Submitted URL: https://ch.booking.com/c?target=aHR0cHM6Ly9mbGlnaHRzLmJvb2tpbmcuY29tL3IvP2NhYmluQ2xhc3M9RUNPTk9NWSZvcmlnaW49UEFSJmFkdWx...
Effective URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&a...
Submission: On November 10 via api from BE — Scanned from DE

Summary

This website contacted 11 IPs in 2 countries across 9 domains to perform 50 HTTP transactions. The main IP is 18.245.60.76, located in United States and belongs to AMAZON-02, US. The main domain is www.booking.com. The Cisco Umbrella rank of the primary domain is 12201.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on June 12th 2023. Valid for: a year.
This is the only time www.booking.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 52.222.214.96 16509 (AMAZON-02)
2 8 13.32.27.6 16509 (AMAZON-02)
3 5 18.245.60.76 16509 (AMAZON-02)
21 2600:9000:205... 16509 (AMAZON-02)
7 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2600:9000:225... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
50 11
Apex Domain
Subdomains
Transfer
24 bstatic.com
q-xx.bstatic.com — Cisco Umbrella Rank: 16792
r-cf.bstatic.com — Cisco Umbrella Rank: 310831
q-cf.bstatic.com — Cisco Umbrella Rank: 288067
t-cf.bstatic.com — Cisco Umbrella Rank: 25797
688 KB
14 booking.com
ch.booking.com — Cisco Umbrella Rank: 776319
flights.booking.com — Cisco Umbrella Rank: 138435
www.booking.com — Cisco Umbrella Rank: 12201
110 KB
7 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 342
144 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 6862
563 B
2 google.com
www.google.com — Cisco Umbrella Rank: 2
563 B
2 bing.com
bat.bing.com — Cisco Umbrella Rank: 366
13 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
4 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
149 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 590
304 B
50 9
Domain Requested by
15 q-xx.bstatic.com www.booking.com
q-xx.bstatic.com
8 flights.booking.com 2 redirects q-xx.bstatic.com
7 cdn.cookielaw.org www.booking.com
cdn.cookielaw.org
5 www.booking.com 3 redirects q-xx.bstatic.com
4 r-cf.bstatic.com www.booking.com
3 t-cf.bstatic.com www.booking.com
2 www.google.de www.booking.com
2 www.google.com www.booking.com
2 bat.bing.com www.booking.com
bat.bing.com
2 googleads.g.doubleclick.net www.googletagmanager.com
2 www.googletagmanager.com www.booking.com
www.googletagmanager.com
2 q-cf.bstatic.com www.booking.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 ch.booking.com 1 redirects
50 14

This site contains links to these domains. Also see Links.

Domain
flights.booking.com
secure.booking.com
booking.com
Subject Issuer Validity Valid
*.booking.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-06-12 -
2024-05-18
a year crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-13 -
2024-08-31
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2023-04-01 -
2024-03-31
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-10-16 -
2024-01-08
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-10-16 -
2024-01-08
3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2022-12-13 -
2023-12-13
a year crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 01
2023-10-24 -
2024-04-21
6 months crt.sh
www.google.com
GTS CA 1C3
2023-10-16 -
2024-01-08
3 months crt.sh
www.google.de
GTS CA 1C3
2023-10-16 -
2024-01-08
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Frame ID: 523407151DCE8F27D0985A626DA4D0F2
Requests: 47 HTTP requests in this frame

Screenshot

Page Title

Vind goedkope vluchten & vliegtickets | Booking.com

Page URL History Show full URLs

  1. https://ch.booking.com/c?target=aHR0cHM6Ly9mbGlnaHRzLmJvb2tpbmcuY29tL3IvP2NhYmluQ2xhc3M9RUNPTk9NWSZ... HTTP 307
    https://flights.booking.com/r/?cabinClass=ECONOMY&origin=PAR&adults=2&destination=BRU&adplat=email-mg_co... HTTP 302
    https://flights.booking.com/?adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpI... HTTP 302
    https://www.booking.com/flights/index.nl.html?adplat=email-mg_confirmation_email-lp_in_copy-flight-c... HTTP 302
    https://www.booking.com/food_redirect.html?url=aHR0cHM6Ly93d3cuYm9va2luZy5jb20vZmxpZ2h0cy9pbmRleC5ub... HTTP 302
    https://www.booking.com/flights/index.nl.html?adplat=email-mg_confirmation_email-lp_in_copy-flight-c... HTTP 302
    https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns

