx8icm/iframe
138 B
668 B
Document
General
Full URL
https://d1eoo1tco6rr5e.cloudfront.net/azud70w/dsx8icm/iframe
Requested by
Host: 4853738.fls.doubleclick.net
URL: https://4853738.fls.doubleclick.net/activityi;dc_pre=CNjJmI2Iv_kCFSxIHgIdt0gJrg;src=4853738;type=dfp;cat=donat0;ord=6302841212190;gtm=2wg880;auiddc=1491197135.1660230370;~oref=https%3A%2F%2Fsupport.savethechildren.org%2Fsite%2FDonation2%3Fdf_id%3D6827%26mfc_pref%3DT%266827.donation%3Dform1%26smtrctid%3DAAyoE7%26cid%3DEmail%3A%3AEmer_Kentucky_Flood%3ANew_Leads%3A081022?
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-113.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
34b6561b0dc821aebf895b623ba64d09d00a153c22610f0f71f67ecc3d9e6769

Request headers

Referer
https://4853738.fls.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Age
34746
Cache-Control
max-age=86400
Connection
keep-alive
Content-Length
138
Content-Type
text/html
Date
Thu, 11 Aug 2022 05:27:08 GMT
ETag
"f93df8b2ff069891dcc9a5c0ff142bde"
Last-Modified
Fri, 01 Oct 2021 23:57:00 GMT
Server
AmazonS3
Via
1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
X-Amz-Cf-Id
h1OWR5HBodae7p2pGyLkXIeG45EATfwCqHCcPn4q5_n8HiF7flzIJg==
X-Amz-Cf-Pop
FRA53-C1
X-Cache
Hit from cloudfront
x-amz-server-side-encryption
AES256

Redirect headers

content-length
183
content-type
text/html; charset=UTF-8
date
Thu, 11 Aug 2022 15:06:13 GMT
location
https://d1eoo1tco6rr5e.cloudfront.net/azud70w/dsx8icm/iframe
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
anpx
dpx.airpr.com/
Redirect Chain
  • https://dpx.airpr.com/px?hostname=support.savethechildren.org&profile=405343&ga_account_id=UA-85748307-2&ga_account_type=UA&ga_c=1304497899.1660230370&om_account_type=OM&om_c=317A8D72A2CBA97E-40000...
  • https://secure.adnxs.com/getuid?https://dpx.airpr.com/anpx?adnxs_uid=$UID&airpr_id=4872759755
  • https://dpx.airpr.com/anpx?adnxs_uid=7703064413273786036&airpr_id=4872759755
0
63 B
Image
General
Full URL
https://dpx.airpr.com/anpx?adnxs_uid=7703064413273786036&airpr_id=4872759755
Protocol
H2
Server
3.127.167.79 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-167-79.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:14 GMT
cache-control
private
server
nginx

Redirect headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:14 GMT
X-Proxy-Origin
80.255.7.100; 80.255.7.100; 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
e244f4e9-ea77-4c0d-aa41-00a9551a0c91
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dpx.airpr.com/anpx?adnxs_uid=7703064413273786036&airpr_id=4872759755
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
07285131fb793c9edbc1a300e9502bf5.js
nexus.ensighten.com/choozle/10170/code/
2 KB
1011 B
Script
General
Full URL
https://nexus.ensighten.com/choozle/10170/code/07285131fb793c9edbc1a300e9502bf5.js?conditionId0=4927691&conditionId1=4871227&conditionId2=4872711
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/10170/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-24.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3f65c3dcc1c537bf31a736d0d32b468580d8a3f3ee96f93e3befcb0a871a9a28

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 22 Jul 2022 04:10:31 GMT
content-encoding
br
age
1767343
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 13 Jun 2022 14:49:13 GMT
server
AmazonS3
etag
W/"c6e0d9cd7e124dd83def90c29c5a679e"
vary
Accept-Encoding
x-amz-version-id
yWQcOchPsepRFc6ofkFJ9kbwERYN9jZj
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
FRA56-C1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
pJX11c0WHRdXWV93ePWd0-mMBIr9yuP5YphlVSZnBHU0HNkotDNRsg==
6fa385984d6889f764a1c93297b6aa5b.js
nexus.ensighten.com/choozle/10170/code/
670 B
1 KB
Script
General
Full URL
https://nexus.ensighten.com/choozle/10170/code/6fa385984d6889f764a1c93297b6aa5b.js?conditionId0=4872641
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/10170/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-24.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ace295496b301814db400fa3ab2ee42f6403bc12b4f57f6a09a467edc07462d6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 22 Jul 2022 22:57:54 GMT
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
age
1699700
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
670
last-modified
Thu, 12 Aug 2021 12:21:01 GMT
server
AmazonS3
etag
"f6af68e7de160d101dfee1c9cef30a1a"
x-amz-version-id
hisBbi7Lm.C1c3NM9TR2suc8fDWQkkk9
cache-control
max-age=315360000
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-amz-cf-id
DIHmB4_-g6RofxgPOVdAulrRPyjZ3Bkc00Al-xNY9IqHgSPOligcsg==
0954ce0040a8fc5aeab3289dc26bb80c.js
nexus.ensighten.com/choozle/10170/code/
2 KB
842 B
Script
General
Full URL
https://nexus.ensighten.com/choozle/10170/code/0954ce0040a8fc5aeab3289dc26bb80c.js?conditionId0=421905
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/10170/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-24.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
37b5bcadb5d884158218785c2647fb6945d73906315d5abe754232158748259e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Fri, 22 Jul 2022 04:10:31 GMT
content-encoding
br
age
1767343
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 13 Jun 2022 14:49:13 GMT
server
AmazonS3
etag
W/"c4e2839424f981629cf0fe2178ff9ef7"
vary
Accept-Encoding
x-amz-version-id
jmpzjXQT9NQsQ8wKHWAp4CLwVbc46grs
via
1.1 c359abeab0060e721cfaac65ce34b1cc.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
FRA56-C1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
qiVp97ep2zYWnWXgKvPvI5j8GtQlc1S5_NoIXIUEo9VmzxVMVeLMiw==
iui3
s.amazon-adsystem.com/
43 B
932 B
Image
General
Full URL
https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3D35707a8f-2b39-c482-69de-13a5cbb7cbf2%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.savethechildren.org/&ex-hargs=v%3D1.0%3Bc%3D585550389931295878%3Bp%3D35707A8F-2B39-C482-69DE-13A5CBB7CBF2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.savethechildren.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:13 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
WCYQ8KMRJ7K7S57KRJWX
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
397596.gif
idsync.rlcdn.com/ Frame 5170
Redirect Chain
  • https://gum.criteo.com/sync?c=6&r=1&k=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40
  • https://idsync.rlcdn.com/397596.gif?partner_uid=hB4Y5VRbofNpntxBGIy53L4kclyChbwH
0
98 B
Image
General
Full URL
https://idsync.rlcdn.com/397596.gif?partner_uid=hB4Y5VRbofNpntxBGIy53L4kclyChbwH
Protocol
H2
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:06:13 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0

Redirect headers

location
https://idsync.rlcdn.com/397596.gif?partner_uid=hB4Y5VRbofNpntxBGIy53L4kclyChbwH
date
Thu, 11 Aug 2022 15:06:13 GMT
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
2812
content-length
197
strict-transport-security
max-age=31536000; preload;
content-type
text/html; charset=utf-8
/
insight.adsrvr.org/track/pxl/ Frame 6230
70 B
260 B
Image
General
Full URL
https://insight.adsrvr.org/track/pxl/?adv=azud70w&ct=0:dsx8icm&fmt=3
Requested by
Host: d1eoo1tco6rr5e.cloudfront.net
URL: https://d1eoo1tco6rr5e.cloudfront.net/azud70w/dsx8icm/iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d1eoo1tco6rr5e.cloudfront.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:13 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
m
ad.yieldlab.net/ Frame 5170
0
522 B
Image
General
Full URL
https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-aF83z5XgKNLDGq6H7jDhoqciwg3x8053FVGbRA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
96.16.132.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-132-239.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 11 Aug 2022 15:06:13 GMT
x-content-type-options
nosniff
x-frame-options
DENY
Cache-Control
no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection
keep-alive
x-xss-protection
1; mode=block
x-application-context
application
Expires
Wed, 10 Aug 2022 15:06:13 GMT
cs
s.thebrighttag.com/ Frame 5170
Redirect Chain
  • https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
  • https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=qsKdKRw7PLv_g1ueMviYTI49x4alr_4q
35 B
268 B
Image
General
Full URL
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=qsKdKRw7PLv_g1ueMviYTI49x4alr_4q
Protocol
H2
Server
18.118.75.167 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-118-75-167.us-east-2.compute.amazonaws.com
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
x-bt-requestid
2484dd80-1987-11ed-ab05-0000ac17004d
server
nginx
date
Thu, 11 Aug 2022 15:06:14 GMT
p3p
CP=NOI DSP COR NID
access-control-allow-origin
cache-control
private, must-revalidate
content-type
image/gif
content-length
35
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=qsKdKRw7PLv_g1ueMviYTI49x4alr_4q
date
Thu, 11 Aug 2022 15:06:13 GMT
cache-control
private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
2653
content-length
203
strict-transport-security
max-age=31536000; preload;
content-type
text/html; charset=utf-8
iframe
d1eoo1tco6rr5e.cloudfront.net/f35s4e0/45k2r2v/ Frame 77C1
Redirect Chain
  • https://insight.adsrvr.org/tags/f35s4e0/45k2r2v/iframe
  • https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/45k2r2v/iframe
138 B
668 B
Document
General
Full URL
https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/45k2r2v/iframe
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/10170/code/6fa385984d6889f764a1c93297b6aa5b.js?conditionId0=4872641
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-113.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
67869f72a4e69347a58428a26deacf581ff95e6e4266e3a2916d0e4449e787b4

