www.medicareobserver.com Open in urlscan Pro
2606:4700::6812:a04 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://medicareobserver.com/
Effective URL:
https://www.medicareobserver.com/
Submission: On February 28 via manual (February 28th 2021, 8:22:10 am UTC) from GB

Summary HTTP 101 Redirects Behaviour Indicators

Summary

This website contacted 22 IPs in 3 countries across 14 domains to perform 101 HTTP transactions. The main IP is 2606:4700::6812:a04, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.medicareobserver.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 14th 2020. Valid for: a year.

This is the only time www.medicareobserver.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 46	2606:4700::68... 2606:4700::6812:a04	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	199.232.137.44 199.232.137.44	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1497	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
2 2	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
101	22

46 2606:4700::6812:a04 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

medicareobserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.medicareobserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.137.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1497 (United States)

ASN13335 (CLOUDFLARENET, US)

images.swipit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	medicareobserver.com 2 redirects medicareobserver.com www.medicareobserver.com	1 MB
27	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	422 KB
11	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	71 KB
4	google.com 2 redirects adservice.google.com www.google.com	389 B
3	googletagservices.com www.googletagservices.com	93 KB
3	googletagmanager.com www.googletagmanager.com	109 KB
2	google.de adservice.google.de www.google.de	670 B
2	google-analytics.com www.google-analytics.com	19 KB
2	googleapis.com fonts.googleapis.com ajax.googleapis.com	31 KB
1	googleadservices.com partner.googleadservices.com	648 B
1	swipit.com images.swipit.com	25 KB
1	gstatic.com fonts.gstatic.com	9 KB
1	taboola.com cdn.taboola.com	22 KB
1	googleoptimize.com www.googleoptimize.com	34 KB
101	14

	Domain	Requested by
44	www.medicareobserver.com	www.medicareobserver.com
19	tpc.googlesyndication.com	www.medicareobserver.com googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.medicareobserver.com googleads.g.doubleclick.net
8	pagead2.googlesyndication.com	www.medicareobserver.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
3	www.google.com	2 redirects www.medicareobserver.com
3	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	www.googletagmanager.com	www.medicareobserver.com www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	medicareobserver.com	2 redirects
1	www.google.de	www.medicareobserver.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	images.swipit.com	www.googletagmanager.com
1	fonts.gstatic.com	fonts.googleapis.com
1	cdn.taboola.com	www.medicareobserver.com
1	www.googleoptimize.com	www.medicareobserver.com
1	ajax.googleapis.com	www.medicareobserver.com
1	fonts.googleapis.com	www.medicareobserver.com
101	20

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-14` - `2021-07-14`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
swipit.com Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh

This page contains 12 frames:

Primary Page: https://www.medicareobserver.com/
Frame ID: 9AE1C239D5B3EFB5F89968C7598FD2E0
Requests: 67 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210224/r20190131/zrt_lookup.html
Frame ID: A145AAF716758758F7337571D3B327FA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116
Frame ID: 9EC59C5934356E183F7456D7E51C404E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113
Frame ID: 294F71262EFA1AC49C1B65D3D83977AB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&adk=1812271804&adf=3025194257&lmt=1614500507&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.medicareobserver.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1614500507136&bpp=1&bdt=333&idt=117&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280%2C349x280&nras=1&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=3&uci=a!3&fsb=1&dtd=128
Frame ID: 72095FE709B0C2CDD0B9098BEF2E6745
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/index.html
Frame ID: FBBA11320276E05E93B9BBCBE368749A
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=C4wUim1I7YNiCEczL1fAPhtOsgAehw5TDYeqi0uiYDfrfn9-ODhABIJSupXNglQKgAcaXqqMDyAEJqQIez_OjR0G0PqgDAcgDSKoEwQFP0FkX4iLYZ6-YTMQhLL_z3mh55gSMx7fR4QS8Hj4FAW5S9TX40BpcnnzzP4X9FQanc_X-NzwekjTeoQaDAZCno83QYKD-RUZy4vcl87tG6FXyPIQNaqcBzv0xzy_dsg8YKjrsaiBxuVbTsL47hNOZvt2TwCLpRSf-lKd-_-fTXduVZ4EK5AC2bqW3mCiELqIuzKSQcetZZpnO6eDELOBIFmMOgi2BOqwHLk1rb1k8_q3iJUM5-eCy9n0NwNq0S-tUwAT7qqmEtwOSBQQIBBgBkgUECAUYBKAGLoAHoujVXKgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBDf6wLSCAkIgOGAEBABGB-ACgHICwHYEw2yFxoKGAgAEhRwdWItMzU1NzU0MzM5NjI3OTI4MA&sigh=_0JKM9vvObs&template_id=419&tpd=AGWhJmvcmbc8lbVt9tLwRWhaG5ULNRgQPJh-WOYSORGPe3CBgw
Frame ID: 5F88F7447F1D4F51B90D24F202011391
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2917737623791569724/300x250.html
Frame ID: ECAEF77B0B0EE3397442CDE74830261A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CX3cJm1I7YNSEEarJ1fAP5OSr6AW65_jDYbGQnZuYDd7ZHhABIJSupXNglQKgAZuI0Z8DyAEJqQIez_OjR0G0PqgDAcgDSKoExQFP0BF4WP1GBIbgXbvPPZYxrFmcsD2Zfrpfjmc-JepiDqcSaYnCPdfMQlMUMCB5k5uAzc6Jb202JQT4sWh1sYxraCvVMiu85a8RZZNOsGellNY-MP6Bz0zWs0S0gxIsrxi4iula-BdPiQVCpBrzO5JxDd8Bv8S3slF6ty1rXYAd6ji-O4m-h0f2DED2JNQ9dOhqWRtzEaC3xDPeiq0harLsZ-7kuzHs-aw368Ir4J7kZYOhPTDAuuPScoRGSBADchyx7e5KPcAE35vM_60DkgUECAQYAZIFBAgFGASgBi6AB833rmCoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQxZUC0ggJCIDhgBAQARgfgAoByAsB2BMMshcaChgIABIUcHViLTM1NTc1NDMzOTYyNzkyODA&sigh=IM0HzvmIiCM&template_id=419&tpd=AGWhJmvoLP2AWol2h_EhOHDp8MClotDLwsK8plPfRZlCotg7DQ
Frame ID: C63A4313DA28C96145E94CCEB113B455
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: B6BCDD3C57DDFE06320770831D11D3BD
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: B2FB772F45A79B21DB8A272DA48D94C2
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 128108B9C3EAF885823732A5F31689AB
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://medicareobserver.com/ HTTP 301
https://medicareobserver.com/ HTTP 301
https://www.medicareobserver.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

101
Requests

100 %
HTTPS

91 %
IPv6

14
Domains

20
Subdomains

22
IPs

3
Countries

2235 kB
Transfer

3872 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://medicareobserver.com/ HTTP 301
https://medicareobserver.com/ HTTP 301
https://www.medicareobserver.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 91

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 92

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

101 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.medicareobserver.com/
Redirect Chain

http://medicareobserver.com/
https://medicareobserver.com/
https://www.medicareobserver.com/

69 KB
10 KB

556ms
543ms

Document
text/html

2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2402ea189e4bceb31de4e095e3f664980e502d3af5b79d879bc5c9f9a6e6463

Request headers

:method: GET
:authority: www.medicareobserver.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=dc671112e41fd4f3715dce39215d27ecd1614500505
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:46 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
cf-request-id: 088953c2920000d6b9c500c000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6288bbe41a28d6b9-FRA
content-encoding: br

Redirect headers

date: Sun, 28 Feb 2021 08:21:46 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dc671112e41fd4f3715dce39215d27ecd1614500505; expires=Tue, 30-Mar-21 08:21:45 GMT; path=/; domain=.medicareobserver.com; HttpOnly; SameSite=Lax; Secure
location: https://www.medicareobserver.com/
cf-cache-status: DYNAMIC
cf-request-id: 088953c0a50000d6b9d8ad1000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6288bbe10f3bd6b9-FRA