Page Statistics

50
Requests

100 %
HTTPS

75 %
IPv6

9
Domains

14
Subdomains

11
IPs

2
Countries

1103 kB
Transfer

4646 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ch.booking.com/c?target=aHR0cHM6Ly9mbGlnaHRzLmJvb2tpbmcuY29tL3IvP2NhYmluQ2xhc3M9RUNPTk9NWSZvcmlnaW49UEFSJmFkdWx0cz0yJmRlc3RpbmF0aW9uPUJSVSZhZHBsYXQ9ZW1haWwtbWdfY29uZmlybWF0aW9uX2VtYWlsLWxwX2luX2NvcHktZmxpZ2h0LWNoZWNrbGlzdC02WTR1UVN3ZERjcElzZVJwWVpuQzBRJmxhYmVsPWNvbmZpcm1hdGlvbl90ZXh0JnR5cGU9Uk9VTkRUUklQJmZyb209UEFSJnRvPUJSVSZkZXBhcnQ9MjAyMy0xMC0zMCZsYW5nPW5sJnNob3dMb2FkZXI9MSZhaWQ9MjA5NzEzMCZyZXR1cm49MjAyMy0xMC0zMQ==&st=RkxJR0hU&lt=UFJPRFVDVDpyb3VuZHRyaXA=&rid=8ad4ea40-702e-11ee-be2f-51c293453077&si=ChZiLXBhbmRhLXRvcC1rLXNlbGVjdG9yEAIaQFsumrOfuSZOUOeddxsBTNlRxqHgHD5JfFLT5KIYitKLmcZFDK/JXutWT2NUqv/J/hXXuURzHBagH+d6341BAg8=&mmconf=checklist HTTP 307
    https://flights.booking.com/r/?cabinClass=ECONOMY&origin=PAR&adults=2&destination=BRU&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&label=confirmation_text&type=ROUNDTRIP&from=PAR&to=BRU&depart=2023-10-30&lang=nl&showLoader=1&aid=2097130&return=2023-10-31 HTTP 302
    https://flights.booking.com/?adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&aid=2097130&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&label=confirmation_text&lang=nl&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP HTTP 302
    https://www.booking.com/flights/index.nl.html?adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&aid=2097130&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&label=confirmation_text&lang=nl&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP HTTP 302
    https://www.booking.com/food_redirect.html?url=aHR0cHM6Ly93d3cuYm9va2luZy5jb20vZmxpZ2h0cy9pbmRleC5ubC5odG1sP2FkcGxhdD1lbWFpbC1tZ19jb25maXJtYXRpb25fZW1haWwtbHBfaW5fY29weS1mbGlnaHQtY2hlY2tsaXN0LTZZNHVRU3dkRGNwSXNlUnBZWm5DMFEmYWR1bHRzPTImYWlkPTIwOTcxMzAmY2FiaW5DbGFzcz1FQ09OT01ZJmRlcGFydD0yMDIzLTEwLTMwJmRlc3RpbmF0aW9uPUJSVSZmcm9tPVBBUiZsYWJlbD1jb25maXJtYXRpb25fdGV4dCZsb2NhbGU9bmwmb3JpZ2luPVBBUiZyZXR1cm49MjAyMy0xMC0zMSZzaG93TG9hZGVyPTEmdG89QlJVJnR5cGU9Uk9VTkRUUklQ HTTP 302
    https://www.booking.com/flights/index.nl.html?adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&aid=2097130&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&label=confirmation_text&locale=nl&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP HTTP 302
    https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP& Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.nl.html
www.booking.com/flights/
Redirect Chain
  • https://ch.booking.com/c?target=aHR0cHM6Ly9mbGlnaHRzLmJvb2tpbmcuY29tL3IvP2NhYmluQ2xhc3M9RUNPTk9NWSZvcmlnaW49UEFSJmFkdWx0cz0yJmRlc3RpbmF0aW9uPUJSVSZhZHBsYXQ9ZW1haWwtbWdfY29uZmlybWF0aW9uX2VtYWlsLWxwX...
  • https://flights.booking.com/r/?cabinClass=ECONOMY&origin=PAR&adults=2&destination=BRU&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&label=confirmation_text&t...
  • https://flights.booking.com/?adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&aid=2097130&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR...
  • https://www.booking.com/flights/index.nl.html?adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&aid=2097130&cabinClass=ECONOMY&depart=2023-10-30&destina...
  • https://www.booking.com/food_redirect.html?url=aHR0cHM6Ly93d3cuYm9va2luZy5jb20vZmxpZ2h0cy9pbmRleC5ubC5odG1sP2FkcGxhdD1lbWFpbC1tZ19jb25maXJtYXRpb25fZW1haWwtbHBfaW5fY29weS1mbGlnaHQtY2hlY2tsaXN0LTZZNH...
  • https://www.booking.com/flights/index.nl.html?adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&aid=2097130&cabinClass=ECONOMY&depart=2023-10-30&destina...
  • https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseR...
735 KB
94 KB
Document
General
Full URL
https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-76.fra60.r.cloudfront.net
Software
envoy /
Resource Hash
088b13a857e18e1a40fef56a4666334295ea0f5ac267292d835afa2831da18cf
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private
content-encoding
br
content-length
94024
content-security-policy-report-only
frame-ancestors 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=112&pid=72b335426756008b&e=UmFuZG9tSVYkc2RlIyh9YWNWlKLi8IutBAmw850KjzdfP5aIJxR4VLREDq9jI1mE
content-type
text/html; charset=UTF-8
date
Fri, 10 Nov 2023 07:34:30 GMT
nel
{"report_to":"default","max_age":604800}
reason
referrer-policy
no-referrer
report-to
{"max_age":604800,"group":"default","endpoints":[{"url":"https://nellie.booking.com/report"}]}
server
envoy
status
200
strict-transport-security
max-age=300; includeSubDomains
vary
Accept-Encoding, User-Agent
via
1.1 76f18545659f3cecc2213d8e93d15fb2.cloudfront.net (CloudFront)
x-amz-cf-id
WJz24WEgX_IkfwYCsLWu-9sJO9HaNwDH_crmOEU7okW_8Nvsc42NVg==
x-amz-cf-pop
FRA60-P5
x-bookings-http-multivalue
HASH(0x7f904f82e6c0)
x-cache
Miss from cloudfront
x-content-type-options
nosniff nosniff
x-envoy-upstream-service-time
292
x-frame-options
SAMEORIGIN
x-recruiting
Like HTTP headers? Come write ours: https://careers.booking.com
x-request-id
66c32d95-6aac-48a6-b357-5daa8b7a9294
x-xss-protection
1; mode=block