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Age
34280
Cache-Control
max-age=86400
Connection
keep-alive
Content-Length
138
Content-Type
text/html
Date
Thu, 11 Aug 2022 05:34:55 GMT
ETag
"8aeb0d72efbabf5e0ad88b4ae7c40e54"
Last-Modified
Sat, 02 Oct 2021 00:02:02 GMT
Server
AmazonS3
Via
1.1 a75b67932d84d80b40e12159613deb16.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Z_bPu3vX-2joNW2T-h2t6tfV9Au2SqDS-U1eADyIwL-UVi1ONDs9cw==
X-Amz-Cf-Pop
FRA53-C1
X-Cache
Hit from cloudfront
x-amz-server-side-encryption
AES256

Redirect headers

content-length
183
content-type
text/html; charset=UTF-8
date
Thu, 11 Aug 2022 15:06:13 GMT
location
https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/45k2r2v/iframe
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
iframe
d1eoo1tco6rr5e.cloudfront.net/f35s4e0/qa0mevt/ Frame E535
Redirect Chain
  • https://insight.adsrvr.org/tags/f35s4e0/qa0mevt/iframe
  • https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/qa0mevt/iframe
138 B
668 B
Document
General
Full URL
https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/qa0mevt/iframe
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/10170/code/07285131fb793c9edbc1a300e9502bf5.js?conditionId0=4927691&conditionId1=4871227&conditionId2=4872711
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-113.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9479c1288cf240cf605993ef0fcda98d749b6b7fb8e4ee584be29ed1856aca3

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Age
64284
Cache-Control
max-age=86400
Connection
keep-alive
Content-Length
138
Content-Type
text/html
Date
Wed, 10 Aug 2022 21:14:51 GMT
ETag
"d6f3ec45e4993f46db4a53dc1f01b599"
Last-Modified
Sat, 02 Oct 2021 00:02:02 GMT
Server
AmazonS3
Via
1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
X-Amz-Cf-Id
MMOxTgbtVBv28Q55RjQGn66rwdMWZn7wh0vPrlSLgQtkuZFXUu7rlg==
X-Amz-Cf-Pop
FRA53-C1
X-Cache
Hit from cloudfront
x-amz-server-side-encryption
AES256

Redirect headers

content-length
183
content-type
text/html; charset=UTF-8
date
Thu, 11 Aug 2022 15:06:13 GMT
location
https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/qa0mevt/iframe
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
iframe
d1eoo1tco6rr5e.cloudfront.net/f35s4e0/n4od8ve/ Frame A5BB
Redirect Chain
  • https://insight.adsrvr.org/tags/f35s4e0/n4od8ve/iframe
  • https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/n4od8ve/iframe
132 B
662 B
Document
General
Full URL
https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/n4od8ve/iframe
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/10170/code/07285131fb793c9edbc1a300e9502bf5.js?conditionId0=4927691&conditionId1=4871227&conditionId2=4872711
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.205.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-205-113.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
50bb9c8f4af577f3289f597f2441f177967721b438fd1737b937ef69f4a58062

Request headers

Referer
https://support.savethechildren.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Age
47661
Cache-Control
max-age=86400
Connection
keep-alive
Content-Length
132
Content-Type
text/html
Date
Thu, 11 Aug 2022 01:51:54 GMT
ETag
"bc0416914b6a26dae5dfd258e572b291"
Last-Modified
Sat, 02 Oct 2021 00:02:02 GMT
Server
AmazonS3
Via
1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
X-Amz-Cf-Id
HjdMoaspB93Fg5I2m89Taq9JwoHVDgIrtsvdaSvBPmTLzrQa_Icppg==
X-Amz-Cf-Pop
FRA53-C1
X-Cache
Hit from cloudfront
x-amz-server-side-encryption
AES256

Redirect headers

content-length
183
content-type
text/html; charset=UTF-8
date
Thu, 11 Aug 2022 15:06:13 GMT
location
https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/n4od8ve/iframe
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
/
insight.adsrvr.org/track/pxl/ Frame E535
70 B
260 B
Image
General
Full URL
https://insight.adsrvr.org/track/pxl/?adv=f35s4e0&ct=0:qa0mevt&fmt=3
Requested by
Host: d1eoo1tco6rr5e.cloudfront.net
URL: https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/qa0mevt/iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d1eoo1tco6rr5e.cloudfront.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:14 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
/
insight.adsrvr.org/track/pxl/ Frame A5BB
70 B
260 B
Image
General
Full URL
https://insight.adsrvr.org/track/pxl/?adv=f35s4e0&ct=0:n4od8ve&fmt=3
Requested by
Host: d1eoo1tco6rr5e.cloudfront.net
URL: https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/n4od8ve/iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d1eoo1tco6rr5e.cloudfront.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:14 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
/
insight.adsrvr.org/track/pxl/ Frame 77C1
70 B
260 B
Image
General
Full URL
https://insight.adsrvr.org/track/pxl/?adv=f35s4e0&ct=0:45k2r2v&fmt=3
Requested by
Host: d1eoo1tco6rr5e.cloudfront.net
URL: https://d1eoo1tco6rr5e.cloudfront.net/f35s4e0/45k2r2v/iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d1eoo1tco6rr5e.cloudfront.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Aug 2022 15:06:14 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
collect
n.clarity.ms/
0
48 B
XHR
General
Full URL
https://n.clarity.ms/collect
Requested by
Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/6.19.2/bundle.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://support.savethechildren.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin
https://support.savethechildren.org
date
Thu, 11 Aug 2022 15:06:13 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
px.surveywall-api.survata.com
URL
https://px.surveywall-api.survata.com/z?l=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsurvata.com%26id%3D