GET
H2 200 css
fonts.googleapis.com/ 2 KB
646 B 15ms
13ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cf7a2b3976c3af63dc2bca70cc5625a26341f19b1ccd484feddf076df895ed58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 28 Feb 2021 06:46:46 GMT
server: ESF
date: Sun, 28 Feb 2021 08:21:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 28 Feb 2021 08:21:46 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
30 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 22 Feb 2021 15:40:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492088
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Feb 2022 15:40:18 GMT

GET
H2 200 autoptimize_bcca3fb87c16988a0a8e5b6ce72e1a00.css
www.medicareobserver.com/wp-content/cache/autoptimize/css/ 208 KB
32 KB 200ms
199ms Stylesheet
text/css 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.medicareobserver.com/wp-content/cache/autoptimize/css/autoptimize_bcca3fb87c16988a0a8e5b6ce72e1a00.css
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c01a42006e6ba9039fe6ec2cefd9e9bea62ba853a8a273cedf68f3a889058c1

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 17 Dec 2020 02:34:48 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=30672000
cf-ray: 6288bbe78cecd6b9-FRA
cf-request-id: 088953c4b80000d6b916b54000000001
expires: Fri, 18 Feb 2022 08:21:46 GMT

GET
H2 200 jquery-3.3.1.min.js Show response
www.medicareobserver.com/wp-content/plugins/jquery-updater/js/ 85 KB
29 KB 27ms
26ms Script
application/javascript 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.medicareobserver.com/wp-content/plugins/jquery-updater/js/jquery-3.3.1.min.js?ver=3.3.1
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 20 Jan 2019 03:58:33 GMT
server: cloudflare
age: 292721
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 6288bbe78cedd6b9-FRA
cf-request-id: 088953c4b80000d6b9af34d000000001
expires: Sun, 28 Feb 2021 12:21:46 GMT

GET
H2 200 autoptimize_single_c7118e30e58e22e72a0eca8ec9336599.js Show response
www.medicareobserver.com/wp-content/cache/autoptimize/js/ 14 B
223 B 25ms
24ms Script
application/javascript 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.medicareobserver.com/wp-content/cache/autoptimize/js/autoptimize_single_c7118e30e58e22e72a0eca8ec9336599.js?ver=4.9.16+2.4.11
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b16f328161f671c5374c717a038def5bba21a4f37cdfb3509cda60ec262cf5f

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:46 GMT
cf-cache-status: HIT
last-modified: Mon, 17 Aug 2020 16:28:18 GMT
server: cloudflare
age: 172839
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
expires: Fri, 18 Feb 2022 08:21:46 GMT
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6288bbe78ceed6b9-FRA
content-length: 14
cf-request-id: 088953c4b80000d6b9a4303000000001
cf-bgj: minify

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
39 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-146914112-2

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d057c41086216f1687dbd41f03e19e3a137ade4361aeae9e328a2e3fb54e613e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:46 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39359
x-xss-protection: 0
last-modified: Sun, 28 Feb 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 28 Feb 2021 08:21:46 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 86 KB
34 KB 33ms
30ms Script
application/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-PXB5QB6

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e8437a0366cd90fcff38d286c724bbe9dde2be8a249eca5e2157fbdaf745c0e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:46 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34704
x-xss-protection: 0
last-modified: Sun, 28 Feb 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 28 Feb 2021 08:21:46 GMT

GET
H2 200 Medical-Observer-small.png
www.medicareobserver.com/wp-content/uploads/2019/11/ 8 KB
8 KB 18ms
18ms Image
image/webp 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Medical-Observer-small.png
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 509fb5f6c887a602b1f4578a3a84d4126287c2702ad91c8a20e9494b43db0f5a

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:46 GMT
cf-cache-status: HIT
age: 101342
cf-polished: origFmt=png, origSize=15499
last-modified: Thu, 07 Nov 2019 03:37:51 GMT
content-disposition: inline; filename="Medical-Observer-small.webp"
content-length: 7868
cf-request-id: 088953c50e0000d6b9c33e4000000001
cf-bgj: imgq:85,h2pri
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbe81d5ad6b9-FRA
expires: Sun, 28 Feb 2021 12:21:46 GMT

GET
H2 200 31-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2020/10/ 25 KB
25 KB 191ms
191ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2020/10/31-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 785dafd18326849e25eb34b38725b4ae85a96780ea79ff884d5cbf80b29b3da5

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Wed, 14 Oct 2020 07:00:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbe83d80d6b9-FRA
content-length: 25580
cf-request-id: 088953c5230000d6b91c235000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 P11-Katy-Perry-and-Zooey-Deschanel-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2020/10/ 19 KB
19 KB 841ms
841ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2020/10/P11-Katy-Perry-and-Zooey-Deschanel-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77e9bf88100c1f1c9e7f56447e3e5010f813f7e73dc349ed64b0014d1ca8b2bb

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Wed, 14 Oct 2020 05:35:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbe8ce01d6b9-FRA
content-length: 19631
cf-request-id: 088953c5820000d6b9aa146000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 cover-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2020/08/ 19 KB
19 KB 202ms
198ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2020/08/cover-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6eb38486c7782a82ad653f820b86aa7c2c2bbe8fe759c094155ae477bda816ea

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Tue, 25 Aug 2020 08:36:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbe8fe23d6b9-FRA
content-length: 19034
cf-request-id: 088953c5960000d6b9f68f0000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 pic-1-michael-j-fox-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2020/01/ 9 KB
10 KB 175ms
171ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2020/01/pic-1-michael-j-fox-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbac861012c37fdfe51fe1ad7357f21c25d1af68c6ec152c31d9526162888f9a

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Fri, 10 Jan 2020 07:19:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbe8fe24d6b9-FRA
content-length: 9698
cf-request-id: 088953c5970000d6b9de0b6000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 P9-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/12/ 18 KB
18 KB 186ms
182ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/12/P9-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c4f85fee788a7f24ba0655096575cd1a34cab91a3e17838ad51ff1f9819ef8a

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Thu, 26 Dec 2019 08:34:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbe8fe26d6b9-FRA
content-length: 18221
cf-request-id: 088953c5970000d6b902a9c000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 %E5%B0%81%E9%9D%A2-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/12/ 23 KB
23 KB 193ms
189ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/12/%E5%B0%81%E9%9D%A2-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6e603dbe52c9ec6faa0a6aed169bbfb4cdfcfa650d1da703f8cf7d5f054d5d2

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Wed, 19 Aug 2020 09:38:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbe8fe27d6b9-FRA
content-length: 23931
cf-request-id: 088953c5970000d6b93009d000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 pic-76-Kim-Kadashan-1-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 20 KB
20 KB 193ms
193ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/pic-76-Kim-Kadashan-1-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1474557c2761a12d82eee32d5f965e6f06f8b6996191e8fe968756d940862c38

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Fri, 15 Nov 2019 03:02:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbea2f3dd6b9-FRA
content-length: 20832
cf-request-id: 088953c6550000d6b9d1bd6000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 P20-Sporting-Couple-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 23 KB
23 KB 195ms
195ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/P20-Sporting-Couple-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6643864386cbedfd51ef9e1a367c1fff714f93203a1fe6b03136c559f6892730

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Tue, 12 Nov 2019 07:37:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbea3f4ad6b9-FRA
content-length: 23575
cf-request-id: 088953c65e0000d6b9d118e000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 cover-photo-3-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 21 KB
21 KB 198ms
197ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/cover-photo-3-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f3d3ae79d1cb0771aa0bdf24708f8406d84b071109ccdbc8584b7905777bcd4

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Tue, 12 Nov 2019 05:43:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbea7f83d6b9-FRA
content-length: 21044
cf-request-id: 088953c68a0000d6b9a3bf5000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 Cover-14-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 17 KB
17 KB 181ms
180ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-14-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67ea6ab9f0330205e829555e361ca95d4b41d82a80e3b1a222c58085ee4d2348

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Tue, 12 Nov 2019 05:39:10 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbeb5868d6b9-FRA
content-length: 17389
cf-request-id: 088953c7170000d6b9a6b63000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 Cover-12-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 8 KB
8 KB 175ms
175ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-12-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbde3702557a7d4264b6729acc2f2937ccc3ebad94bfb0dddcab5cc2029bfec8