Redirect headers

content-security-policy-report-only
frame-ancestors 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=112&pid=82fd3542d14c0007&e=UmFuZG9tSVYkc2RlIyh9YWNWlKLi8IutFe8kCqz8TUawkogGdaqoCxkjBEs425mm
date
Fri, 10 Nov 2023 07:34:29 GMT
location
/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
nel
{"max_age":604800,"report_to":"default"}
report-to
{"max_age":604800,"group":"default","endpoints":[{"url":"https://nellie.booking.com/report"}]}
server
nginx
strict-transport-security
max-age=300; includeSubDomains
via
1.1 76f18545659f3cecc2213d8e93d15fb2.cloudfront.net (CloudFront)
x-amz-cf-id
jX_kka0pb787n3GW281e9HlWmWtyJSCORDImUYRmVGG1zeHQwKgWSQ==
x-amz-cf-pop
FRA60-P5
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-recruiting
Like HTTP headers? Come write ours: https://careers.booking.com
x-xss-protection
1; mode=block
client.6379872d.css
q-xx.bstatic.com/flights/web/static/css/
302 KB
30 KB
Stylesheet
General
Full URL
https://q-xx.bstatic.com/flights/web/static/css/client.6379872d.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
df47fadeb73a49a882a6036d212b6baecb8244a3ea5c6867b07e11ece51fea5b
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 12:04:04 GMT
content-encoding
br
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA6-C1
age
70226
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-amz-expiration
expiry-date="Wed, 07 Feb 2024 10:46:46 GMT", rule-id="expire-static-assets"
last-modified
Thu, 09 Nov 2023 10:50:50 GMT
server
nginx
x-amz-meta-s3cmd-attrs
md5:a7e9952767fc3c2ad203f588a7f32e41
etag
W/"a7e9952767fc3c2ad203f588a7f32e41"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
hA9BuzAK4KQ909BEAaSNJAfkaBIAI1SFtyxm5hMBHEgd9H2STz0TLg==
expires
Sat, 09 Dec 2023 12:04:04 GMT
OtAutoBlock.js
cdn.cookielaw.org/consent/3ea94870-d4b1-483a-b1d2-faf1d982bb31/
9 KB
3 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/3ea94870-d4b1-483a-b1d2-faf1d982bb31/OtAutoBlock.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfbe1a9cc8a14086aafa1c4b0836ec64dc12eb522a419e6600190033aff686e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 10 Nov 2023 07:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
71255
content-md5
UtbcMFAeytYTm2njFtO9DQ==
content-length
2587
x-ms-lease-status
unlocked
last-modified
Thu, 07 Sep 2023 11:45:11 GMT
server
cloudflare
etag
0x8DBAF97E4803813
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
4b64307e-c01e-00a6-6980-e18e9d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
823c9d07db7a3651-FRA
expires
Sat, 11 Nov 2023 07:34:30 GMT
644333.jpg
q-xx.bstatic.com/xdata/images/city/square210/
8 KB
8 KB
Image
General
Full URL
https://q-xx.bstatic.com/xdata/images/city/square210/644333.jpg?k=5ef264baf6fb50c13b119d4b378111f7072e30c42996c51ce7e76f2574e1d785&o=
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
da4d6cbe029e66af0b914d74b4058756451fda4f79b4e7b85c0ebf4f0e74cfb2
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 15:44:57 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA6-C1
age
229773
etag
"508c46e4d96fa9c4474e271b0c24f5063e18c50c"
x-cache
Hit from cloudfront
content-type
image/jpeg
access-control-allow-origin
*
content-language
7778
cache-control
max-age=2592000
timing-allow-origin
*
content-length
7778
x-xss-protection
1; mode=block
x-amz-cf-id
J6xzAKgEDpMPNfBvPM__hLtxHOYX5b3mdYrSIyvF1qXsE8Pe3ryR_Q==
644363.jpg
q-xx.bstatic.com/xdata/images/city/square210/
9 KB
9 KB
Image
General
Full URL
https://q-xx.bstatic.com/xdata/images/city/square210/644363.jpg?k=d7dfbc64880d52cf00797f6a0e34568e4d25fc913a719a721a06832b5c5a9308&o=
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5147eef02a949fda1f4f2d0335ee29d0e75670de519caec953316d38d2fd03e4
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Mon, 16 Oct 2023 18:43:45 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA6-C1
age
2119845
etag
"500ab5bcfe0e7988f811897f9677f2acccb618c8"
x-cache
Hit from cloudfront
content-language
9248
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
wEGQospnlIvw5RWcP_EL5NUiddOhDIso4OovG2XVm9ccm-4ExHiPEQ==
x-xss-protection
1; mode=block
27c8d1832de6a3123b6ee45b59ae2f81b0d9d0d0.png
r-cf.bstatic.com/static/img/tfl/group_logos/logo_booking/
2 KB
2 KB
Image
General
Full URL
https://r-cf.bstatic.com/static/img/tfl/group_logos/logo_booking/27c8d1832de6a3123b6ee45b59ae2f81b0d9d0d0.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
807c8a1b498e17d227cf48a640b778bdc4398a9852493cb2f40bf0f33651d0dd
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 01:10:36 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA6-C1
age
2010234
x-cache
Hit from cloudfront
content-length
1628
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:55 GMT
server
nginx
etag
"5cadd1d3-65c"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
Hp0Ky618w5Kwm4KnhudEVWOMiHSYm-JhHiC5asaInmjZKwuAH83afw==
expires
Fri, 17 Nov 2023 01:10:36 GMT
f80e129541f2a952d470df2447373390f3dd4e44.png
q-cf.bstatic.com/static/img/tfl/group_logos/logo_priceline/
2 KB
2 KB
Image
General
Full URL
https://q-cf.bstatic.com/static/img/tfl/group_logos/logo_priceline/f80e129541f2a952d470df2447373390f3dd4e44.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
18c62988860a8ffd90bab6376b4fe36a723bd39403c420d3943aa3eb5a0029c5
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Mon, 23 Oct 2023 05:09:15 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA6-C1
age
1563915
x-cache
Hit from cloudfront
content-length
1591
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:55 GMT
server
nginx
etag
"5cadd1d3-637"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
Ioq0gkVu0cxbHbGC3dkObZ3fpV_6lHLW1rcWP6UyZqJm7ifdkD-dhw==
expires
Wed, 22 Nov 2023 05:09:15 GMT
83ef7122074473a6566094e957ff834badb58ce6.png
r-cf.bstatic.com/static/img/tfl/group_logos/logo_kayak/
1 KB
2 KB
Image
General
Full URL
https://r-cf.bstatic.com/static/img/tfl/group_logos/logo_kayak/83ef7122074473a6566094e957ff834badb58ce6.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5839f0330821cf08029beddd6d248170da1af16cd7aff253e7bd075d591f5d42