Verdicts & Comments Add Verdict or Comment

577 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| YUI function| getModules object| Y function| emptyFunction function| toFunction function| remapConsoleFunctions object| Utils object| UtilsConstants function| addOnLoadHandler function| getObj function| MM_swapImgRestore function| MM_preloadImages function| MM_findObj function| MM_swapImage function| MM_openBrWindow function| appendToUrl function| addHiddenInput function| CurrencyContext object| utils_currencyContext function| setCurrencyContext function| parseCurrency function| formatCurrency function| getCurrencyScalingFactor string| utils_digits function| parseIntStrict function| getSelOptionObject function| getOptionSelection function| addOptionToSelect function| deselectOption function| changeLinksToStayInPopup function| link_submit_redirect function| findContainingLink function| DlgMgr object| DialogManager function| openModelessDialog function| reloadWindow function| isNS function| isIE function| closeWin function| set_display function| disable_edit function| removeChildren function| getElementText function| setElementText function| set_visible function| show_block_element function| show_element function| hide_element function| parse_boolean function| disable_element function| reset_element function| get_input_default_value function| get_input_value function| get_option_value function| is_text_field function| set_input_value function| get_which_radio function| subclass function| getAncestor function| getAncestorByClass function| findAllOfClass function| isOfClass function| filterByClass function| cv_show_help function| cv_new_win_from_link function| cv_new_win function| cv_win_focus function| cv_should_handle function| cv_popup_from_link_handler function| cv_new_win_from_link_handler function| cv_new_win_handler function| cv_help_link_handler function| enable_help_links function| cv_show_preview function| cv_preview_link_handler function| cv_launch_window_on_load function| enable_preview_links function| URLEncode function| URLEncodeParamValue function| decToHex function| reversal function| isUrlOK function| SetChecked function| limitArea number| WCAGState function| keepAlive function| forceKeepAlive function| formatTime undefined| keepAliveDialog undefined| keepAliveTimer function| initKeepAliveDialog function| showTimingOutDialog function| showTimedOutDialog function| showKeepAliveDialog function| keepAlivePoll function| keepAlive2 function| forceKeepAlive2 boolean| _submitOnce function| submitOnce function| submitEnter function| copy_to_clip function| choiceSelected function| ds_merge_field function| ds_merge_direct_field function| ds_merge_date_field function| MergeCompositeObserver function| trim function| isArray function| showLightbox function| hideLightbox function| resizeBgDiv function| preEnhance function| postEnhance function| toTitleCase function| enhanceDomToPostLatin1EncodedData function| CList function| CCallWrapper function| CSimpleObservable object| oc_components function| ObservableComponent function| ObservableRadioComponent function| ObservableGridComponent function| get_observable_component function| fire_obs_comp_event function| observe_component function| filter_values_equal function| ComponentEnabler function| ComponentDisabler function| ComponentDisplayer function| ObservableComponentEvent string| FC_ROW_CLASS string| FC_INPUT_CLASS string| FC_EDIT_BUTTON_CLASS string| FC_MSG_ROW_CLASS string| FC_MESSAGE_ICON_CLASS string| FC_ERROR_TEXT_CLASS string| FC_INFO_TEXT_CLASS string| FC_WARN_TEXT_CLASS string| FC_REQUIRED_CLASS string| FC_LABEL_TEXT_CLASS object| fc_globalMessages undefined| fc_edit_component_fn function| FormComponent function| fc_setEditComponentFn function| FCGlobalMessages function| fc_setGlobalMessages function| fc_registerComponent function| fc_hideChildren function| fc_setMessageDisplay function| fc_editComponent function| fc_showInformational function| fc_handle_enter_key function| fc_button_purpose function| fc_showInfosRequired function| showCheckboxInfosRequired function| fc_showInfosNotRequired function| fc_getFormRow function| fc_getPeerByClass function| fc_getChildByClass function| fc_getElementText function| fc_getAbsolutePosition function| fc_getFieldLabel function| fc_getFieldInfoText function| fc_showIcon function| fc_makeInfoMsgImg function| fc_makeWarningMsgImg function| fc_makeSpacerImg function| fc_initMsgContainers function| fc_getOrMakeChildDiv function| fc_getInfoMsgContainer function| fc_getInfoImgContainer function| fc_getWarnMsgContainer function| fc_getWarnImgContainer function| fc_getErrorMsgContainer function| fc_getErrorImgContainer function| fc_getContainer function| fc_showWarningMessage function| fc_hideInitialMessage function| fc_hideWarningMessage function| fc_updateWarningDisplay function| fc_isEmptyField function| fc_hideInfoMsg function| fc_hideWarnMsg function| fc_hideErrorMsg function| fc_copyChildren function| fc_addTablePadding function| fc_isMacIE function| FCDynamicMessageInfo function| fc_setDimensions function| fc_showHTMLBlock function| fc_showOtherMessage function| fc_activateEditButtons function| fc_activateFormInputs function| fc_activateInputs function| fc_init object| dl_levelInfos undefined| dl_obs_comp undefined| dl_other_amt_obs_comp function| dl_observeLevelChange function| dl_observeOtherAmountChange function| dl_LevelInfo function| dl_addLevelInfo function| dl_OtherAmountLevelInfo function| dl_addOtherAmountLevelInfo function| dl_findLabel function| dl_setAccessibleMessages function| dl_showLevelMessage function| dl_levelFocused function| dl_levelSelected function| dl_levelBlur function| dl_checkInitialLevel function| dl_initLevelInfo function| dl_findLevelAsk function| dl_onload boolean| dl_init_begun function| dl_init_callback function| dl_init string| DON_PS_PREM_SELECT_LIST_CLASS string| DON_PS_PREM_RADIO_BUTTON_CLASS string| DON_PS_PREM_NONE_AVAIL_ROW_ID string| DON_PS_PREM_AVAIL_FOR_USER_SPECIFIED_AMT_ROW_ID number| DON_PS_NO_SELECTION_PREM_PRODUCT_ID number| DON_PS_PREM_AVAIL_FOR_USER_SPECIFIED_AMT_PRODUCT_ID object| don_ps_premiumInfos object| don_ps_radio_buttons boolean| don_ps_searched_for_radios undefined| don_ps_select_list undefined| don_ps_select_list_clone boolean| don_ps_searched_for_select object| don_premium_map object| don_ps_value_map number| don_ps_level_id number| don_ps_user_specified_level_id number| don_ps_user_specified_value function| DonLevelPremiums function| don_ps_map_premium_to_level function| don_ps_getHighestDonLevelPremiums function| don_ps_set_selected_level_id function| don_ps_set_user_specified_level function| don_ps_set_user_specified_value function| don_ps_getRadioButtons function| don_ps_getSelectList function| don_ps_getOrigSelectList function| don_ps_reset_select_list function| don_ps_filter_by_level function| don_ps_filter_by_string_value function| don_ps_filter_by_value function| don_ps_filter_radios_by_level function| don_ps_hide_or_show_premium_radio function| don_ps_filter_select_by_level function| don_ps_hide_or_show_premium_option function| removeOptionElement function| don_ps_PremiumInfo function| don_ps_addPremiumInfo function| don_ps_findPremiumInfoDiv function| don_ps_findPremiumInfoDivs function| don_ps_get_premium_id function| don_ps_showPremiumMessage function| don_ps_configSelected function| don_ps_premiumSelected function| don_ps_initPremiumInfo function| don_ps_checkInitial function| don_ps_simulateSelection number| timerID function| don_ps_queue_filter_by_string_value function| don_ps_dequeue_filter_by_value function| don_ps_immediate_filter_by_value function| don_ps_LevelChangeObserver function| don_ps_OtherAmountChangeObserver function| don_ps_init function| Address function| AddressComponents function| DonAddressCopier function| Name function| NameComponents function| DonNameCopier function| Email function| EmailComponents function| DonEmailCopier function| Phone function| PhoneComponents function| DonPhoneCopier function| _dtm object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| __target_telemetry object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate object| _da_ string| DecibelInsight function| decibelInsight object| el object| it object| dataLayer object| siteAlerts object| siteAlertsData function| reloadPage function| testAjax function| updateDonorCoverAmount function| evalMatchingGift object| comp function| billing_title_listChanged function| billing_addr_country_listChanged function| billing_addr_state_listChanged object| comp1 object| comp2 function| PaymentObserver boolean| submitted function| checkDoubleClick object| consHowDidYouHear object| $jscomp function| hasAngular function| remove$FromGlobalScope function| $ function| jQuery function| reCaptchaLoaded object| is function| Cookies function| _ function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry function| moment function| Vue function| VueRouter object| Vuex function| numeral object| Stickyfill function| luminateExtend function| $dnlJq object| addthis_share object| shell object| __gcse function| env function| debounce function| isLanguage function| impressionAnalytics function| trackBillingPageViewAnalytics function| trackCartPageViewAnalytics function| trackPageViewAnalytics function| trackReviewPageViewAnalytics function| trackVirtualPageViewAnalytics function| videoAnalytics function| getUrlVars function| getUrlVar function| isBrowser function| submitPixelToCheetahMail function| trackSocialMediaAnalytics function| CookiebotCallback_OnDialogDisplay string| cookieDomain function| disableFormAbandonmentAnalytics function| formAbandonmentAnalytics function| getMarketingSourceCode function| setAnalyticsError function| setAnalyticsForm function| setDonationAnalytics function| setDonationPledge function| setFormAbandonment function| setFormAnalyticsData function| setFormError function| setFormLastField function| setFormSubmission function| setFormUploadSuccess function| submissionSuccessAnalytics function| validationErrorAnalytics function| creditCardMasking function| zipPhoneMasking function| disableFormValidation function| enableFormValidation function| isCreditCardNumberInput function| ensureArray function| formatNumberWithCommas function| moveFancyboxAttributes function| preloadImage function| waitMilliseconds function| addToCartFromProductViewAnalytics function| removeFromCartFromProductViewAnalytics function| setCartContents function| setProductToCartFromProductViewAnalytics function| setProductToCart function| setProductViewAnalytics function| setTransactionAnalytics function| trackProductView function| trackTransactionSuccessAnalytics function| updateProductViewAnalytics function| getUserDetails function| getUserInfoSetAnalytics function| getUserInteractions function| setSocialMediaLoginInfo function| setUserAnalytics string| memberStatus function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| CookieControl function| __uspapi function| addUspapiLocatorFrame function| __handleUspapiMessage function| propagateIABStub object| Cookiebot object| CookieConsent object| denylistedDomainsHashedValueListForGpayButtonWithCardInfo object| whitelistedDomainsHashedValueListForGpayButtonWithCardInfo object| denylistedMerchentIdsHashedValueListForGpayButtonWithCardInfo object| google object| braintree object| stcBraintreePlugin string| donationFormId string| donationFormName string| donationMinimumMessage string| donationOneTimeMinimum string| donationPrivateFormName string| donationRecurringMinimum string| donationUrl string| donorEmployer string| donationReferral string| teamraiserEventName string| proxyType string| donationPaymentMethod string| showHonorFields string| thankYouDonationAmount string| thankYouGiftType object| Sentry object| __SENTRY__ object| digitalData object| _dtmv object| $menuBasketItem object| fancyboxSettings object| tealFancyboxSettings object| plumFancyboxSettings object| CookiebotDialog object| CookieConsentDialog object| _di_max_id object| _da_crcTable object| TrustedSite number| TrustedSite_done object| TrustedSiteInline object| google_tag_manager function| postscribe object| google_tag_manager_external object| __sentry_instrumentation_handlers__ function| fbq function| _fbq object| a9PixelQue object| _lab string| _wds_im object| uetq object| criteo_q object| _omapp function| OptinMonsterApp boolean| om_loaded object| om80223_71376 function| omq object| s_i_stcf.prod.us undefined| _smtrErr object| shqChromeOnsiteResponse object| _shqdbl object| _shqDebug object| SmtrRmkr object| _smtr function| ttd_dom_ready function| TTDUniversalPixelApi object| google_tag_data string| GoogleAnalyticsObject function| ga object| omjkuwt0truaogbim6gjze object| omghn2azjp0qlg2ag8ujdj object| A9PIXEL function| UET function| UET_init function| UET_push object| ueto_32d51714c0 object| EF object| cvLogger object| WebFont object| gaplugins object| gaGlobal object| gaData function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO boolean| foundNonStandardJQuery string| nonStandardJQueryVersion undefined| e9Manager undefined| e9 object| expoDisplayAd object| WDSMemberConfig object| WDSConfig number| timeout function| _lrx_storageAvailable undefined| _lrx_success_delay undefined| _lrx_successTrig_delay undefined| _lrx_successLeads undefined| _lrx_successTrigs number| _lrx_conversionTimer object| _lrx_docCookies function| _lrx_buildCookie function| _lrx_isJSON function| _lrx_setup function| _lrx_hs_get_visitorid function| _lrx_sendEvent function| isSuccessMessage function| isSuccessMessageTrig function| ninjaForm function| _lrx_checkConversion function| _lrx_mkto_submit undefined| _lrx_mktoTimer number| _lrx_visitorID number| _lrx_maxChecks object| _lrx_mkto number| _lrx_delay function| _lrx_getUrlParameter undefined| lrx_newCSS undefined| lrx_styles object| PAYPAL string| dcm_cid undefined| dcm_tid undefined| dcm_gid boolean| tpc_present function| DP_jQuery_1660230370721 function| clarity object| irongate object| optimizely function| twq function| obApi object| _airpr object| _svq string| ssaUrl object| regeneratorRuntime object| twttr object| ensBootstraps object| Bootstrapper object| _airpr_ns boolean| decibelInsight_initiated boolean| di_adobe_event_bound object| di_cloneId number| di_sheet_count boolean| sv_DNT object| _svt