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Tue, 12 Nov 2019 05:32:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbeb687ad6b9-FRA
content-length: 8267
cf-request-id: 088953c7220000d6b91c247000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 Cover-13-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 19 KB
19 KB 183ms
182ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-13-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a01c43e6593a6b0c67cbb154a4476564bc50ca22c44225a8142c470524868af9

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Tue, 12 Nov 2019 05:32:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbebb8c2d6b9-FRA
content-length: 18952
cf-request-id: 088953c7500000d6b9a6b66000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 cover-photo-2-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 15 KB
15 KB 187ms
187ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/cover-photo-2-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0521e204bfc90d6bf88abae3c6a7968cd8992d9b59468a739a79c0de08a6d21c

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Tue, 12 Nov 2019 05:08:27 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbec797bd6b9-FRA
content-length: 15656
cf-request-id: 088953c7cf0000d6b9aa15c000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 Cover-11-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 18 KB
18 KB 186ms
185ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-11-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdb3ad4b30feed12557c6a4f947e16dcf722cda68899cc946e2ece8000c24dc7

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Tue, 12 Nov 2019 03:48:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbec8982d6b9-FRA
content-length: 18021
cf-request-id: 088953c7d20000d6b90f05f000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 cover-photo-1-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 16 KB
16 KB 186ms
185ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/cover-photo-1-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8db129a5ecff27ff99eafd7d5ebbd31077d8beb7cd921fb892bfccfc68b99350

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Mon, 11 Nov 2019 07:46:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbecd9c6d6b9-FRA
content-length: 16413
cf-request-id: 088953c8080000d6b9ee8ab000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 Cover-10-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 15 KB
15 KB 181ms
181ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-10-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46f08d53233ed91a8fb3cfbd162a4486611b8fce9d3ec529bf8e7674e3fd5261

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Mon, 11 Nov 2019 07:38:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbed5a38d6b9-FRA
content-length: 15532
cf-request-id: 088953c8570000d6b9b694e000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 cover-Photo-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 20 KB
20 KB 195ms
195ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/cover-Photo-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e7e08e198a9a52d3c7b369d96ab54ad1dbfbd77d46483a63c4c901365909ead

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Mon, 11 Nov 2019 07:31:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbedaa72d6b9-FRA
content-length: 20429
cf-request-id: 088953c8880000d6b909bed000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 cover-photo-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 14 KB
14 KB 181ms
180ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/cover-photo-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bea97213ff90fa3641812947e618d95a4b742ad234e29153721c3df7d9e677b5

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Mon, 11 Nov 2019 07:20:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbedaa79d6b9-FRA
content-length: 14050
cf-request-id: 088953c88d0000d6b918994000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 Cover-9-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 36 KB
37 KB 191ms
190ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-9-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24414392841a6065093e43c71e3acc882f2be4fc18e79834e17b6e4465ee1934

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Mon, 11 Nov 2019 03:07:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbee0ae6d6b9-FRA
content-length: 37318
cf-request-id: 088953c8c20000d6b9b6952000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 Cover-8-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 11 KB
11 KB 170ms
170ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-8-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40b0a81aea1a8ad5e4682ef8ebe105733fa0d63845ed5d19b3b24b268fc0d8dc

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Mon, 11 Nov 2019 02:39:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbee1af1d6b9-FRA
content-length: 11563
cf-request-id: 088953c8cc0000d6b9cd8d3000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 %E5%B0%81%E9%9D%A2-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2020/08/ 16 KB
17 KB 183ms
183ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2020/08/%E5%B0%81%E9%9D%A2-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67410b51ea3b5bbd369698106424a8504c3dc24bd30e54d225b2619b5a1be170

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Wed, 19 Aug 2020 02:00:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbee7b5ad6b9-FRA
content-length: 16793
cf-request-id: 088953c90f0000d6b920ab5000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 Cover-2-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 44 KB
44 KB 225ms
224ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-2-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0bb36c4654595662c64268e8e83cbd5721f9c760c08468d6be3875cab1815b29

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Thu, 07 Nov 2019 05:57:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbeedba0d6b9-FRA
content-length: 45141
cf-request-id: 088953c9420000d6b9d9ae8000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 Cover-4-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 23 KB
24 KB 181ms
180ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-4-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a39fc2154061254c61f83432957cceccffc756df955225fdcc40b76b8b3ea6e2

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Thu, 07 Nov 2019 06:26:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbeeebadd6b9-FRA
content-length: 23983
cf-request-id: 088953c94d0000d6b9c3010000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 Cover-5-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 27 KB
27 KB 194ms
193ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-5-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f8ad480935fd8df4acdcb359762d19d1b648485ba3928c5fbe40ea17a7779bc

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Thu, 07 Nov 2019 06:35:47 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbef2be1d6b9-FRA
content-length: 27791
cf-request-id: 088953c9760000d6b9f6912000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 Cover-6-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 16 KB
16 KB 190ms
190ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-6-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13d90a3776d4fdb17d175ce431a1273cd8fa23dfe9143dec3471f6c33330eb94

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Thu, 07 Nov 2019 06:42:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbef3bf0d6b9-FRA
content-length: 16372
cf-request-id: 088953c9820000d6b91610f000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 Cover-7-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 33 KB
33 KB 189ms
188ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-7-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b157bfe8c1d39b8325b687092c59d135a69b0c725eec31f4ca67557cca4d9b19

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Thu, 07 Nov 2019 06:59:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbefac50d6b9-FRA
content-length: 33576
cf-request-id: 088953c9c60000d6b9feb99000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 Cover-3-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 18 KB
18 KB 197ms
197ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-3-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21504fdee8ca94a9ac8db8592b8d1081ef7d2d90432caabc7b6cf6df67857d38

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Thu, 07 Nov 2019 06:08:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbf00cb4d6b9-FRA
content-length: 17948
cf-request-id: 088953ca020000d6b9be968000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 Cover-1-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 14 KB
14 KB 173ms
173ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-1-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4fa9f504cd75695261dc533fcf27ee0f1235511e72407b684e1da3de573c2e7

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Thu, 07 Nov 2019 05:41:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbf03cd4d6b9-FRA
content-length: 14235
cf-request-id: 088953ca250000d6b9d1bfb000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 Cover-360x250.jpg
www.medicareobserver.com/wp-content/uploads/2019/11/ 15 KB
15 KB 674ms
674ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/11/Cover-360x250.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcc8aa5a47922da4ac7398c98db2dff9c420e2bc10219027dc40058464d4eba1

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Thu, 07 Nov 2019 05:26:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbf05ce9d6b9-FRA
content-length: 15253
cf-request-id: 088953ca390000d6b9d61a2000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 autoptimize_375ee61a424ba848d63954cee170df1a.js Show response
www.medicareobserver.com/wp-content/cache/autoptimize/js/ 180 KB
48 KB 213ms
213ms Script
application/javascript 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.medicareobserver.com/wp-content/cache/autoptimize/js/autoptimize_375ee61a424ba848d63954cee170df1a.js
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd9977374c75c24350b7e1074942d9bc757d902a3958c673e240553d8e9b2bf4

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 17 Aug 2020 16:28:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=30672000
cf-ray: 6288bbf06cf5d6b9-FRA
cf-request-id: 088953ca410000d6b9ee8c0000000001
expires: Fri, 18 Feb 2022 08:21:48 GMT

GET
H2 200 /
www.medicareobserver.com/2020/10/14/hollywood-is-seeing-double-30-celebrity-doppelgangers/ 0
16 KB 613ms
613ms Other
text/html 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.medicareobserver.com/2020/10/14/hollywood-is-seeing-double-30-celebrity-doppelgangers/
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-pingback: https://www.medicareobserver.com/xmlrpc.php
date: Sun, 28 Feb 2021 08:21:48 GMT
content-encoding: br
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: public, max-age=14400
cf-ray: 6288bbf15dc8d6b9-FRA
link: <https://www.medicareobserver.com/?p=7602>; rel=shortlink
cf-request-id: 088953cad30000d6b9de0e8000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ 80 KB
32 KB 47ms
32ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MR5SQCC

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9ef382130271a6281e66f2d39ed0ea49e30ecbd3e00f0fafbdd33f017713f5fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32586
x-xss-protection: 0
last-modified: Sun, 28 Feb 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 28 Feb 2021 08:21:47 GMT