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sun, 15 Oct 2023 04:17:10 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA6-C1
age
2258240
x-cache
Hit from cloudfront
content-length
1154
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:55 GMT
server
nginx
etag
"5cadd1d3-482"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
65kTVAyXQpXj8DbifpZfIgsCRG0Q1hm73Xf_1Ck02H1TKpYiLrltVA==
expires
Tue, 14 Nov 2023 04:17:10 GMT
1c9191b6a3651bf030e41e99a153b64f449845ed.png
q-cf.bstatic.com/static/img/tfl/group_logos/logo_agoda/
2 KB
3 KB
Image
General
Full URL
https://q-cf.bstatic.com/static/img/tfl/group_logos/logo_agoda/1c9191b6a3651bf030e41e99a153b64f449845ed.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
1d6e86e59ab7235a8343f494c8e8da6cc02c5a98a75d682401340e6d06935f20
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 00:34:02 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA6-C1
age
1321228
x-cache
Hit from cloudfront
content-length
2146
x-xss-protection
1; mode=block
last-modified
Thu, 12 Mar 2020 10:15:57 GMT
server
nginx
etag
"5e6a0bdd-862"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
p4sD6-xhj5IVeNj956i-8HeocORcKpekXztVPXILPHVvGXVerApgpw==
expires
Sat, 25 Nov 2023 00:34:02 GMT
6bc5ec89d870111592a378bbe7a2086f0b01abc4.png
r-cf.bstatic.com/static/img/tfl/group_logos/logo_rentalcars/
3 KB
4 KB
Image
General
Full URL
https://r-cf.bstatic.com/static/img/tfl/group_logos/logo_rentalcars/6bc5ec89d870111592a378bbe7a2086f0b01abc4.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
8561e200a6a57195e480ed9d893b14579ef6acdeabfbb3fe22b5e4ec9b84b455
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sat, 04 Nov 2023 17:44:33 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA6-C1
age
481797
x-cache
Hit from cloudfront
content-length
3221
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:55 GMT
server
nginx
etag
"5cadd1d3-c95"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
qfhmd7hnlP1bStJWu9uMDQH3p6iKPFIXA4qpmmti6Mrkb4xj-vhfUw==
expires
Mon, 04 Dec 2023 17:44:33 GMT
a4b50503eda6c15773d6e61c238230eb42fb050d.png
r-cf.bstatic.com/static/img/tfl/group_logos/logo_opentable/
2 KB
3 KB
Image
General
Full URL
https://r-cf.bstatic.com/static/img/tfl/group_logos/logo_opentable/a4b50503eda6c15773d6e61c238230eb42fb050d.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b23272a9692c4ec3c020935917e9d096490876c976abec1290bd3cc9aae13974
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 13:37:17 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA6-C1
age
755833
x-cache
Hit from cloudfront
content-length
2344
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:55 GMT
server
nginx
etag
"5cadd1d3-928"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
ZSR4_-JuFuvA68sCPellGXXxlp0pgUUGd60YwZTEN1dwq0OU6ce7cA==
expires
Fri, 01 Dec 2023 13:37:17 GMT
client.e09fdcb3.js
q-xx.bstatic.com/flights/web/static/js/
1 MB
266 KB
Script
General
Full URL
https://q-xx.bstatic.com/flights/web/static/js/client.e09fdcb3.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
65b94f4b92578d0f37cd28b59eedf5fbfca7bd95e15106c6b9439b9a34425a4f
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://www.booking.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 12:42:32 GMT
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA6-C1
age
67917
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-amz-expiration
expiry-date="Wed, 07 Feb 2024 12:36:11 GMT", rule-id="expire-static-assets"
last-modified
Thu, 09 Nov 2023 12:36:11 GMT
server
nginx
x-amz-meta-s3cmd-attrs
md5:f2cebdf1fd11799b2f0c8feac4aa4c51
etag
W/"f2cebdf1fd11799b2f0c8feac4aa4c51"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
AwCqj1vf5sTiR2dlfn3sYHhotmHAVFTx8gWwRKG2AN8SesdXOlggQQ==
expires
Sat, 09 Dec 2023 12:42:32 GMT
screens-Home.98d8d30c.chunk.js
q-xx.bstatic.com/flights/web/static/js/
264 KB
59 KB
Script
General
Full URL
https://q-xx.bstatic.com/flights/web/static/js/screens-Home.98d8d30c.chunk.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
40637fab1442d0ecfde3fac829c13dbf340af06ab9fcbb4c79bf5d7e5747b28e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://www.booking.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 10:25:37 GMT
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA6-C1
age
76133
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-amz-expiration
expiry-date="Wed, 07 Feb 2024 10:13:41 GMT", rule-id="expire-static-assets"
last-modified
Thu, 09 Nov 2023 10:13:41 GMT
server
nginx
x-amz-meta-s3cmd-attrs
md5:e8b25c645bc07f299cba3cdf95908cd6
etag
W/"e8b25c645bc07f299cba3cdf95908cd6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
B6H5fSYySXNfDgwti7kYmVFNicScks6HF_Amv4DjU-peZADNYz1gug==
expires
Sat, 09 Dec 2023 10:25:37 GMT
gtm.js
www.googletagmanager.com/
213 KB
77 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PQHB9P4
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4a2171ec292f93f36d2472b2c50723e1f7da73444b412321aa310e0c1c74916e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 07:34:30 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77962
x-xss-protection
0
last-modified
Fri, 10 Nov 2023 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 10 Nov 2023 07:34:30 GMT
nl.png
q-xx.bstatic.com/backend_static/common/flags/new/48-squared/
133 B
697 B
Image
General
Full URL
https://q-xx.bstatic.com/backend_static/common/flags/new/48-squared/nl.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
d5d5badb50d07fe792765fc98388901290efc2cd2014b1afe513321acaa6710f
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Mon, 16 Oct 2023 23:59:02 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA6-C1
age
2100928
x-cache
Hit from cloudfront
content-length
133
x-xss-protection
1; mode=block
last-modified
Mon, 07 Sep 2020 10:40:08 GMT
server
nginx
etag
"5f560e08-85"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