130 Cookies

Domain/Path Name / Value
support.savethechildren.org/site/AnonymousLogin Name: JSESSIONID
Value: AEF5483CC44D8EF2BC6D2084C0404440.app30034b
support.savethechildren.org/site/CRDonationAPI Name: JSESSIONID
Value: AEF5483CC44D8EF2BC6D2084C0404440.app30034b
support.savethechildren.org/site/CRConsAPI Name: JSESSIONID
Value: AEF5483CC44D8EF2BC6D2084C0404440.app30034b
support.savethechildren.org/site/CrmRest Name: JSESSIONID
Value: AEF5483CC44D8EF2BC6D2084C0404440.app30034b
.decibelinsight.net/i/13874/ Name: da_lid
Value: -873FD6C79A72EA13E2BEBB99F4D94309DF|0|0|0
.decibelinsight.net/i/13874/ Name: da_sid
Value: B40CE5F48E32AE8877EFAA13B6DB09026C|3|0|3
support.savethechildren.org/site/ Name: JSESSIONID
Value: AEF5483CC44D8EF2BC6D2084C0404440.app30034b
i.liadm.com/s Name: _li_ss
Value: MgkI_____wcQ_RI
.savethechildren.org/ Name: cm.Bi9BxTB8yKeXB962w$AAyoE7IThheader
Value: 1660230367
support.savethechildren.org/ Name: JSESSIONID
Value: AEF5483CC44D8EF2BC6D2084C0404440.app30034b
.savethechildren.org/ Name: at_check
Value: true
.google.com/ Name: NID
Value: 511=e2zZIRkXWDv35XHyU5SSe5OHOkQU8bOf_hLoNgsr2jIPyEllS43PUcejD4f-83OjYOE8fgaI8nPEgeyjMzWtqw-cDqQE9WDVKEzv5RR2aT-yCGkH9uG5R0QFBLjjTZItj3UD3GHrMMIGg_DLbvBFmoBIIBfI14bht3_A26r3mS0
.demdex.net/ Name: demdex
Value: 89340451392778590324404272840646099861
.savethechildren.org/ Name: stc-analytics-source
Value: Email|Email||Emer_Kentucky_Flood|New_Leads|08/10/2022
.savethechildren.org/ Name: stc-session-count
Value: 0
.savethechildren.org/ Name: AMCVS_6B0E659F56A9E70D7F000101%40AdobeOrg
Value: 1
.savethechildren.org/ Name: s_ecid
Value: MCMID%7C88965362408181213204437695979917975845
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YvUa4QAAAITHaQNe
.savethechildren.org/ Name: mbox
Value: session#b7d4fb6077554f1ea47452f0d8cbedb3#1660232230|PC#b7d4fb6077554f1ea47452f0d8cbedb3.37_0#1723475170
.savethechildren.org/ Name: s_ips
Value: 1200
.savethechildren.org/ Name: s_tp
Value: 3347
.savethechildren.org/ Name: s_ppv
Value: 2022%2520Eastern%2520Kentucky%2520Flood%2520Crisis%2520Fund%2C36%2C36%2C1200%2C1%2C2
.dpm.demdex.net/ Name: dpm
Value: 89340451392778590324404272840646099861
support.savethechildren.org/ Name: _omappvp
Value: XIbNKqOlLoGrWlusbKtoo1p7xIuBZStNyzpX45rTWjTY3JThemGKw9BTT1nocob7f7xPsoEPX3I2IClqXwSh6KITKU0a82N6
support.savethechildren.org/ Name: _omappvs
Value: 1660230369572
.savethechildren.org/ Name: s_cc
Value: true
.savethechildren.org/ Name: s_nr30
Value: 1660230369586-New
.savethechildren.org/ Name: AMCV_6B0E659F56A9E70D7F000101%40AdobeOrg
Value: 1176715910%7CMCIDTS%7C19216%7CMCMID%7C88965362408181213204437695979917975845%7CMCAAMLH-1660835169%7C6%7CMCAAMB-1660835169%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1660237569s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19223%7CMCCIDH%7C-1268760579%7CvVersion%7C5.4.0
.savethechildren.org/ Name: stc-analytics-sub_source
Value: 88965362408181213204437695979917975845|||||
.savethechildren.org/ Name: _gcl_au
Value: 1.1.1491197135.1660230370
.ispot.tv/ Name: pt
Value: v2:38aceb61934f90fe45f146875d93d4f0eebe89aa561bc8c3c6dc82d204f8bcab|bdaaf7793d81e0a0ec10e4522ecacfe1e011777a75f321a6cbad1e9fdc83ecbe
.bing.com/ Name: MUID
Value: 065321CE8A88633207AE30338B24629B
files.savethechildren.org/ Name: PHPSESSID
Value: faaa52e5556aa69bcc6dbe52facbd583
.criteo.com/ Name: uid
Value: 733e89db-b8ba-48f3-8edf-ca6a715223ca
.savethechildren.org/ Name: _uetsid
Value: 21e8bd10198711eda4c46b5a35b03ed9
.savethechildren.org/ Name: _uetvid
Value: 21e8d740198711eda54321aaef4f6b54
.savethechildren.org/ Name: _fbp
Value: fb.1.1660230369881.1409078326
.savethechildren.org/ Name: _ga
Value: GA1.2.1304497899.1660230370
.savethechildren.org/ Name: _gid
Value: GA1.2.1679020176.1660230370
.savethechildren.org/ Name: _gat_gtag_UA_85748307_2
Value: 1
.wdsvc.net/ Name: _wdTest
Value: accept
.wdsvc.net/ Name: wds_random
Value: 2022-08-11T15:06:09.934Z~2022-08-11T15:06:09.934Z|8948277443712424|60|
support.savethechildren.org/ Name: trustedsite_visit
Value: 1
support.savethechildren.org/ Name: trustedsite_tm_float_seen
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUmn4KYNoGAyrMtmaOl-BeAKDiJE_PHOJwmQtYrtl7pwsfDTjqkQ0_EGXufM
.amazon-adsystem.com/ Name: ad-id
Value: Aw7FWcIyJE04vW_z8QSY0lc
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.savethechildren.org/ Name: cto_bundle
Value: GD4val9keUlMJTJCR0RVREt2ZHY5UndYMU5BJTJGek5namJ3V1IlMkYlMkZ3S1d4TWJkc1hkYTNvN2wlMkYxR3pMMVplOEElMkY2dmg0OGQ4QjFlSmFLRnlwSmRaZVJPRUl2V2ppUkJ1ZmFJS0VmZUFXNTNQMiUyRjAxMFJ4RjVqZ1RIZllLd2dPTU12c0xObktnSUNIMkdzNmZMaGRja2d2SVZOVkZxU2VVNlNzTGNFS2l0MUxZaHI3eVhsWSUzRA
.tribalfusion.com/ Name: ANON_ID
Value: aTnsuBNj6WqCyhURALhLmAqyMvZa3WrIqyK5DU5Y4Zaph6eLQ3EgLe9y49fUU4MpLrfvVOXH6TMW5BWbUZb
.adnxs.com/ Name: uuid2
Value: 7703064413273786036
.agkn.com/ Name: ab
Value: 0001%3AmjZgl%2FZD7ccsdsqIpSOrlwduPPqMv9EQ
.yahoo.com/ Name: A3
Value: d=AQABBOIa9WICEOQUV4hYTLirDTrjv7_oBo0FEgEBAQFs9mL-YgAAAAAA_eMAAA&S=AQAAAiEo72_Dt9JtcY3YVOJYGWs
.casalemedia.com/ Name: CMID
Value: YvUa4iYo1VtiURA2PvR6pgAA
.casalemedia.com/ Name: CMPS
Value: 1140
.casalemedia.com/ Name: CMPRO
Value: 1140
.zeotap.com/ Name: zc
Value: ef95123c-e472-41d5-418a-dcb6815dba48