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1246599/ 64 KB
22 KB 128ms
110ms Script
application/javascript 199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1246599/tfa.js
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 70bacbfea121e68ad78ec6219ea47188c9bc0d8c57805be8e0ec162e791123c9

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: KX0NixJ9hMkGWEKjOdu9nVD0IF4weMdW
content-encoding: gzip
etag: "98929561ef33059a5f81b7268dfb47c1"
age: 0
x-cache: MISS
x-amz-replication-status: COMPLETED
content-length: 21899
x-amz-id-2: 8GcQwjHQpG2H4OgJAy5AQGEy/P8AkIy1FCErdjmrfQQS8rrq5LWXLTjbAlkNmFMaMkM0LDt3BEQ=
x-served-by: cache-hhn11574-HHN
last-modified: Mon, 22 Feb 2021 13:43:25 GMT
server: AmazonS3
x-timer: S1614500507.048915,VS0,VE103
date: Sun, 28 Feb 2021 08:21:47 GMT
vary: Accept-Encoding
x-amz-request-id: 4EF9C9884733E51C
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 66
x-cache-hits: 0

GET
H2 200 ajax-loader.svg
www.medicareobserver.com/wp-content/themes/look/assets/images/ 897 B
389 B 679ms
679ms Image
image/svg+xml 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/themes/look/assets/images/ajax-loader.svg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/wp-content/cache/autoptimize/css/autoptimize_bcca3fb87c16988a0a8e5b6ce72e1a00.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3183953c7182d7f3dfb4ec4424a3238effa382b6f7fa3cef7bac0b8d771dd8c

Request headers

Referer: https://www.medicareobserver.com/wp-content/cache/autoptimize/css/autoptimize_bcca3fb87c16988a0a8e5b6ce72e1a00.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sat, 30 Dec 2017 02:19:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=14400
cf-ray: 6288bbe91e47d6b9-FRA
cf-request-id: 088953c5b00000d6b9c996b000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 31.jpg
www.medicareobserver.com/wp-content/uploads/2020/10/ 89 KB
89 KB 205ms
204ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2020/10/31.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 702e41a549d757b43f77121661e786837114fef6ef08fb180765535b022258dc

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
cf-cache-status: MISS
last-modified: Wed, 14 Oct 2020 07:00:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbe91e46d6b9-FRA
content-length: 91042
cf-request-id: 088953c5b00000d6b9cd21a000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 P11-Katy-Perry-and-Zooey-Deschanel.jpg
www.medicareobserver.com/wp-content/uploads/2020/10/ 295 KB
295 KB 982ms
982ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2020/10/P11-Katy-Perry-and-Zooey-Deschanel.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45b850a2e7daa56a844a4fe99151e2529deec030303c2e61db4a88bd11dc167c

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Wed, 14 Oct 2020 05:35:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbe91e43d6b9-FRA
content-length: 301732
cf-request-id: 088953c5af0000d6b911ac5000000001
expires: Sun, 28 Feb 2021 12:21:47 GMT

GET
H2 200 cover.jpg
www.medicareobserver.com/wp-content/uploads/2020/08/ 79 KB
79 KB 197ms
197ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2020/08/cover.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d6ab3268a6537c17afd1c836adfc3d14a9b6cd1560f83316f4c8e4fca3d0f61

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Tue, 25 Aug 2020 08:36:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbf0dd53d6b9-FRA
content-length: 80725
cf-request-id: 088953ca830000d6b9189a9000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 pic-1-michael-j-fox.jpg
www.medicareobserver.com/wp-content/uploads/2020/01/ 44 KB
44 KB 986ms
985ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2020/01/pic-1-michael-j-fox.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c854d4e368eed02447bfb15389406b4ea84cb29908a569632a44884d62ab7d5

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:49 GMT
cf-cache-status: MISS
last-modified: Fri, 10 Jan 2020 07:19:45 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbf13db4d6b9-FRA
content-length: 45305
cf-request-id: 088953cac60000d6b9bc298000000001
expires: Sun, 28 Feb 2021 12:21:49 GMT

GET
H2 200 P9.jpg
www.medicareobserver.com/wp-content/uploads/2019/12/ 163 KB
164 KB 223ms
223ms Image
image/jpeg 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/uploads/2019/12/P9.jpg
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99ffd13a6d3d99571b07835ca50613de0b728caaeb3e329097aa091d9367ca40

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Thu, 26 Dec 2019 08:34:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbf13db9d6b9-FRA
content-length: 167359
cf-request-id: 088953cac80000d6b9d1802000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 5ms
5ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.medicareobserver.com
Referer: https://fonts.googleapis.com/css?family=Open+Sans
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Feb 2021 20:46:55 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 387292
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Wed, 23 Feb 2022 20:46:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
48 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2467a9fefa378b8d57d62d9108794bcd476de6ce2cc1ba42ea85200fd73960b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49420
x-xss-protection: 0
server: cafe
etag: 13386428730629145965
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 28 Feb 2021 08:21:47 GMT

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
38 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-146914112-6&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-146914112-2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9635da9eb9562a23326af5beb2984f83f7606872fb75cd96ae8a7bf92166c65c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39374
x-xss-protection: 0
last-modified: Sun, 28 Feb 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 28 Feb 2021 08:21:47 GMT

GET
H2 200 serviceworker3.js Show response
images.swipit.com/service_worker/ 67 KB
25 KB 60ms
35ms Script
application/javascript 2606:4700::6812:1497
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://images.swipit.com/service_worker/serviceworker3.js?id=4
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MR5SQCC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1497 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ddfe93a83dae49c04970d6dc61870133880bfad0a96e067e3b2fad8fa015a49d

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: br
cf-cache-status: HIT
age: 270966
cf-polished: origSize=68520
last-modified: Thu, 25 Feb 2021 04:56:03 GMT
x-amz-request-id: 6Q5G8M0P6GBQES5W
x-amz-id-2: AsW5O84sfOQ/B0zW8SUKjStwoAG/znjJxVJn3QcUhBrxtIJNGRdaAr3BDOFFZ2tkfMTsORutqn4=
cf-bgj: minify
server: cloudflare
etag: W/"2a9f56a8e0bcab6f92f811e413121986"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=1200
x-amz-version-id: 3ROeOEVdCr49jnNuKt9IlT7j4zEULPnX
cf-request-id: 088953c5fb00002c018f992000000001
cf-ray: 6288bbe98e242c01-FRA
expires: Sun, 28 Feb 2021 08:41:47 GMT

GET
H3-Q050 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210224/r20190131/ 227 KB
86 KB 65ms
50ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210224/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3557543396279280&plah=www.medicareobserver.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f634b91be542081897250daa08ff62f5bdbd0d114a3485efe020d2c07f21fdc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87195
x-xss-protection: 0
server: cafe
etag: 3111314854812010922
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 28 Feb 2021 08:21:47 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210224/r20190131/ Frame A145 10 KB
5 KB 7ms
5ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210224/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a1b2ebe6a2b314929967bdf1ba8c694fb45bf76a5b847e57fb847b3cdd9338a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210224/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.medicareobserver.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.medicareobserver.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 28 Feb 2021 00:12:56 GMT
expires: Sun, 14 Mar 2021 00:12:56 GMT
content-type: text/html; charset=UTF-8
etag: 6440208225989294717
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4777
x-xss-protection: 0
age: 29331
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 5ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-146914112-6&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 1151
date: Sun, 28 Feb 2021 08:02:36 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Sun, 28 Feb 2021 10:02:36 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
394 B 47ms
14ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=933582253&t=pageview&_s=1&dl=https%3A%2F%2Fwww.medicareobserver.com%2F&ul=en-us&de=UTF-8&dt=Medicare%20Observer%20-%20medicare%20info%20deliver&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=658468270&gjid=1326391743&cid=680464696.1614500507&tid=UA-146914112-6&_gid=1233152258.1614500507&_r=1&gtm=2ou2h0&z=1607690844

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 28 Feb 2021 08:21:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.medicareobserver.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 210 B
648 B 64ms
41ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.medicareobserver.com&callback=_gfp_s_&client=ca-pub-3557543396279280

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210224/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3557543396279280&plah=www.medicareobserver.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