5Ca58qm0jU_osX2EALYNrJaL5ZEy9X_i1SmnIJb-hx9xm86F_ZarJQ==
expires
Wed, 15 Nov 2023 23:59:02 GMT
626990.jpg
q-xx.bstatic.com/xdata/images/city/square210/
9 KB
9 KB
Image
General
Full URL
https://q-xx.bstatic.com/xdata/images/city/square210/626990.jpg?k=a701afb0ab075c80dc01035d3069763d983493a4fea74ea8a07905962642c3c7&o=
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e34ca49f80000da27e323f52dbcf71cc4cfc2bb6f09bed001e3d341c0b4ea683
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 06:30:18 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA6-C1
age
176652
etag
"a4e1bcffdfbc2343c8b78ef0229d863de26c99b2"
x-cache
Hit from cloudfront
content-type
image/jpeg
access-control-allow-origin
*
content-language
8783
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
ySPQll9cArvCNhAFcPSLDR6bAf2H2M5ElVm9ctKdhd0F3qIqHOCoQQ==
x-xss-protection
1; mode=block
654496.jpg
q-xx.bstatic.com/xdata/images/city/square210/
15 KB
15 KB
Image
General
Full URL
https://q-xx.bstatic.com/xdata/images/city/square210/654496.jpg?k=d783fa4431dad3e83f15dc4c1ec7436630c1cbfa413d4a8ec352cb973cd8c0b8&o=
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
6a2e89f45bfab062e59e06b106a4996f0098ca9c7ba84d6fa3a77e048d9c644e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 01 Nov 2023 14:22:50 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA6-C1
age
753100
etag
"44645280f79b0256ee916d9d74a1c3609b21e552"
x-cache
Hit from cloudfront
content-type
image/jpeg
access-control-allow-origin
*
content-language
15094
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
XyrBf_EBmMSBqTW-owg9zOB9whkALFngw9HxMGfFrPZ9aQAAzb9MSg==
x-xss-protection
1; mode=block
645573.jpg
q-xx.bstatic.com/xdata/images/city/square210/
11 KB
11 KB
Image
General
Full URL
https://q-xx.bstatic.com/xdata/images/city/square210/645573.jpg?k=1c5dc57affb79a3639450bd342af1f690edb00bc1feb791f0c96b44ddb1ab1d8&o=
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
64f453647371603630edff1d0594577ae9ad63981bf8e7203dead4312386fdaf
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 13 Oct 2023 11:43:02 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA6-C1
age
2404288
etag
"54b0e1f39dc7341196d855abd9804785bacc7a0d"
x-cache
Hit from cloudfront
content-language
10925
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
T3_H7fGpcEHeVuzv-l7XG_FTK6EHiVp9kAZw1RMECmNyODoReE-b4w==
x-xss-protection
1; mode=block
645685.jpg
q-xx.bstatic.com/xdata/images/city/square210/
8 KB
8 KB
Image
General
Full URL
https://q-xx.bstatic.com/xdata/images/city/square210/645685.jpg?k=bb3c96578e18a637d5481bd37ce507968c8473365b557d08c302e105ec5f13dc&o=
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e1117bd0c871b65190e19381e2856bb55fab15b957b14e6cce36ed3c3c384908
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Mon, 30 Oct 2023 05:53:05 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA6-C1
age
956485
etag
"2db1598f3b33c253008e1605f033d437c8781006"
x-cache
Hit from cloudfront
content-language
7935
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=2592000
timing-allow-origin
*
content-length
7935
x-xss-protection
1; mode=block
x-amz-cf-id
2_fLn0-sUgqItVxLGdu9vzMOOb3J5KUZgmM9wz1EI0TzMyEateEtIw==
654657.jpg
q-xx.bstatic.com/xdata/images/city/square210/
8 KB
9 KB
Image
General
Full URL
https://q-xx.bstatic.com/xdata/images/city/square210/654657.jpg?k=89856fe34d0c79585591dfb571c096931beeea442ef9175f86cd9960ffb242dd&o=
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f4b37393f2c075b901968f72e63b4057dbd6f1b0e48acba372529b13faa3dc6a
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 09:19:44 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA6-C1
age
252886
etag
"ba87dafbcd04b4b6850c17f977cfa9feef9aee2e"
x-cache
Hit from cloudfront
content-type
image/jpeg
access-control-allow-origin
*
content-language
8378
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
8DzKEXd_-ULC7JQ5q5STG7Ni-zjQf5GZCK-jL9I4MUUqCFzuAmcAvA==
x-xss-protection
1; mode=block
968314.jpg
q-xx.bstatic.com/xdata/images/city/square210/
11 KB
12 KB
Image
General
Full URL
https://q-xx.bstatic.com/xdata/images/city/square210/968314.jpg?k=0e0d712f666150594683eeeea60d7e3afdaab51286a9023f15f648ff3fbb0d6c&o=
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0ed37c039c511d40e23876bd20ff2c0b3d60a5c93e9614a426b819680f379e85
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Mon, 06 Nov 2023 03:29:30 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA6-C1
age
360300
etag
"c0515de19d8e2028dad43dd77c1ef7932e40d7e2"
x-cache
Hit from cloudfront
content-type
image/jpeg
access-control-allow-origin
*
content-language
11498
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
tpgc20GueKhWE1XBFeXLYz_B97-DfIFgJYmh4W7EQr-A9Ijvo5TtGA==
x-xss-protection
1; mode=block
613087.jpg
q-xx.bstatic.com/xdata/images/city/square210/
13 KB
14 KB
Image
General
Full URL
https://q-xx.bstatic.com/xdata/images/city/square210/613087.jpg?k=68ce65e52a527819c35c13c3d0e8a925263a71aab15a89577b4083c021855481&o=
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e0bd98de54a1e8513bb07af1cd94749bbb5da568b21ba74580b4a2c510dd6283
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 18 Oct 2023 20:36:22 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA6-C1
age
1940288
etag
"d47387cfe5f5f1fc57236fc7c53def1d53116e0e"
x-cache
Hit from cloudfront
content-language
13669
access-control-allow-origin
*
content-type
image/jpeg
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
cb0ObbgTRHsCc_eBWCiHwIjtUckE8AIMpE171SnNnWhh1ZBKvqYHpQ==
x-xss-protection
1; mode=block
MagnifyingGlassUsp.png
t-cf.bstatic.com/design-assets/assets/v3.99.1/illustrations-traveller/
3 KB
4 KB
Image
General
Full URL
https://t-cf.bstatic.com/design-assets/assets/v3.99.1/illustrations-traveller/MagnifyingGlassUsp.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:b600:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f8527d9408a651f17cf4de43262a6fa2927ab2af6ca98641828793af062f118