.myvisualiq.net/ Name: tuuid
Value: ab54dda0-331e-4fe0-8126-9689c24b48f7
.myvisualiq.net/ Name: c
Value: 1660230370
.myvisualiq.net/ Name: tuuid_lu
Value: 1660230370
.bidswitch.net/ Name: tuuid
Value: a6c4482b-d95c-4b3c-93fa-719eaf12f433
.bidswitch.net/ Name: c
Value: 1660230370
.bidswitch.net/ Name: tuuid_lu
Value: 1660230370
.adnxs.com/ Name: anj
Value: dTM7k!M40]CxrEQF']wIg2E?atswI+!]tbPl1M]o$IyEVUcH=WA+mZIT$8YZI7P'I]2mpcKK*K$csa$8ZV(nNARTZLD_hn8(q<rWQ`u<C'Bxs'Q3N[9@j5a-D$25ADb6_:!+/f%MkOLO
www.trustedsite.com/ Name: AWSALBCORS
Value: n6zP32z47UfnXwRPbyH8wxsSy7Zkd0hCAVBs1Lo8eKWfZfWvpJ4lC9irJwI6GYi2+YrFOZPI4GdLQcLgQKGD4+7XEjXjAKI8v2QZ/wMAYKekOxPXaAbhjLzG66Y7
www.clarity.ms/ Name: CLID
Value: 222e5449e890460eb6b7b3de41f642a9.20220811.20230811
ads.stickyadstv.com/ Name: UID
Value: c2b05442e4e35a4faf5bcdf9f0af943
ads.stickyadstv.com/ Name: uid-bp-30833
Value: 1
ads.stickyadstv.com/ Name: sessionId
Value: f2cb8dbc7fcf30a1bcf3a06c1a51c882
.c.paypal.com/ Name: sc_f
Value: WU0n1MpZT54lfSwc0Ptbvn3ss-ShYGov2b9DOHv6_4AsqONiqtr8Col3tE1RkUst4v3-C3jeitWPgn3pQ7qY2FCfDu7-VvYxIdLKH0
.paypal.com/ Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK
Value: v4okcGnKvsAqhjLBJc2G5jqxhgCQyDqDwbaMf6vD2XA-8TckmkjZOpk4lg_yD0l71DO4q0lfZVfT7_BB
.krxd.net/ Name: _kuid_
Value: PAwvrFx2
.savethechildren.org/ Name: _clck
Value: 1vyzvde|1|f3x|0
.mookie1.com/ Name: id
Value: 10815957456790300460
.mookie1.com/ Name: mdata
Value: 1|10815957456790300460|1660230371142
.mookie1.com/ Name: ov
Value: 7a51d6c1496061bd2d1471c2b61f0e30
.adform.net/ Name: C
Value: 1
bs.serving-sys.com/ Name: r1
Value: 1660230371_1
.serving-sys.com/ Name: u2
Value: 03f9498f-f646-46f4-9229-253009a5c9e34If060
.spotxchange.com/ Name: audience
Value: 22b98d20-1987-11ed-8471-10b91cd50406
.adform.net/ Name: uid
Value: 6928307882303753497
.mountain.com/ Name: guid
Value: 22c3cd2e-1987-11ed-a184-dd6ec9f9c638
ads.samba.tv/ Name: sambapxid
Value: fd095e0ffb6c6ed0
.semasio.net/ Name: SEUNCY
Value: 7BFF9EC88BF577A4
.savethechildren.org/ Name: _clsk
Value: ewvtku|1660230371613|1|1|n.clarity.ms/collect
.ninthdecimal.com/ Name: ndat
Value: aMgeLWL1GuNIy2lEOYonAg==
.leadsrx.com/ Name: _lab
Value: 120117641
.leadsrx.com/ Name: _lab_lastTouch
Value: direct
.savethechildren.org/ Name: _lab
Value: 120117641
.savethechildren.org/ Name: wds_random
Value: 2022-08-11T15:06:09.934Z~2022-08-11T15:06:09.934Z|8948277443712424|60|
.savethechildren.org/ Name: __WDS1
Value: %7B%22da_100229%22%3A%7B%22hu%22%3A%222022-08-11T15%3A06%3A12.314Z%22%7D%7D
.px.mountain.com/ Name: tt
Value: H4sIAAAAAAAAAKtWKlOyMtJRMjYysjSON7IwtlCyMjQzMzAyNjA2NzY0sNRR8guKh8qaWxorWRkgi4DVG9QCAMc9LqlGAAAA
.mountain.com/ Name: rt
Value: "MzIyOTM6MTY2MDIzMDM3Mw=="
.analytics.yahoo.com/ Name: IDSYNC
Value: "195g~26j3:18zh~26j3"
.adscale.de/ Name: uu
Value: 8aee105cfe6b46648d30a257f76f8189
.adscale.de/ Name: cct
Value: 1660230373444
.savethechildren.org/ Name: da_sid
Value: B40CE5F48E32AE8877EFAA13B6DB09026C|3|0|3
.savethechildren.org/ Name: da_lid
Value: 873FD6C79A72EA13E2BEBB99F4D94309DF|0|0|0
.savethechildren.org/ Name: da_intState
Value:
.ih.adscale.de/ Name: tu
Value: 4#899438263#40~k-A78jI5XgKNLDGq6H7jDhoqciwg1zn_6Usl0HWQ~461175~0~0
.savethechildren.org/ Name: s_vi
Value: [CS]v1|317A8D72A2CBA97E-400007F6DE73C2F2[CE]
.casalemedia.com/ Name: CMTS
Value: 1168
.c.bing.com/ Name: SRM_B
Value: 065321CE8A88633207AE30338B24629B
exchange.mediavine.com/ Name: mv_tokens
Value: %7B%22mv_uuid%22%3A%22241dde50-1987-11ed-af2c-27b08a82436c%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/ Name: mv_tokens_eu-v1
Value: %7B%22mv_uuid%22%3A%22241dde50-1987-11ed-af2c-27b08a82436c%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/ Name: criteo
Value: %7B%22id%22%3A%22k-iRejT5XgKNLDGq6H7jDhoqciwg133UHmWLGYvQ%22%2C%22version%22%3A%22criteo%22%7D
.media.net/ Name: visitor-id
Value: 3032319739085251000V10
.media.net/ Name: data-c-ts
Value: 1660230373
.media.net/ Name: data-c
Value: k-ajqSHZXgKNLDGq6H7jDhoqciwg1akyT5DB7m9A~~3
.360yield.com/ Name: tuuid
Value: 89c44add-4ec7-47ab-bd15-520230cdccae
.360yield.com/ Name: tuuid_lu
Value: 1660230373
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 065321CE8A88633207AE30338B24629B
.c.clarity.ms/ Name: ANONCHK
Value: 0
.360yield.com/ Name: um
Value: !38,SmcSakPNukxN9CigBSede1E7EhVokgCWwtC.n2h55lIk.w4Lh9J3KQ85cTiiqGmuj2WAmooM,1668006373
.360yield.com/ Name: umeh
Value: !38,0,1722438373,-1
.yieldlab.net/ Name: id
Value: 478ff72a-2222-412c-9528-ce94022221ce
.id5-sync.com/ Name: cf
Value:
.id5-sync.com/ Name: cip
Value:
.id5-sync.com/ Name: cnac
Value:
.id5-sync.com/ Name: car
Value:
.id5-sync.com/ Name: gdpr
Value:
.id5-sync.com/ Name: callback
Value:
.sxp.smartclip.net/ Name: uuid
Value: 4b2f236b-e51a-f562-2ecf-a88f09370886
.sxp.smartclip.net/ Name: dspuuid
Value: 69.k-90FeCpXgKNLDGq6H7jDhoqciwg3J2_PAmAo7vQ
.sxp.smartclip.net/ Name: psyn
Value: 19215.69
.twitter.com/ Name: personalization_id
Value: "v1_wGAawqZXRDxWp7UyGTgJmw=="
.t.co/ Name: muc_ads
Value: 568a2b23-c685-400f-8574-64887b24fe36
dpx.airpr.com/ Name: an_airpr_recent_visit
Value: 1
support.savethechildren.org/ Name: outbrain_cid_fetch
Value: true
.liadm.com/ Name: lidid
Value: b0b391aa-2ed7-4ef6-870e-e291a75cc459