0fe56344180498658a09a7fba2cc355ca917815f57ab0037a372ce84442a619d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 199
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 14ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.medicareobserver.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 16ms
14ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.medicareobserver.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9EC5 101 KB
32 KB 368ms
353ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef12c758ac74063666f9e3c6aa81be63b9eae199cf6f3cd84bece989c43655b4

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJi854mTjO8CFcxlFQgdhikLcA&gqi=m1I7YLzREKmR1fAPwuy8wAE&layout=/sadbundle/%24csp%253Der3%24/17106804434867297058/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.medicareobserver.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.medicareobserver.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJi854mTjO8CFcxlFQgdhikLcA&gqi=m1I7YLzREKmR1fAPwuy8wAE&layout=/sadbundle/%24csp%253Der3%24/17106804434867297058/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 28 Feb 2021 08:21:47 GMT
server: cafe
content-length: 32294
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 28-Feb-2021 08:36:47 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 28 Feb 2021 08:21:47 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

946d9a7a03fb3be233ea45625f62ecc13c46743c63f0b2d0b8588e4ec1436d13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614342938524533"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28399
x-xss-protection: 0
expires: Sun, 28 Feb 2021 08:21:47 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 294F 105 KB
33 KB 367ms
364ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cbb7e69666344a4eaff07d0b8973941090bd8b6686a8fc9a14152a4f960e33dd

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2917737623791569724/300x250.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2917737623791569724/300x250.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJS-54mTjO8CFapkFQgdZPIKXQ&gqi=m1I7YI3QELHUxgPmtaf4Ag&layout=/sadbundle/%24csp%253Der3%24/2917737623791569724/300x250.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.medicareobserver.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.medicareobserver.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2917737623791569724/300x250.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2917737623791569724/300x250.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJS-54mTjO8CFapkFQgdZPIKXQ&gqi=m1I7YI3QELHUxgPmtaf4Ag&layout=/sadbundle/%24csp%253Der3%24/2917737623791569724/300x250.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 28 Feb 2021 08:21:47 GMT
server: cafe
content-length: 33387
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 28-Feb-2021 08:36:47 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 28 Feb 2021 08:21:47 GMT
cache-control: private

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7209 54 B
596 B 81ms
81ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&adk=1812271804&adf=3025194257&lmt=1614500507&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.medicareobserver.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1614500507136&bpp=1&bdt=333&idt=117&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280%2C349x280&nras=1&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=3&uci=a!3&fsb=1&dtd=128

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-3557543396279280&output=html&adk=1812271804&adf=3025194257&lmt=1614500507&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.medicareobserver.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1614500507136&bpp=1&bdt=333&idt=117&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280%2C349x280&nras=1&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=3&uci=a!3&fsb=1&dtd=128
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.medicareobserver.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.medicareobserver.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 28 Feb 2021 08:21:47 GMT
server: cafe
content-length: 34
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 28-Feb-2021 08:36:47 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 28 Feb 2021 08:21:47 GMT
cache-control: private

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
94 B 18ms
16ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-146914112-6&cid=680464696.1614500507&jid=658468270&gjid=1326391743&_gid=1233152258.1614500507&_u=IEBAAUAAAAAAAC~&z=238566348

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 28 Feb 2021 08:21:47 GMT
content-type: text/plain
access-control-allow-origin: https://www.medicareobserver.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 15ms
15ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-146914112-6&cid=680464696.1614500507&jid=658468270&_u=IEBAAUAAAAAAAC~&z=2054124918

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 28 Feb 2021 08:21:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
505 B 36ms
16ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-146914112-6&cid=680464696.1614500507&jid=658468270&_u=IEBAAUAAAAAAAC~&z=2054124918

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 28 Feb 2021 08:21:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/ Frame FBBA 90 KB
25 KB 7ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/index.html

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d48efcfa71adf6bfb110a1ff9c6547cdd883c5ce32b90843f1b8540ea70e2690

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/17106804434867297058/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Sun, 21 Feb 2021 22:23:57 GMT
expires: Mon, 21 Feb 2022 22:23:57 GMT
last-modified: Wed, 27 Jan 2021 14:00:28 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 24538
age: 554270
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5F88 0
0 45ms
44ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C4wUim1I7YNiCEczL1fAPhtOsgAehw5TDYeqi0uiYDfrfn9-ODhABIJSupXNglQKgAcaXqqMDyAEJqQIez_OjR0G0PqgDAcgDSKoEwQFP0FkX4iLYZ6-YTMQhLL_z3mh55gSMx7fR4QS8Hj4FAW5S9TX40BpcnnzzP4X9FQanc_X-NzwekjTeoQaDAZCno83QYKD-RUZy4vcl87tG6FXyPIQNaqcBzv0xzy_dsg8YKjrsaiBxuVbTsL47hNOZvt2TwCLpRSf-lKd-_-fTXduVZ4EK5AC2bqW3mCiELqIuzKSQcetZZpnO6eDELOBIFmMOgi2BOqwHLk1rb1k8_q3iJUM5-eCy9n0NwNq0S-tUwAT7qqmEtwOSBQQIBBgBkgUECAUYBKAGLoAHoujVXKgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBDf6wLSCAkIgOGAEBABGB-ACgHICwHYEw2yFxoKGAgAEhRwdWItMzU1NzU0MzM5NjI3OTI4MA&sigh=_0JKM9vvObs&template_id=419&tpd=AGWhJmvcmbc8lbVt9tLwRWhaG5ULNRgQPJh-WOYSORGPe3CBgw

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 28 Feb 2021 08:21:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 28 Feb 2021 08:21:47 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210224/r20110914/ Frame 5F88 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210224/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e2a22b1971df590c6430eedb9cb1c3148d033040b34f92df454ad040ca97187

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:09:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 735
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7378
x-xss-protection: 0
server: cafe
etag: 18079855114753437313
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Mar 2021 08:09:32 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210224/r20110914/client/ Frame 5F88 3 KB
2 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210224/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:20:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Mar 2021 08:20:57 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5F88 107 KB
33 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

feefcd59e61a51094fa7ae4c08b8852a459a9be079bdc12a7b40ed600a33d79e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614342950420569"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33470
x-xss-protection: 0
expires: Sun, 28 Feb 2021 08:21:47 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210224/r20110914/client/ Frame 5F88 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210224/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

704d0d3da6cd158841779485200573d774009ed765dfe9f91cee6f3c0fafcba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:19:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 160
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 4905056106247604317
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Mar 2021 08:19:07 GMT

GET
H3-Q050 200 300x250.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2917737623791569724/ Frame ECAE 108 KB
46 KB 30ms
16ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2917737623791569724/300x250.html

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12c49791421537cdeddcf4fa86f63a5c2b5fe037d05d960e773bb1479b7c465d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/2917737623791569724/300x250.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Sat, 27 Feb 2021 06:46:54 GMT
expires: Sun, 27 Feb 2022 06:46:54 GMT
last-modified: Wed, 20 Jan 2021 22:00:39 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 45584
age: 92093
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
googleads.g.doubleclick.net/pagead/ Frame C63A 0
0 44ms
43ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CX3cJm1I7YNSEEarJ1fAP5OSr6AW65_jDYbGQnZuYDd7ZHhABIJSupXNglQKgAZuI0Z8DyAEJqQIez_OjR0G0PqgDAcgDSKoExQFP0BF4WP1GBIbgXbvPPZYxrFmcsD2Zfrpfjmc-JepiDqcSaYnCPdfMQlMUMCB5k5uAzc6Jb202JQT4sWh1sYxraCvVMiu85a8RZZNOsGellNY-MP6Bz0zWs0S0gxIsrxi4iula-BdPiQVCpBrzO5JxDd8Bv8S3slF6ty1rXYAd6ji-O4m-h0f2DED2JNQ9dOhqWRtzEaC3xDPeiq0harLsZ-7kuzHs-aw368Ir4J7kZYOhPTDAuuPScoRGSBADchyx7e5KPcAE35vM_60DkgUECAQYAZIFBAgFGASgBi6AB833rmCoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQxZUC0ggJCIDhgBAQARgfgAoByAsB2BMMshcaChgIABIUcHViLTM1NTc1NDMzOTYyNzkyODA&sigh=IM0HzvmIiCM&template_id=419&tpd=AGWhJmvoLP2AWol2h_EhOHDp8MClotDLwsK8plPfRZlCotg7DQ