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 09:20:12 GMT
via
1.1 5b6e22c950501920595c86fc25834582.cloudfront.net (CloudFront)
last-modified
Tue, 10 Oct 2023 12:25:25 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
80079
x-amz-server-side-encryption
AES256
etag
"5966a74d467ac8907792c738d59e8218"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
3358
x-amz-cf-id
_WdO48a5AZVJdnyGTuBljYjvwvE_5yOzcwm1IRMmaRhXmHFgQADphw==
MoneyUsp.png
t-cf.bstatic.com/design-assets/assets/v3.99.1/illustrations-traveller/
4 KB
4 KB
Image
General
Full URL
https://t-cf.bstatic.com/design-assets/assets/v3.99.1/illustrations-traveller/MoneyUsp.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:b600:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
54370e8f589fef00fbdc853c168f40c1955c478a26c2f464f76f927951f9ffb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 09:20:12 GMT
via
1.1 5b6e22c950501920595c86fc25834582.cloudfront.net (CloudFront)
last-modified
Tue, 10 Oct 2023 12:25:25 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
80079
x-amz-server-side-encryption
AES256
etag
"dca7c9b271c8b4799ce94491fa1b9ef2"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
4038
x-amz-cf-id
soPRr9OXWDGdNTzHXqqes5HTeHx_Mb-1EjojE2xyWOITkJWZw7As_w==
TicketsUsp.png
t-cf.bstatic.com/design-assets/assets/v3.99.1/illustrations-traveller/
4 KB
4 KB
Image
General
Full URL
https://t-cf.bstatic.com/design-assets/assets/v3.99.1/illustrations-traveller/TicketsUsp.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:b600:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
47b58f0909cae06bc80a8d79e50758d188832800d541c7285a8bd72f3b23a0c2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Thu, 09 Nov 2023 09:20:12 GMT
via
1.1 5b6e22c950501920595c86fc25834582.cloudfront.net (CloudFront)
last-modified
Tue, 10 Oct 2023 12:25:25 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
80079
x-amz-server-side-encryption
AES256
etag
"4f8be30173d60369e61612204c1a9013"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
3759
x-amz-cf-id
wRuOGj6SaeylO8UrE7t5Zee345jgJyaKQzxq7s-OAhBhcS1cpLHXXg==
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 10 Nov 2023 07:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
R1P6TtSHAQZyvOSI/KawHw==
age
49565
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6821
x-ms-lease-status
unlocked
last-modified
Wed, 08 Nov 2023 23:34:27 GMT
server
cloudflare
etag
0x8DBE0B33F93BF15
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
51b09c76-b01e-0077-20b1-12ec17000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
823c9d08ec9c3651-FRA
3ea94870-d4b1-483a-b1d2-faf1d982bb31.json
cdn.cookielaw.org/consent/3ea94870-d4b1-483a-b1d2-faf1d982bb31/
6 KB
3 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/3ea94870-d4b1-483a-b1d2-faf1d982bb31/3ea94870-d4b1-483a-b1d2-faf1d982bb31.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5cbf41c1d2cdac0aace6b9464c581ed8a6c3ca2c29d160ce019b300f3a22d662
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 10 Nov 2023 07:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
71255
content-md5
YYAw/Ph1nC+ghNDKoOfL5A==
content-length
2039
x-ms-lease-status
unlocked
last-modified
Thu, 07 Sep 2023 11:45:11 GMT
server
cloudflare
etag
0x8DBAF97E4AE6D4A
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
ff9f9ff6-f01e-0014-3380-e171ec000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
823c9d09bdd63612-FRA
expires
Sat, 11 Nov 2023 07:34:30 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/481216654/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/481216654/?random=1699601670702&cv=11&fst=1699601670702&bg=ffffff&guid=ON&async=1&gtm=45He3b81v843635506&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.booking.com%2Fflights%2Findex.nl.html%3Faid%3D2097130%26label%3Dconfirmation_text%26sid%3D1c992d0f614246f052101d4bf8f83ebc%26adplat%3Demail-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q%26adults%3D2%26cabinClass%3DECONOMY%26depart%3D2023-10-30%26destination%3DBRU%26from%3DPAR%26origin%3DPAR%26return%3D2023-10-31%26showLoader%3D1%26to%3DBRU%26type%3DROUNDTRIP%26&hn=www.googleadservices.com&frm=0&tiba=Vind%20goedkope%20vluchten%20%26%20vliegtickets%20%7C%20Booking.com&auid=1772549259.1699601671&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQHB9P4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6caf656dbddd9bf86408182dd8d677976f90c2f9539aa05245d0f7e41ceba6c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 07:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1495
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
203 KB
73 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-1070314322
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQHB9P4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
da36ba580d641a2de9479e6d1a4bc4a019bb20c6f706ff32377c4801e5ad09c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 07:34:30 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74600
x-xss-protection
0
last-modified
Fri, 10 Nov 2023 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 10 Nov 2023 07:34:30 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
59 B
304 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 07:34:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
823c9d0afe5b1e4b-FRA
access-control-allow-headers
Content-Type
43336.11e272f3.chunk.js
q-xx.bstatic.com/flights/web/static/js/
7 KB
3 KB
Script
General
Full URL
https://q-xx.bstatic.com/flights/web/static/js/43336.11e272f3.chunk.js
Requested by
Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.e09fdcb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f989a782db55adc01bde5f898b3e080a69e42e61534bd421a28ef85c86fda618
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://www.booking.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 13 Oct 2023 03:43:03 GMT
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA6-C1
age
2433087
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-amz-expiration
expiry-date="Thu, 13 Oct 2022 09:05:42 GMT", rule-id="expire-static-assets"
last-modified
Fri, 06 Oct 2023 13:37:04 GMT
server
nginx
x-amz-meta-s3cmd-attrs
md5:5c3256b808579e5faf4ed651df07e698
etag
W/"5c3256b808579e5faf4ed651df07e698"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
2gOZbGKNhv63eGhvJU_91N3cVoSgVarFbqc5u6qVl55PpMIaZabDXw==
expires
Sun, 12 Nov 2023 03:43:03 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1070314322/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1070314322/?random=1699601670812&cv=11&fst=1699601670812&bg=ffffff&guid=ON&async=1&gtm=45be3b81v882970024&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.booking.com%2Fflights%2Findex.nl.html%3Faid%3D2097130%26label%3Dconfirmation_text%26sid%3D1c992d0f614246f052101d4bf8f83ebc%26adplat%3Demail-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q%26adults%3D2%26cabinClass%3DECONOMY%26depart%3D2023-10-30%26destination%3DBRU%26from%3DPAR%26origin%3DPAR%26return%3D2023-10-31%26showLoader%3D1%26to%3DBRU%26type%3DROUNDTRIP%26&hn=www.googleadservices.com&frm=0&tiba=Vind%20goedkope%20vluchten%20%26%20vliegtickets%20%7C%20Booking.com&auid=1772549259.1699601671&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1070314322
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2ded31b005c9664eb4db7e37fc7a3ad329b8bdbe3ba2937b0ad757956d2c6806
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 07:34:30 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1517
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
internal-events
flights.booking.com/track/
0
0
Preflight
General
Full URL
https://flights.booking.com/track/internal-events
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-6.fra56.r.cloudfront.net
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-booking-affiliate-id,x-booking-label,x-booking-parent-request-id,x-booking-request-tree-id,x-booking-trace-meta,x-requested-from
Access-Control-Request-Method
POST
Origin
https://www.booking.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-booking-affiliate-id,x-booking-label,x-booking-parent-request-id,x-booking-request-tree-id,x-booking-trace-meta,x-requested-from
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.booking.com
date
Fri, 10 Nov 2023 07:34:31 GMT
referrer-policy
no-referrer
server
envoy
strict-transport-security
max-age=300; includeSubDomains
vary
Origin, Access-Control-Request-Headers
via
1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-id
ORo_WJpjfZGv1HS4vjjSziTDrzTbvsZ9gCf2paF0gRghEhXgY8U9zw==
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-request-id
96213080-7f9b-11ee-b9cf-c9a556b9e511
x-xss-protection
1; mode=block
internal-events
flights.booking.com/track/
0
0
Preflight
General
Full URL
https://flights.booking.com/track/internal-events
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-6.fra56.r.cloudfront.net
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-booking-affiliate-id,x-booking-label,x-booking-parent-request-id,x-booking-request-tree-id,x-booking-trace-meta,x-requested-from
Access-Control-Request-Method
POST
Origin
https://www.booking.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-booking-affiliate-id,x-booking-label,x-booking-parent-request-id,x-booking-request-tree-id,x-booking-trace-meta,x-requested-from
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.booking.com
date
Fri, 10 Nov 2023 07:34:31 GMT
referrer-policy
no-referrer
server
envoy
strict-transport-security
max-age=300; includeSubDomains
vary
Origin, Access-Control-Request-Headers
via
1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-id
jvGO7dDjAFOQjP_QIC4PDQYtNFkKdvZgvgt5nz3WfLz8gfJnNI7Q2g==
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-request-id
96213080-7f9b-11ee-82a7-c90c84c23c9d
x-xss-protection
1; mode=block
header
www.booking.com/attractions/api/
16 KB
6 KB
Fetch
General
Full URL
https://www.booking.com/attractions/api/header?label=confirmation_text&lang=nl&aid=2097130&product=flights
Requested by
Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.e09fdcb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-76.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
521c3e951f88bebeba43714f45b9da25886839757348d3599c2bf12034b585b8
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 07:34:31 GMT
strict-transport-security
max-age=300; includeSubDomains
content-encoding
gzip
x-content-options
nosniff
server
nginx
via
1.1 76f18545659f3cecc2213d8e93d15fb2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P5
content-security-policy-report-only
default-src 'self'; connect-src 'self' *.booking.com:* wss://*.booking.com:* cdn.cookielaw.org *.google-analytics.com *.onetrust.com; script-src 'self' 'unsafe-inline' *.booking.com:* *.bstatic.com cdn.cookielaw.org bat.bing.com googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.onetrust.com; img-src * data:; style-src 'self' 'unsafe-inline' *.booking.com *.bstatic.com *.googleapis.com; font-src 'self' *.bstatic.com fonts.gstatic.com; frame-src 'self' *.booking.com; object-src 'none'; report-to default
vary
Accept-Encoding
content-type
application/json; charset=UTF-8
x-frame-options
SAMEORIGIN
x-cache
Miss from cloudfront
x-amz-cf-id
1ekS9iIQ8HzWmk_DtGP2xVGldbgyxLSf5lsyhumZ7ZVd2tF8Bx93mA==
x-xss-protection
1; mode=block
screens-Search.79ddd603.chunk.js
q-xx.bstatic.com/flights/web/static/js/
992 KB
208 KB
Script
General
Full URL
https://q-xx.bstatic.com/flights/web/static/js/screens-Search.79ddd603.chunk.js
Requested by
Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.e09fdcb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:f000:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
1c4e33b7116fb6312490019554754143187cb4ab075b3bd2c7854e2786b6ffbb
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://www.booking.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 08 Nov 2023 14:23:22 GMT
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA6-C1
age
148267
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
x-amz-expiration
expiry-date="Tue, 06 Feb 2024 14:17:30 GMT", rule-id="expire-static-assets"
last-modified
Wed, 08 Nov 2023 14:17:30 GMT
server
nginx
x-amz-meta-s3cmd-attrs
md5:3eee96496595a4db0ca34ecb78dfa8d5
etag
W/"3eee96496595a4db0ca34ecb78dfa8d5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
c8H-m05pjuOqIcD3_qOCo3TAk0QIX6vbG4_sZVUwCgbeJPtZDwdTVw==
expires
Fri, 08 Dec 2023 14:23:22 GMT
internal-events
flights.booking.com/track/
16 B
738 B
Fetch
General
Full URL
https://flights.booking.com/track/internal-events
Requested by
Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.e09fdcb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-6.fra56.r.cloudfront.net
Software
envoy /
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