7 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Message:
Failed to load resource: the server responded with a status of 404 ()
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://px.surveywall-api.survata.com/z?l=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsurvata.com%26id%3D
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://usermatch.krxd.net/um/v2?partner=amzn
Message:
Failed to load resource: the server responded with a status of 400 ()
network error URL: https://idsync.rlcdn.com/397596.gif?partner_uid=hB4Y5VRbofNpntxBGIy53L4kclyChbwH
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com; report-uri https://support.savethechildren.org/site/XFrameViolation
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10657097.fls.doubleclick.net
4853738.fls.doubleclick.net
a.omappapi.com
a.opmnstr.com
a.tribalfusion.com
a.twiago.com
a4.tribalfusion.com
aa.agkn.com
ad.360yield.com
ad.sxp.smartclip.net
ad.yieldlab.net
ads.samba.tv
ads.stickyadstv.com
adservice.google.com
adservice.google.de
amazon.partners.tremorhub.com
amplify.outbrain.com
analytics.twitter.com
api.omappapi.com
app.leadsrx.com
assets.adobedtm.com
b.stats.paypal.com
bat.bing.com
beacon.krxd.net
browser.sentry-cdn.com
bs.serving-sys.com
c.bing.com
c.clarity.ms
c.paypal.com
c1.adform.net
c6.paypal.com
cdn.decibelinsight.net
cdn.ywxi.net
cdnjs.cloudflare.com
client-analytics.braintreegateway.com
cm.adform.net
cm.everesttech.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
consent.cookiebot.com
consentcdn.cookiebot.com
contextual.media.net
cotads.adscale.de
criteo-partners.tremorhub.com
criteo-sync.teads.tv
d1eoo1tco6rr5e.cloudfront.net
d1n00d49gkbray.cloudfront.net
dis.criteo.com
dpm.demdex.net
dpx.airpr.com
dsum-sec.casalemedia.com
dub.stats.paypal.com
dx.mountain.com
dx2eq2oh924g4.cloudfront.net
e.savethechildren.org
eb2.3lift.com
exchange.mediavine.com
files.savethechildren.org
fonts.gstatic.com
googleads.g.doubleclick.net
gs.mountain.com
gum.criteo.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id5-sync.com
idsync.rlcdn.com
ih.adscale.de
image2.pubmatic.com
image6.pubmatic.com
insight.adsrvr.org
js.adsrvr.org
js.braintreegateway.com
lciapi.ninthdecimal.com
lm.serving-sys.com
loadus.exelator.com
match.adsrvr.org
match.sharethrough.com
mug.criteo.com
mwzeom.zeotap.com
n.clarity.ms
nexus.ensighten.com
o69911.ingest.sentry.io
odr.mookie1.com
pay.google.com
payments.braintree-api.com
pi.ispot.tv
pixel.rubiconproject.com
pixel.sitescout.com
play.google.com
pt.ispot.tv
public-prod-dspcookiematching.dmxleo.com
px.airpr.com
px.mountain.com
px.surveywall-api.survata.com
r.casalemedia.com
rtb-csync.smartadserver.com
s.amazon-adsystem.com
s.thebrighttag.com
s.tribalfusion.com
s3-us-west-2.amazonaws.com
savethechildrenfeder.tt.omtrdc.net
sb.scorecardresearch.com
secure.adnxs.com
simage2.pubmatic.com
smetrics.savethechildren.org
sslwidget.criteo.com
ssum-sec.casalemedia.com
static.ads-twitter.com
static.criteo.net
stc.demdex.net
support.savethechildren.org
sync-t1.taboola.com
sync.outbrain.com
sync.search.spotxchange.com
sync.taboola.com
t.co
t.myvisualiq.net
tags.bluekai.com
tags.wdsvc.net
token.rubiconproject.com
tr.outbrain.com
track.securedvisit.com
uipglob.semasio.net
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
usersync.samplicio.us
visitor.omnitagjs.com
widget.us.criteo.com
www.clarity.ms
www.dgtrx.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.imdb.com
www.savethechildren.org
www.trustedsite.com
x.bidswitch.net
px.surveywall-api.survata.com
104.111.242.245
104.18.18.126
104.18.19.126
104.18.32.107
104.200.30.45
104.244.42.67
104.244.42.69
13.248.245.213
141.226.228.48
141.95.98.67
142.250.181.226
142.250.185.230
143.204.205.113
143.204.213.191
143.204.215.10
143.204.215.35
15.236.176.210
151.101.2.132
178.250.0.163
178.250.2.146
178.250.2.151
18.118.75.167
18.156.0.31
18.156.126.13
185.255.84.153
185.64.189.110
185.64.190.80
185.86.139.89
185.94.180.125
188.65.124.66
192.229.221.25
198.47.127.19
199.232.188.157
2.18.235.93
2.21.20.200
20.234.93.27
208.113.174.133
212.82.100.182
216.58.212.130
23.35.237.86
2400:52e0:1e01::883:1
2600:1f18:444a:4602:c0f3:1f8e:adeb:9564
2600:1f18:612b:4264:f887:8ace:4fd:1ad4
2600:9000:2057:6400:9:7c30:be80:21
2600:9000:2057:800:14:6bfc:5740:93a1
2600:9000:2057:d400:1b:832b:ac00:93a1
2600:9000:214f:ca00:12:b144:100:21
2606:4700:10::6816:1957
2606:4700:4400::ac40:98f5
2606:4700::6811:190e
2620:1ec:27::cafe:1806
2620:1ec:c11::200
2a00:1450:4001:806::2004
2a00:1450:4001:808::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:811::200e
2a00:1450:4001:813::2003
2a00:1450:4001:829::2008
2a00:1450:4001:830::200e
2a00:1450:4001:831::2002
2a00:1450:400c:c03::5c
2a02:2638:1::3
2a02:2638::1c
2a02:26f0:1700:11::b856:6785
2a02:26f0:3500:591::1e80
2a02:26f0:3500:887::f09
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:400::291
2a04:4e42:600::729
3.124.40.150
3.127.105.16
3.127.167.79
3.221.3.139
3.33.220.150
3.67.234.137
3.73.240.107
34.120.195.249
34.206.247.163
34.209.226.105
34.225.35.161
34.241.142.170
34.242.156.102
34.98.64.218
34.98.67.61
34.98.72.238
35.156.167.229
35.158.53.117
35.158.69.126
35.186.194.101
35.244.174.68
37.157.2.234
37.157.4.41
37.252.172.37
37.252.173.62
44.235.191.156
44.238.33.223
52.12.117.226
52.18.211.80
52.184.204.244
52.20.189.152
52.218.153.72
52.30.130.246
52.46.130.91
52.5.60.62
52.57.134.94
52.57.41.188
54.200.137.219
54.225.217.42
54.229.84.199
54.78.254.47
64.202.112.31
64.4.245.84
65.9.65.116
65.9.66.24
66.155.71.150
69.173.144.138
69.173.144.139
69.192.160.219
74.119.119.150
74.123.154.123
77.243.60.138
8.33.184.124
85.215.5.31
96.16.132.239
99.81.70.153
99.86.4.114
99.86.4.120
99.86.4.3
99.86.4.81
0227e0e4dea130eb6f3163aa3ab03720dce83a0e219c282189b03bc5b8a727e3
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
03fb95023db93ff6e7cab0dbb741bafd0dd7906a7ac57760b5ab5a5a67b01757
04a798f1de48c8e912b858a70fde58dbd12a9c1181d695709c2b27f25bb09a7f
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05983ece9df42a44bd25fd5e44712cdae01545367d2aad72728b60fc9721ad90