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 28 Feb 2021 08:21:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 28 Feb 2021 08:21:47 GMT

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210224/r20110914/ Frame C63A 18 KB
7 KB 27ms
14ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210224/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e2a22b1971df590c6430eedb9cb1c3148d033040b34f92df454ad040ca97187

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:20:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7378
x-xss-protection: 0
server: cafe
etag: 18079855114753437313
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Mar 2021 08:20:45 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210224/r20110914/client/ Frame C63A 3 KB
2 KB 27ms
14ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210224/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:18:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Mar 2021 08:18:39 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C63A 107 KB
33 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

feefcd59e61a51094fa7ae4c08b8852a459a9be079bdc12a7b40ed600a33d79e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1614342950420569"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33470
x-xss-protection: 0
expires: Sun, 28 Feb 2021 08:21:47 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210224/r20110914/client/ Frame C63A 14 KB
6 KB 28ms
15ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210224/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

704d0d3da6cd158841779485200573d774009ed765dfe9f91cee6f3c0fafcba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:16:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 313
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 4905056106247604317
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Mar 2021 08:16:34 GMT

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B6BC 143 B
216 B 7ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 28 Feb 2021 07:41:24 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2423
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame FBBA 16 KB
6 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 27 Feb 2021 15:52:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59358
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 28 Feb 2021 15:52:29 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame FBBA 22 KB
9 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 27 Feb 2021 13:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 28 Feb 2021 13:07:30 GMT

GET
DATA 200
OK truncated
/ Frame 5F88 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e79e232f1fc4be028eb6c55282df69d87ee31b5b81f5e0571194113513aa48c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B2FB 143 B
165 B 7ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlDQkUtL82cpEaOx4MfNvPiNRPrAdURUYKqkbWCTrjnaTbwX4tMUYPuFcEp_yg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=7028414379&adk=263806279&adf=1341338226&pi=t.ma~as.7028414379&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507133&bpp=2&bdt=330&idt=110&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=349x280&correlator=3468213341574&frm=20&pv=1&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=1136&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=2&uci=a!2&fsb=1&xpc=4B0fTYbmCj&p=https%3A//www.medicareobserver.com&dtd=113

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 28 Feb 2021 07:41:24 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2423
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame C63A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8ba8ad1497e6062830ad9c9a4d80fe7ad96982955ed5c8d56f2fb66b0b719a2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame ECAE 9 KB
4 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2917737623791569724/300x250.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 04:49:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12745
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 01 Mar 2021 04:49:22 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame ECAE 22 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/2917737623791569724/300x250.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 27 Feb 2021 13:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 28 Feb 2021 13:07:30 GMT

GET
H3-Q050 200 T-Hew4zKFoEuSiaqIGgqIslCHcmG-ErS7x6AqoEqFIc.js Show response
pagead2.googlesyndication.com/bg/ Frame FBBA 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/T-Hew4zKFoEuSiaqIGgqIslCHcmG-ErS7x6AqoEqFIc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fe1dec38cca16812e4a26aa20682a22c9421dc986f84ad2ef1e80aa812a1487

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 26 Feb 2021 21:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 11:15:00 GMT
server: sffe
age: 126097
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6212
x-xss-protection: 0
expires: Sat, 26 Feb 2022 21:20:10 GMT

GET
H3-Q050 200 03.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/ Frame FBBA 10 KB
10 KB 9ms
8ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/03.png

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6064d4d0d9558f075b07e3eae90c97a0b92bad955d10f571f95d46c6d1065aba

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 33662
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10009
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 14:00:28 GMT
server: sffe
date: Sat, 27 Feb 2021 23:00:45 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 27 Feb 2022 23:00:45 GMT

GET
H3-Q050 200 04.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/ Frame FBBA 4 KB
6 KB 9ms
9ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/04.png

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8834c8dd36ae48737da666c8948f6f8a68bbd0256f439bd9fda64bec44f9eb5a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 13
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4447
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 14:00:28 GMT
server: sffe
date: Sun, 28 Feb 2021 08:21:34 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 28 Feb 2022 08:21:34 GMT

GET
H3-Q050 200 txt.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/ Frame FBBA 7 KB
8 KB 8ms
7ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/txt.png

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4da9f2e45b744e826df99efb8ad1fad2bb9a9eb6b927f1d788b5f21ae72f14a4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 33662
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7657
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 14:00:28 GMT
server: sffe
date: Sat, 27 Feb 2021 23:00:45 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 27 Feb 2022 23:00:45 GMT

GET
H3-Q050 200 01.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/ Frame FBBA 48 KB
48 KB 11ms
10ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/01.png

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba57e6900585fdfc911df57190d6777f47bf834e96e0e10913691d31d2f82614

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 33662
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49101
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 14:00:28 GMT
server: sffe
date: Sat, 27 Feb 2021 23:00:45 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 27 Feb 2022 23:00:45 GMT

GET
H3-Q050 200 02.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/ Frame FBBA 52 KB
52 KB 10ms
9ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17106804434867297058/02.png

Requested by

Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa5f62946c73982d7d9fb0204856849a8e5321b122bd00dea443657a5c6f6e57

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 340011
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52782
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 14:00:28 GMT
server: sffe
date: Wed, 24 Feb 2021 09:54:56 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Feb 2022 09:54:56 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B6BC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
306 B

39ms
39ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlDQkUtL82cpEaOx4MfNvPiNRPrAdURUYKqkbWCTrjnaTbwX4tMUYPuFcEp_yg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 28 Feb 2021 08:21:47 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 28-Feb-2021 09:21:47 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 28 Feb 2021 08:21:47 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 28 Feb 2021 08:21:47 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B2FB
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
36 B

39ms
38ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlDQkUtL82cpEaOx4MfNvPiNRPrAdURUYKqkbWCTrjnaTbwX4tMUYPuFcEp_yg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 28 Feb 2021 08:21:47 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 28-Feb-2021 09:21:47 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 28 Feb 2021 08:21:47 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 28 Feb 2021 08:21:47 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame ECAE 28 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d296c24459fafe654905ce0c952d710aa3775785777606ee49e600c94deda461

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H3-Q050 200 T-Hew4zKFoEuSiaqIGgqIslCHcmG-ErS7x6AqoEqFIc.js Show response
pagead2.googlesyndication.com/bg/ Frame ECAE 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/T-Hew4zKFoEuSiaqIGgqIslCHcmG-ErS7x6AqoEqFIc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fe1dec38cca16812e4a26aa20682a22c9421dc986f84ad2ef1e80aa812a1487

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 26 Feb 2021 21:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 11:15:00 GMT
server: sffe
age: 126097
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6212
x-xss-protection: 0
expires: Sat, 26 Feb 2022 21:20:10 GMT

GET
H2 200 nav-left.png
www.medicareobserver.com/wp-content/themes/look/assets/images/ 2 KB
2 KB 192ms
192ms Image
image/png 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/themes/look/assets/images/nav-left.png
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/wp-content/cache/autoptimize/css/autoptimize_bcca3fb87c16988a0a8e5b6ce72e1a00.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 943e1c979b878615dd9831711536566bde1ed3cedb28c5cb09ef6e252d184f0b

Request headers

Referer: https://www.medicareobserver.com/wp-content/cache/autoptimize/css/autoptimize_bcca3fb87c16988a0a8e5b6ce72e1a00.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Sat, 30 Dec 2017 02:19:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbf20e5ed6b9-FRA
content-length: 2268
cf-request-id: 088953cb4a0000d6b9cd24e000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H2 200 nav-right.png
www.medicareobserver.com/wp-content/themes/look/assets/images/ 2 KB
2 KB 174ms
174ms Image
image/png 2606:4700::6812:a04
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.medicareobserver.com/wp-content/themes/look/assets/images/nav-right.png
Requested by: Host: www.medicareobserver.com
URL: https://www.medicareobserver.com/wp-content/cache/autoptimize/css/autoptimize_bcca3fb87c16988a0a8e5b6ce72e1a00.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a04 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c92d1e806f972082f546647d14c8ad5caaccf4d8d64e36205f73723bc13b4cb8