x-booking-trace-meta
caller_persona="b-flights-frontend"; root_caller_persona="app"
x-booking-request-tree-id
654ddd05abc46756735a0243a3dbcebd
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
x-booking-parent-request-id
4b41b15f-31fa-4cf4-94b4-82ee032572a6
X-Booking-Label
confirmation_text
Content-Type
application/json
X-Requested-From
clientFetch
Referer
https://www.booking.com/
X-Booking-Affiliate-Id
2097130

Response headers

date
Fri, 10 Nov 2023 07:34:31 GMT
strict-transport-security
max-age=300; includeSubDomains
x-content-type-options
nosniff
via
1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-length
16
x-xss-protection
1; mode=block
x-request-id
654ddd05abc46756735a0243a3dbcebd
server
envoy
vary
Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.booking.com
access-control-allow-credentials
true
x-amz-cf-id
Vf4CK2VPFr2ALLWAJ82CeH43ouz9t4Q6GcYli99zF_08ovyJ3dimug==
internal-events
flights.booking.com/track/
16 B
739 B
Fetch
General
Full URL
https://flights.booking.com/track/internal-events
Requested by
Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.e09fdcb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-6.fra56.r.cloudfront.net
Software
envoy /
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

x-booking-trace-meta
caller_persona="b-flights-frontend"; root_caller_persona="app"
x-booking-request-tree-id
654ddd05abc46756735a0243a3dbcebd
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
x-booking-parent-request-id
4b41b15f-31fa-4cf4-94b4-82ee032572a6
X-Booking-Label
confirmation_text
Content-Type
application/json
X-Requested-From
clientFetch
Referer
https://www.booking.com/
X-Booking-Affiliate-Id
2097130