061eed8b24902bff5ef99aa23522b59cba44f7487e7bafdb52ca521107c3fe6c
0913ce55751921ac33e38702ae82f921bef021fe0c2de86f3744944ec9249852
099a89edb65f4cd9501d6c1a11ef5f6b26ec28713c76a01629a42612f7c4908d
0b49e7b48486b30c382a49fc34a7385230a87130314260f19cb1899388bca34e
0c8fba41f9e22f09c18be06b7269e43763908093cd19c25c0a015605935b2105
0e937847c7e07ed15db23b99d02385f8a76a534837159ec603319dab64a5a9ba
0f2dd730bc56ea9d8d0ee9c7ec142ec0e5ccb384da3fb24f94414aa7ccd9b48b
104a57ba8de66a8ad8437e014f6984c52c5d0a3aceafa9b681496cd72b87673e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
113c8e60568456e2a742439331aed8ff7b72ca723c715c0abf3d7e240f508f50
12dd3e968ced8f01649560da4cf975edff617d25ba4585dda428377529220da0
135ae3e7f5e9b6c501a48f208ab55f701c066f5543fc4d7d64ef766cc722fae9
1662126a3a9761c6183106d3bfa6e13c4f1a83c18b3e537985c1635c53be1662
17423a3fc16f9d010a773780b8f21b45ab58580afc0118bb8bcd6a96b1cd5f8a
1a0989896f2933670321396aa9d0581db5ec8bdf3327691ca35f9c4bfa98c8fd
1a441c7ccaa6860be3bf2316f83b10305ee23678770a673999ff05cacf651d93
1c2b8a03df4a4eea5e4ccd7c81f9a82206c67cac86ad50cf88bae793da7f4f7f
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
1d7f7eebdf3bf6532a38569d70a76df396dd8751cac0aaea58c54bfe9569e19d
1dde5980d2c7274a0fc6d4d4e585b7e86f3012eade0a0e1eae6a7b9ea9fb58b5
1e65367c921bdd2bc9fec73a0837f771710baace85a96e2c91c569be67339da1
21b2d1f982899583a1cf29dad48ce276cbe44838051e4bb373a6813d15fde88d
2344bf11d8936ea401e4024d5e8f2060095264d179d34ee2388c6832c603ea27
2472edd598fb876be8cf0c6ca4404a6bf419d817ab07bb9f3fefff01a7c8429a
27f31fe8c2a67565fc08af8ebe6bb580242d621d1fe65eb4b5c713a39741eb68
29ebdbb570753623b8ed9a6d19f4c79fb42b2481c21cb4141eb055b7d177e79a
2a8d18707c60dfef2fee979ba6ac8de68a40e31bedaa656f26cf148cf551705c
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ecfa9d465c1e7a2a3af852a7069c53749e619416525d9b9180bd3c22f30fbd7
2f421b34de959edc0089598bcf6d91006c1fff2e444c98e834bffc8e964b909b
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
34b6561b0dc821aebf895b623ba64d09d00a153c22610f0f71f67ecc3d9e6769
36b5697cea3adce6b7d19284a8fc074ab18f9ca01273ba853ee0f057415c9387
36eae834eb813fa22be833b5169543005a1626e16a574d3286ec00f08066370e
37b5bcadb5d884158218785c2647fb6945d73906315d5abe754232158748259e
3ece40b974c6084c091fff702b34d48d9c4b0aaa273b63239cd34225ea20c002
3f65c3dcc1c537bf31a736d0d32b468580d8a3f3ee96f93e3befcb0a871a9a28
3f6a04ee0c324cc70b73d2d6f9d2aadd3975d1a09cd9fabe392361194d5c1313
412ccaf290c8ab395d1597704c95399eb80897f6518d12e0d0604fb309249dbf
418ac773aab2a1e1d980dc046cd8e69e6f62d733bfe767d0afb97d2eaf0e867c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4568538c8bb3368c4b9fe611cc7dcec27e65452a4753becafbc3e0861f34abb1
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
481cc82a8339459184525d58ddc6f98e6fd4c57da6861e89b5f59440a94502c4
49ef92b367500b4ee119940a1b56ae67829a83f519e8af995e5d5b180f1731b9
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b99a75a42582fd22e780855dfb50880df624ce43988616f4b19dc7ba90f1250
4bb29fc16bdac8b50ea87d923f8df87d7459e533afe6871dcc33c039787e5271
4cc71a038b77c6edee0568cc4d0d99e867b5fb334b34784a4df3add33756043d
4cf635e0a393b85f4efd07b3a00b8c092329ffb42dcef45b0d99dca88efb7ac5
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4edb816a596f9a4a768c41f9f21b5b2bcfb74f80f913a7f40b899c2d05ec1719
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
507add04d1c6597d1eaca7599452be07bd58c4fca04d195808df2909d610d9e3
50bb9c8f4af577f3289f597f2441f177967721b438fd1737b937ef69f4a58062
529b9c583e6cf8da02c9cadf8c38b5714198f0fde2dcde01da2d5ee681228738
529e2c135c9479f5ccddc5e644f4d6f1b1a693b02c5945b71aa62d25576858a2
53380404709f3d3e845a1e33be4d4e0bac1a77845e10f68111ffb474a4bf0961
546c75b744febdb538ada85219ae6764193b442ce1bbaa4a3594182e85f7911c
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
5653386a8725820e2a79eac4ea2fe4a1689bd997e943211069e96fd6e58b94ba
56fb1bf075613aa1e61d6cf81fe7ae08d45fe7a16689d118bfa06e17600ac4cc
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
574cff1c54a45a0ec194c6f3124a37cdf61349139540125c352b206ab57bfb46
5b9c72f61918d403ff3b4847600ecf00a4d01eef3f0e0f85ccf357920514e533
5befd2a54e625956c71b77a339666c25fea1a34c017fd6e711b8bf1e3d7d4ece
5f6b21d3884b4496c158b1defe06fb0ccc4b637890a2bb47089b7dc01213a32c
608be4813d58c1eadae67a684487cd2bd7403194f3434217c4e0c4f1303cf9e7
60cbe4e17fb6a2a02d3db7fa5126fb6a9adb26e054117a79d16aca4a2036610a
63e22009e53a6fb18693088f8ac6bd2a8975cf92c534132f9132acc27f179c25
67869f72a4e69347a58428a26deacf581ff95e6e4266e3a2916d0e4449e787b4
678743e83d255d34a3476fa3eed80d55d212874f0fe98285a54fbf293f8b73ee
6789ef8cfdfd353aafaf5b93d8f50aa548d04287f3edb01479bc1fcece9cfc16
6804249c39aae7d80cd20c9d78213ce15c35d47b5c21821641c6182c16eed1b5
69bffd1a8ad326cbe635c1aa4501526b180044052ff34fe3c407763bc90e0930
6a5ed4bb4bb22800c5f3d7057a35cbdd8bb49686d8df119a8452122aa7b40b80
6b5116bd2cb4809c6634b99a9b1ea0a0aeda596a94817682a0e4811e35eccc58
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e8aecb1541f98de24d74e394b54c1ec5c1dd34d1fd27d722796075e7f348b6c
7032aef60799331ff77bfc15307c8a9822f73669375cba1c50783c8e8c6459f0
7343a2169d96128b9211d01c726c358e0df0206f4cdfa9bff367ff1f7ed3bcdd
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7fad060874c6d715e53ae10e92ebca22aebe769bc8efcf8454c9f9802be8de78
7fd9fe85828dfef147010b71ba41bc88afcfe007cb108560dd3d426853b77202
802c1b8902e934d8324bdf420bab13d447629967179ae6b5425401a72fcd7a89
8149e7a499495934e89cc424abf6d428a3531ec3cccf270c4e42a0a615d6fe69
82d252b0331bf97dded0f4bf4948272698618523d184b1cc476f3f1807f15b74
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83db3bbe981876d41cce2ddff9a3f3eb388342c9d70a4112fd79b995dae26dd0
86d95dcf819cd9f7ae82162e2c393d939f12fafaba93129517a5e8f42e62fba8
878495aa2069675d330a30d1a37a692033b17e613dedbbfa3c8f16c41457b045
896312e222613bf6e4f12824e6d088838a10fa107a8124f38f419dcdf7a44e3d
89d907fba3696fe97bde7c623fb7896502d81637a422ce080e44b6bc4930de7c
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ee982f24c149a904b8cfb2fba3c11d513218f7b9e225f7233c38b1b0b6d0735