Request headers

Referer: https://www.medicareobserver.com/wp-content/cache/autoptimize/css/autoptimize_bcca3fb87c16988a0a8e5b6ce72e1a00.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:48 GMT
cf-cache-status: MISS
last-modified: Sat, 30 Dec 2017 02:19:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6288bbf21e60d6b9-FRA
content-length: 2204
cf-request-id: 088953cb4a0000d6b9a433e000000001
expires: Sun, 28 Feb 2021 12:21:48 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5F88 42 B
479 B 61ms
48ms Fetch
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssibzEIEQSsaBJSpg6XaAg_uEauFML8Xmxa52JSQahaN-w_draDjjtEEfUvLiaFe8EZ0xXCsu4H9gBbSpyVSyt9-sYsQeosgw9YgUrhyHkymqMvBky2BYIUzLy4hw&sai=AMfl-YQcfFdhL81oeGejNLkP3jPHNZqVdhPrsGBTD2AtnZfAZHU7eP9gk9xo6nWmys3_HalcJyX6ZIrkJS1o&sig=Cg0ArKJSzBCRPWyvprowEAE&id=osdim&mcvt=1000&p=804,1015,1084,1351&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210226&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=928348689&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1614500507239&dlt=378&rpt=55&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3557543396279280&output=html&h=280&slotname=1447595266&adk=928348689&adf=705595412&pi=t.ma~as.1447595266&w=349&fwrn=4&fwrnh=100&lmt=1614500507&rafmt=3&psa=0&format=349x280&url=https%3A%2F%2Fwww.medicareobserver.com%2F&flash=0&fwr=0&rpe=1&resp_fmts=1&wgl=1&dt=1614500507118&bpp=15&bdt=315&idt=97&shv=r20210224&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=3468213341574&frm=20&pv=2&ga_vid=680464696.1614500507&ga_sid=1614500507&ga_hid=933582253&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1008&ady=804&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946%2C21068786&oid=3&pvsid=3437516444172233&rx=0&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=8320&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jCmLgXqx3W&p=https%3A//www.medicareobserver.com&dtd=116
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 28 Feb 2021 08:21:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
6 KB 18ms
17ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210224&st=env

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e64a1f5f1c51fa8b0aa7b319d13272853c7952ca40a3babdec37ad3bac817b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 28 Feb 2021 08:21:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6506
x-xss-protection: 0

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 28 Feb 2021 08:21:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Sun, 28 Feb 2021 08:21:49 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 1281 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.medicareobserver.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.medicareobserver.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Sun, 28 Feb 2021 02:52:46 GMT
expires: Mon, 28 Feb 2022 02:52:46 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 19743
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 T-Hew4zKFoEuSiaqIGgqIslCHcmG-ErS7x6AqoEqFIc.js Show response
pagead2.googlesyndication.com/bg/ Frame 1281 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/T-Hew4zKFoEuSiaqIGgqIslCHcmG-ErS7x6AqoEqFIc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fe1dec38cca16812e4a26aa20682a22c9421dc986f84ad2ef1e80aa812a1487

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 26 Feb 2021 21:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 11:15:00 GMT
server: sffe
age: 126099
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6212
x-xss-protection: 0
expires: Sat, 26 Feb 2022 21:20:10 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
111 B 39ms
39ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gda_r20210224&jk=3437516444172233&bg=!8vGl8bLNAAXB_3NtwTsAKQB2-DxaU2vX3PO2rX-lXoebvfYHK-8cF2s9u-x4a-B6xllLr01GSULiAgAAAFBSAAAADWgBBwoAN_No7PpneqONIX7UJDyLIrVs11QU5BOOPghXxHcmUjNa_gzyGiiA-vZU-rQ6Y_Rm2ansVqqvRCqZAdaseaDeDpunA7zDxgeSMcb_xO23w6H3uIviJy1Go3LEk_k7asNHxqloMhzta5rt9mJN--UU9ps8XO2PdV7zxzjk7blyMfn_X8dJugHYI7q9AjmS_fRlC2fbJwlcA8BRWqmZy3wAAIdB7sZqKFUc0-NKa7A3Uw7mJ3VI3TUmukpff2OcdLYII01Z1g_CIreWvP0pVsVwA0I_m408UXpN3VWuFGzBazXScqhN7OwVCciTyQZcSWXpdEtDga0d7jbm6G0HeomzPYmw6dhtVDluhrfVYwxYgxd3wkQdXvL8VB1MxcNfzyf-ElYVW58cwXjzZePVnhrFjSDyeHS8rOACCOqbB4Y0iwDTf361VMG7wAw2UU6QnEG_EEsjaZmj2yLgAMrp1UyXtJgsI0JEMsIaE8WjvBYnm6g_yIPP18KOmRIZyHfXNFY6n0j0_KgdjeIjkYLoUVo1DfMAlSVpoXqyjmYQEGeXtBze62WLM7Vt0kvWJ0ye5mjdOlfsOlxesAr8P4c_HH05WmyxprUV5WVZ0r46BVWAZtjGJOwegOO28gapc48KYYaIi_J-3O1A88bZw_EBbo1JUqWCBRzpcDklA_Ox-cm3hlGPQl-Q_Dh8rTUICkoF7yOvIg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.medicareobserver.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 28 Feb 2021 08:21:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 01:49:56	Name: IDE Value: AHWqTUlDQkUtL82cpEaOx4MfNvPiNRPrAdURUYKqkbWCTrjnaTbwX4tMUYPuFcEp_yg
.medicareobserver.com/	1970-01-20 01:49:56	Name: __gads Value: ID=c9368f3511f2940e-22fa42849bba0043:T=1614500507:RT=1614500507:S=ALNI_MaXqAn_WPsz4BiFe785zdZ-cHpTLw
.medicareobserver.com/	1969-12-31 23:59:59	Name: gadsTest Value: test
.medicareobserver.com/	1970-01-19 16:29:46	Name: _gid Value: GA1.2.1233152258.1614500507
.doubleclick.net/	1970-01-19 16:28:24	Name: DSID Value: NO_DATA
.medicareobserver.com/	1970-01-19 16:28:20	Name: _gat_gtag_UA_146914112_6 Value: 1
.medicareobserver.com/	1970-01-20 09:59:32	Name: _ga Value: GA1.2.680464696.1614500507
.medicareobserver.com/	1970-01-19 17:11:32	Name: __cfduid Value: dc671112e41fd4f3715dce39215d27ecd1614500505