91ccf2606796c7906790d2db7fac7984a84882a6d05c8ef0b6914aa5e8391cf8
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
929202b357da34f1988ff49fd76e1615f5ed381a2ecb6d4d0ae76eeef527a830
931bf6ce88f5237d3795bca1fcfb831181a75de7add4b03e6e7b17b3c79a8ca4
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
93237d914c1b6b30af773ec1a9abb50d3d13da2c963c40a7d808ac184e2a0df8
9449ccf781bff1869fad09bc28ea4214e40fa767895eebc6fb37cf66cb4d27bd
957f312f39ed8ba93485141af5af501f1d2b7b372433d8ac77b0923a5c584204
95e67a043338e5fe448dc282f41915dfe871dd491269b6f2d892a46fc7e661b5
9831a5c4f65805f968ee933a01864d965eb16c84f57f68156d122b654bfed8a4
98a0c74b6560ea8895c06d21857ecf1d8de31ee9d091cf94b8373a34ab68a4df
9949830afb880a5b2473a3638a93f29952c71695d3190e35af43e8b75c989607
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a6db81127dceb32c40c1d5a1a328bef9e126a6bbe573a0ced1648ab6cdc578c
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
9bbd8d262416d4032f349714958d83a410a572519e847e718a350fa89b02eea5
9cdd1eae85ce614b8b8ae27bd5d03dc82f0fe2e9ed1f39bd48975c9e9e52993b
9e8ba124b0c73a351df657b54d58db545fe810e16c0d9b07824a64864792a20d
9f1452b78e9dda47be12aca96738dea2114ade0fd9fe474ee3af364c0fcf766e
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0e2f66644877655cd362b939852cb71181baecf71fd3dc2a1df419030809a3c
a18e784fb3201a4ce31830f8ca4918b2de835115e7ca09f676dc93b761acb0a3
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a438afb23db5e904944da9621089e8314f86ae094f9a6f03b45caa66dbb120d7
a4aa9f775af34f63386d8b4d8a14fce2225c317c3f93cbafdeb5a8524eb542a1
a6ff1d594bec9962bf6d93f81fa81a82b3b6ff7f49dce448d05e3ce8af924485
a899d637d49e28f84b577793f5c111c57fc2e631ddeacb567261b7bc6f96b58b
aa095c1b39b9a80b9847de7118da49affeeed83f3ef5d154759d0ee9471392a1
aa432c05daee8749817b34c7d407845c3132dbb52fe62bb15f8d745cdb869134
abc78c6fbb3027dfe1f1c2973e6c9e7e145fa3acd6670b25495a864351b878ff
ac5715344c53f972acf9f9786a383da5fd78b0a8f12e695522d399716203eab2
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ace295496b301814db400fa3ab2ee42f6403bc12b4f57f6a09a467edc07462d6
ad8ecf43c78f72c1a1f274d2e79cb3a0b18077113415a7d54a7bb7e4d160ba4e
adae8181e3273af1702575e59e9c29b34eedf74943cdde9758a4ccf8e39c5641
ae2b7a9f9989857015454a6453010bdb7e81cfedf4324136ce85417720ccd5bb
ae57d5e97bf1a0db8777b7531cd32cb09ee6f07bed183bb880469cc20f355086
ae8ab2b6e48fdef457c84b2b32b1e7a980579dfc50622ee62fcc515b68752399
aeff7db24dbf341aabb4dd12727d36dca604d23f8e48704ac57053812db55920
b0e70b299ab9c122ad93531fa8e5309833baecd53dd55c992c538f8b33bfa22d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2d71a40f6794578a24e2c5c049734e609b43044b97adf3d8701780c26c9f083
b3b810fd46e7aad5b789896519011ab5366b39dbb19a5663c53525f756e89bfb
b5fc945cabbe82a7bb8d33c73b8a4eb32d30505feac063e6a798b2c5a558e883
b79c0b6d5fabf21da5599b0daf8ba491014004cdfe7dcb8df6ee43a26b836694
b8ea3a3a52d7794f84b61c77e84f84c7e55d30302ef404934bfa895821123090
b986d774c858e94ecb4cd87d7a43e08cbdde1b0896e047f52c0ad07ffa6be4ac
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb365468028d285187c7eebd9d9f5f55d2f27b0f3512c21601decb7d47e9cf31
bc2dfacec7f6863ffd08495bd9eafbc46209bfe52511905529d52e687a14b505
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2db1040f8bd8f01e730405e5e71407930a4f95b3823e0ef1b2fedaa033fb2bc
c435781231782d13145522b494623de0b6b8037ccfcc5f6f605b85ace8223f15
c60cf2c424f44ed06875abc9837c96c17765accfaa03ea9eca885f828ec1d8c5
c6692607384f0b261f38edee88dc75ee817827d26aecc4ae765ada9aa92dd36b
c6dc3c193acc17f8fe814d7598d79d4a861fc367ef78208a5d9c879bb1638835
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
ccc4874859206649591607f32661c7969b0b33f17c7f5070c2bbd0de80b8db2d
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d199c786c26bd0b4aadfa14ab7abb7f4d8405c81aea1ca29e41305e636948d3e
d2af1b7194afb442a397879fc5f023b267adc41d9c639bd620c9d5b660526503
d4685f7b71e8393bd0572c469c755a9dce70b52090352f52e2e784fd95821198
d6e3b5e7ca053ee43ae72808728156e5e8629de1049cf3e92794439f2bfd052f
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
d92cb06b44cef6b07ba00f221cd8de90566b1779164e113d4f5a43bef4c64077
d9479c1288cf240cf605993ef0fcda98d749b6b7fb8e4ee584be29ed1856aca3
db303c3d5b39371bb91fbc688df6e18f93a067713146f617ef27157b7ee38f74
db4bb1e314a04c52d8ad52c3a66ce793a012910e88d90295767ec52d75a4d72f
dd674f0b8199125dfd7034a04f0ce6c54340f94ed822090b118e15a93dfb9986
dd928658aba1ce75dd8369af1856bf92fac56e177ef1fe010229141bb6f8ec8a
dda558a93891b2c9f4da39839ae644f25ddaed59e93807a342eea812441e46e5
ddaf05992cd382691c8644163c876c5ace24a4900478efdbe1ba7354af4f60cf
dddb90184d87f59b1a025fa9b460ef0b25fbaa3ea192a83d31535dbb20ec10ad
df02d55d020c8804a1ecff3c85906ce4d599185870883d064381f165911ef52f
e1273a5e5ca6d6af7d88f9b231577008ca093f7950b46b601e1a2a9d203ea759
e12aaa2a4b986fa17c07ce4c0cd32b980694871255337c90e1738aa29e9095fa
e2fd55a8f4de5b2168adabe37df04032a92d8e182bb0a3136c0ebd301b76ca1a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e75555ca161f289d4830a84a1856b37a9cb0077f78af600fb47c67c135baa8fd
e9b9993d6c2391b9afef86ba3352e27eeca0e630aae66fd8ac558383e84d837e
ead2a9ed9ee423fa940f5f22bfa1b1251952857495a7fa31d8615581030f9779
ee01d40bfdd77aba5652b3ff93095712b618a6a2cc2637828bd875979cfe9cb8
ee1ebe840d3253d382c185fa3901c7bed9a1f42a069355e17daec30b39d093c6
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f16f5e7a39830113f7119db6ee715eec682e3c879cc0ae5aeab6d2204153a9a8
f462ed01cdd9b02dcbda81b4cd1ac332b715a4048d554517ef6c17d81c43ad1a
f845e4b8f5eebbe74c9b3c8cb4665d14067e530550e61ae72ebf4340296e1733
f8b0f56381f3a3133f6f1a24a0a7fa86a2b755f4d43722ae5cd635bd634020b9
f9df1da2e337cc44e3d87a5dc93f8271933b5ee914c7046ef02e281014b6cda0
fa10b8c3ffcd3dc4e13a8b81cac989ebd60a5d507cc99d66d7a5481578e87f22
fbfc0cc592809f83bfde605255dafd78f525d1cee0f807973122895fe49e1c06
fcb102140b7ffbe92fdb9dc9180565cc20e2f248d79fe439463c0159ef5317e0
fd1c1a2397b23ce32007294e78aeac9d9299c5fb39596bf6b0b5a2077c318e14
fe4bbdad1d6dff75cde79f8afc07f29502bd4708cb0ce5f552083c3d81ba8382
feeff1b73fc856bbaa909aecd74cd3918a41d2f0642b773831da45ad969317e9