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.taboola.com/libtrc/unip/1246599/tfa.js(Line 3) Message: Taboola Pixel: An error occurred while handling command '{"notify":"event","name":"view_content","id":1246599,"tim":1614500507169}'. TypeError: Cannot read property 'getItem' of null
console-api	log	URL: https://cdn.taboola.com/libtrc/unip/1246599/tfa.js(Line 3) Message: Taboola Pixel: An error occurred while handling command '{"notify":"event","name":"ViewContentR","id":1246599,"tim":1614500507170}'. TypeError: Cannot read property 'getItem' of null
console-api	log	URL: https://www.medicareobserver.com/wp-content/cache/autoptimize/js/autoptimize_375ee61a424ba848d63954cee170df1a.js(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.0.0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ajax.googleapis.com
cdn.taboola.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
images.swipit.com
medicareobserver.com
pagead2.googlesyndication.com
partner.googleadservices.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.googletagservices.com
www.medicareobserver.com
142.250.186.34
199.232.137.44
2606:4700::6812:1497
2606:4700::6812:a04
2a00:1450:4001:800::2002
2a00:1450:4001:800::200a
2a00:1450:4001:801::2002
2a00:1450:4001:802::2001
2a00:1450:4001:809::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2004
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200a
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2003
2a00:1450:4001:812::2004
2a00:1450:4001:813::2002
2a00:1450:4001:827::2008
2a00:1450:4001:82b::2002
2a00:1450:400c:c0c::9b
0521e204bfc90d6bf88abae3c6a7968cd8992d9b59468a739a79c0de08a6d21c
0bb36c4654595662c64268e8e83cbd5721f9c760c08468d6be3875cab1815b29
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
0fe56344180498658a09a7fba2cc355ca917815f57ab0037a372ce84442a619d
12c49791421537cdeddcf4fa86f63a5c2b5fe037d05d960e773bb1479b7c465d
13d90a3776d4fdb17d175ce431a1273cd8fa23dfe9143dec3471f6c33330eb94
1474557c2761a12d82eee32d5f965e6f06f8b6996191e8fe968756d940862c38
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
166a4ec3cb90d525f7f744c7616c01b36bebd6dcecd486c8f5be14ccc0a7b3da
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e64a1f5f1c51fa8b0aa7b319d13272853c7952ca40a3babdec37ad3bac817b
1c01a42006e6ba9039fe6ec2cefd9e9bea62ba853a8a273cedf68f3a889058c1
21504fdee8ca94a9ac8db8592b8d1081ef7d2d90432caabc7b6cf6df67857d38
24414392841a6065093e43c71e3acc882f2be4fc18e79834e17b6e4465ee1934
2467a9fefa378b8d57d62d9108794bcd476de6ce2cc1ba42ea85200fd73960b3
2a1b2ebe6a2b314929967bdf1ba8c694fb45bf76a5b847e57fb847b3cdd9338a
2c854d4e368eed02447bfb15389406b4ea84cb29908a569632a44884d62ab7d5
40b0a81aea1a8ad5e4682ef8ebe105733fa0d63845ed5d19b3b24b268fc0d8dc
45b850a2e7daa56a844a4fe99151e2529deec030303c2e61db4a88bd11dc167c
4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87
46f08d53233ed91a8fb3cfbd162a4486611b8fce9d3ec529bf8e7674e3fd5261
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4b16f328161f671c5374c717a038def5bba21a4f37cdfb3509cda60ec262cf5f
4da9f2e45b744e826df99efb8ad1fad2bb9a9eb6b927f1d788b5f21ae72f14a4
4f3d3ae79d1cb0771aa0bdf24708f8406d84b071109ccdbc8584b7905777bcd4
4fe1dec38cca16812e4a26aa20682a22c9421dc986f84ad2ef1e80aa812a1487
509fb5f6c887a602b1f4578a3a84d4126287c2702ad91c8a20e9494b43db0f5a
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
5d6ab3268a6537c17afd1c836adfc3d14a9b6cd1560f83316f4c8e4fca3d0f61
5e2a22b1971df590c6430eedb9cb1c3148d033040b34f92df454ad040ca97187
5e79e232f1fc4be028eb6c55282df69d87ee31b5b81f5e0571194113513aa48c
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
6064d4d0d9558f075b07e3eae90c97a0b92bad955d10f571f95d46c6d1065aba
6643864386cbedfd51ef9e1a367c1fff714f93203a1fe6b03136c559f6892730
67410b51ea3b5bbd369698106424a8504c3dc24bd30e54d225b2619b5a1be170
67ea6ab9f0330205e829555e361ca95d4b41d82a80e3b1a222c58085ee4d2348
6eb38486c7782a82ad653f820b86aa7c2c2bbe8fe759c094155ae477bda816ea
702e41a549d757b43f77121661e786837114fef6ef08fb180765535b022258dc
704d0d3da6cd158841779485200573d774009ed765dfe9f91cee6f3c0fafcba9
70bacbfea121e68ad78ec6219ea47188c9bc0d8c57805be8e0ec162e791123c9
77e9bf88100c1f1c9e7f56447e3e5010f813f7e73dc349ed64b0014d1ca8b2bb
785dafd18326849e25eb34b38725b4ae85a96780ea79ff884d5cbf80b29b3da5
7f8ad480935fd8df4acdcb359762d19d1b648485ba3928c5fbe40ea17a7779bc
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745
8834c8dd36ae48737da666c8948f6f8a68bbd0256f439bd9fda64bec44f9eb5a
8c4f85fee788a7f24ba0655096575cd1a34cab91a3e17838ad51ff1f9819ef8a
8db129a5ecff27ff99eafd7d5ebbd31077d8beb7cd921fb892bfccfc68b99350
943e1c979b878615dd9831711536566bde1ed3cedb28c5cb09ef6e252d184f0b
946d9a7a03fb3be233ea45625f62ecc13c46743c63f0b2d0b8588e4ec1436d13
9635da9eb9562a23326af5beb2984f83f7606872fb75cd96ae8a7bf92166c65c
99ffd13a6d3d99571b07835ca50613de0b728caaeb3e329097aa091d9367ca40
9e7e08e198a9a52d3c7b369d96ab54ad1dbfbd77d46483a63c4c901365909ead
9ef382130271a6281e66f2d39ed0ea49e30ecbd3e00f0fafbdd33f017713f5fa
a01c43e6593a6b0c67cbb154a4476564bc50ca22c44225a8142c470524868af9
a2402ea189e4bceb31de4e095e3f664980e502d3af5b79d879bc5c9f9a6e6463
a39fc2154061254c61f83432957cceccffc756df955225fdcc40b76b8b3ea6e2
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6e603dbe52c9ec6faa0a6aed169bbfb4cdfcfa650d1da703f8cf7d5f054d5d2
aa5f62946c73982d7d9fb0204856849a8e5321b122bd00dea443657a5c6f6e57
b157bfe8c1d39b8325b687092c59d135a69b0c725eec31f4ca67557cca4d9b19
b4fa9f504cd75695261dc533fcf27ee0f1235511e72407b684e1da3de573c2e7
ba57e6900585fdfc911df57190d6777f47bf834e96e0e10913691d31d2f82614
bdb3ad4b30feed12557c6a4f947e16dcf722cda68899cc946e2ece8000c24dc7
bea97213ff90fa3641812947e618d95a4b742ad234e29153721c3df7d9e677b5
c92d1e806f972082f546647d14c8ad5caaccf4d8d64e36205f73723bc13b4cb8
cbac861012c37fdfe51fe1ad7357f21c25d1af68c6ec152c31d9526162888f9a
cbb7e69666344a4eaff07d0b8973941090bd8b6686a8fc9a14152a4f960e33dd
cf7a2b3976c3af63dc2bca70cc5625a26341f19b1ccd484feddf076df895ed58
d057c41086216f1687dbd41f03e19e3a137ade4361aeae9e328a2e3fb54e613e
d296c24459fafe654905ce0c952d710aa3775785777606ee49e600c94deda461
d48efcfa71adf6bfb110a1ff9c6547cdd883c5ce32b90843f1b8540ea70e2690
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d8ba8ad1497e6062830ad9c9a4d80fe7ad96982955ed5c8d56f2fb66b0b719a2
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
dcc8aa5a47922da4ac7398c98db2dff9c420e2bc10219027dc40058464d4eba1
ddfe93a83dae49c04970d6dc61870133880bfad0a96e067e3b2fad8fa015a49d
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3183953c7182d7f3dfb4ec4424a3238effa382b6f7fa3cef7bac0b8d771dd8c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8437a0366cd90fcff38d286c724bbe9dde2be8a249eca5e2157fbdaf745c0e8
ef12c758ac74063666f9e3c6aa81be63b9eae199cf6f3cd84bece989c43655b4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f634b91be542081897250daa08ff62f5bdbd0d114a3485efe020d2c07f21fdc5
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fbde3702557a7d4264b6729acc2f2937ccc3ebad94bfb0dddcab5cc2029bfec8
fd9977374c75c24350b7e1074942d9bc757d902a3958c673e240553d8e9b2bf4
feefcd59e61a51094fa7ae4c08b8852a459a9be079bdc12a7b40ed600a33d79e

www.medicareobserver.com Open in urlscan Pro 2606:4700::6812:a04 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

101 Requests

100 %HTTPS

91 %IPv6

14 Domains

20 Subdomains

22 IPs

3 Countries

2235 kBTransfer

3872 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

101 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.medicareobserver.com Open in urlscan Pro
2606:4700::6812:a04 Public Scan

Screenshot
Live screenshot

Full Image

101
Requests

100 %
HTTPS

91 %
IPv6

14
Domains

20
Subdomains

22
IPs

3
Countries

2235 kB
Transfer

3872 kB
Size

8
Cookies

101 HTTP transactions
3 data transactions