Response headers

date
Fri, 10 Nov 2023 07:34:31 GMT
strict-transport-security
max-age=300; includeSubDomains
x-content-type-options
nosniff
via
1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-length
16
x-xss-protection
1; mode=block
x-request-id
654ddd05abc46756735a0243a3dbcebd
server
envoy
vary
Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.booking.com
access-control-allow-credentials
true
x-amz-cf-id
ReWr3V88L9G94kqvOZhmccdSE49UY7X47DBW0_4GfKfz99bqBcdaRg==
bat.js
bat.bing.com/
45 KB
13 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0dc90421cbf6414c9f1ef5e93af3dbe48a4e51899452330f0ae0b2815e38be94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Fri, 10 Nov 2023 07:34:30 GMT
last-modified
Fri, 20 Oct 2023 01:13:24 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 65CBCDF2610046CDAD7E426E09358DF8 Ref B: FRA31EDGE0110 Ref C: 2023-11-10T07:34:31Z
etag
"0125f9ff22da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13079
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202308.2.0/
421 KB
101 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee39d0cbc9e9cd88b7dac8ebca680b89e8879081f855152f21772c7834474437
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 10 Nov 2023 07:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
B7RJGeSCnZZuAb1NQkB81w==
age
41143
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
103637
x-ms-lease-status
unlocked
last-modified
Wed, 20 Sep 2023 06:26:02 GMT
server
cloudflare
etag
0x8DBB9A2763B37CA
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
21d158e6-101e-007e-2a3b-eca9c4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
823c9d0b7f803651-FRA
/
www.google.com/pagead/1p-user-list/1070314322/
42 B
455 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/1070314322/?random=1699601670812&cv=11&fst=1699599600000&bg=ffffff&guid=ON&async=1&gtm=45be3b81v882970024&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.booking.com%2Fflights%2Findex.nl.html%3Faid%3D2097130%26label%3Dconfirmation_text%26sid%3D1c992d0f614246f052101d4bf8f83ebc%26adplat%3Demail-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q%26adults%3D2%26cabinClass%3DECONOMY%26depart%3D2023-10-30%26destination%3DBRU%26from%3DPAR%26origin%3DPAR%26return%3D2023-10-31%26showLoader%3D1%26to%3DBRU%26type%3DROUNDTRIP%26&frm=0&tiba=Vind%20goedkope%20vluchten%20%26%20vliegtickets%20%7C%20Booking.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwDICaaNY5NgZ-usWGqtkM1xACgu36IHsQxO_Q&random=1578218618&rmt_tld=0&ipr=y
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 07:34:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1070314322/
42 B
455 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/1070314322/?random=1699601670812&cv=11&fst=1699599600000&bg=ffffff&guid=ON&async=1&gtm=45be3b81v882970024&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.booking.com%2Fflights%2Findex.nl.html%3Faid%3D2097130%26label%3Dconfirmation_text%26sid%3D1c992d0f614246f052101d4bf8f83ebc%26adplat%3Demail-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q%26adults%3D2%26cabinClass%3DECONOMY%26depart%3D2023-10-30%26destination%3DBRU%26from%3DPAR%26origin%3DPAR%26return%3D2023-10-31%26showLoader%3D1%26to%3DBRU%26type%3DROUNDTRIP%26&frm=0&tiba=Vind%20goedkope%20vluchten%20%26%20vliegtickets%20%7C%20Booking.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwDICaaNY5NgZ-usWGqtkM1xACgu36IHsQxO_Q&random=1578218618&rmt_tld=1&ipr=y
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 07:34:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/481216654/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/481216654/?random=1699601670702&cv=11&fst=1699599600000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v843635506&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.booking.com%2Fflights%2Findex.nl.html%3Faid%3D2097130%26label%3Dconfirmation_text%26sid%3D1c992d0f614246f052101d4bf8f83ebc%26adplat%3Demail-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q%26adults%3D2%26cabinClass%3DECONOMY%26depart%3D2023-10-30%26destination%3DBRU%26from%3DPAR%26origin%3DPAR%26return%3D2023-10-31%26showLoader%3D1%26to%3DBRU%26type%3DROUNDTRIP%26&frm=0&tiba=Vind%20goedkope%20vluchten%20%26%20vliegtickets%20%7C%20Booking.com&fmt=3&is_vtc=1&cid=CAQSGwDICaaNmn7NGbxwwNFhdbiduaKtx__6O5Q0DA&random=1969854964&rmt_tld=0&ipr=y
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 07:34:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/481216654/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/481216654/?random=1699601670702&cv=11&fst=1699599600000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v843635506&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.booking.com%2Fflights%2Findex.nl.html%3Faid%3D2097130%26label%3Dconfirmation_text%26sid%3D1c992d0f614246f052101d4bf8f83ebc%26adplat%3Demail-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q%26adults%3D2%26cabinClass%3DECONOMY%26depart%3D2023-10-30%26destination%3DBRU%26from%3DPAR%26origin%3DPAR%26return%3D2023-10-31%26showLoader%3D1%26to%3DBRU%26type%3DROUNDTRIP%26&frm=0&tiba=Vind%20goedkope%20vluchten%20%26%20vliegtickets%20%7C%20Booking.com&fmt=3&is_vtc=1&cid=CAQSGwDICaaNmn7NGbxwwNFhdbiduaKtx__6O5Q0DA&random=1969854964&rmt_tld=1&ipr=y
Requested by
Host: www.booking.com
URL: https://www.booking.com/flights/index.nl.html?aid=2097130&label=confirmation_text&sid=1c992d0f614246f052101d4bf8f83ebc&adplat=email-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q&adults=2&cabinClass=ECONOMY&depart=2023-10-30&destination=BRU&from=PAR&origin=PAR&return=2023-10-31&showLoader=1&to=BRU&type=ROUNDTRIP&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 07:34:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
nl.json
cdn.cookielaw.org/consent/3ea94870-d4b1-483a-b1d2-faf1d982bb31/5960a206-455d-4495-8981-3d8a43c9b243/
99 KB
23 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/3ea94870-d4b1-483a-b1d2-faf1d982bb31/5960a206-455d-4495-8981-3d8a43c9b243/nl.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b44980f2a165dd5f9199b793bd72da6160e15ca01bf2480bec589a8abbe3f1b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 10 Nov 2023 07:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
5810
content-md5
lZ2gwcBnwQf+nP17WOAF3A==
content-length
23518
x-ms-lease-status
unlocked
last-modified
Thu, 07 Sep 2023 11:45:30 GMT
server
cloudflare
etag
0x8DBAF97F037511E
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
bfb6b011-201e-0065-7488-f097c7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
823c9d0c39793612-FRA
expires
Sat, 11 Nov 2023 07:34:31 GMT
15338614.js
bat.bing.com/p/action/
0
117 B
Script
General
Full URL
https://bat.bing.com/p/action/15338614.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Fri, 10 Nov 2023 07:34:30 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: D1122EABEAA540238482806C4B8ADD23 Ref B: FRA31EDGE0110 Ref C: 2023-11-10T07:34:31Z
x-cache
CONFIG_NOCACHE
otFlat.json
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 10 Nov 2023 07:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
BHQvHegaR3S9THBo4PtGGQ==
age
71235
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Wed, 20 Sep 2023 06:25:55 GMT
server
cloudflare
etag
0x8DBB9A272000203
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
9232cc53-201e-0017-03b8-eb9088000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
823c9d0ca9fa3612-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/
21 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 10 Nov 2023 07:34:31 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
c7xAZ9MSGAobGaTYg/Qtag==
age
62481
x-ms-lease-status
unlocked
last-modified
Wed, 20 Sep 2023 06:26:05 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
2820244a-e01e-0037-5762-0deb2f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
823c9d0caa013612-FRA
et
flights.booking.com/track/
0
0
Preflight
General
Full URL
https://flights.booking.com/track/et
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-6.fra56.r.cloudfront.net
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-booking-affiliate-id,x-booking-label,x-booking-parent-request-id,x-booking-request-tree-id,x-booking-trace-meta,x-requested-from,x-soylent-email
Access-Control-Request-Method
POST
Origin
https://www.booking.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-booking-affiliate-id,x-booking-label,x-booking-parent-request-id,x-booking-request-tree-id,x-booking-trace-meta,x-requested-from,x-soylent-email
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://www.booking.com
date
Fri, 10 Nov 2023 07:34:31 GMT
referrer-policy
no-referrer
server
envoy
strict-transport-security
max-age=300; includeSubDomains
vary
Origin, Access-Control-Request-Headers
via
1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-id
_0vWW4j1g4mVAkU4uWGtvAWChJA6Cv8Gl71he9lgcL3taY9F-g8_Rg==
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-request-id
96690ef0-7f9b-11ee-a9db-517e75229ec5
x-xss-protection
1; mode=block
et
flights.booking.com/track/
4 B
743 B
Fetch
General
Full URL
https://flights.booking.com/track/et
Requested by
Host: q-xx.bstatic.com
URL: https://q-xx.bstatic.com/flights/web/static/js/client.e09fdcb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-6.fra56.r.cloudfront.net
Software
envoy /
Resource Hash
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

x-booking-trace-meta
caller_persona="b-flights-frontend"; root_caller_persona="app"
x-booking-request-tree-id
654ddd05abc46756735a0243a3dbcebd
accept-language
de-DE,de;q=0.9
x-booking-parent-request-id
4b41b15f-31fa-4cf4-94b4-82ee032572a6
X-Booking-Label
confirmation_text
Content-Type
application/json
X-Requested-From
clientFetch
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Referer
https://www.booking.com/
X-Booking-Affiliate-Id
2097130
X-Soylent-Email

Response headers

date
Fri, 10 Nov 2023 07:34:31 GMT
strict-transport-security
max-age=300; includeSubDomains
x-content-type-options
nosniff
via
1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-length
4
x-xss-protection
1; mode=block
x-request-id
654ddd05abc46756735a0243a3dbcebd
referrer-policy
no-referrer
server
envoy
vary
Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.booking.com
access-control-allow-credentials
true
x-amz-cf-id
LeSxF6WGUahlBOxeHoD7HW-rGin3U8TlmgcnckBgfb1MoH90IpGT-Q==

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| dataLayer function| riskifiedBeaconLoad object| __INITIAL_STATE__ object| __GLOBAL_CONTEXT__ object| __LOCALE_STATE__ object| PCM function| OptanonWrapper object| OneTrustStub object| google_tag_manager object| google_tag_data object| GooglebQhCsO object| client object| __LOADABLE_LOADED_CHUNKS__ function| setImmediate function| clearImmediate object| regeneratorRuntime function| _ object| orchestrator function| gtag object| uetq string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData function| UET function| UET_init function| UET_push object| ueto_903cf87788 object| Optanon object| OneTrust

16 Cookies

Domain/Path Name / Value
.booking.com/flights Name: px_init
Value: 0
.booking.com/ Name: fasc
Value: e3135546-5d25-46bf-b580-55dfa084c588
.booking.com/ Name: pc_payer_id
Value: a86c728d-a1a2-4c8c-bc30-0724912ed35a
.booking.com/ Name: fsc
Value: s%3A85deb5d1fa6d9f3ac2fdc4df2451f366.1j4GVHLO651apL1cX1nXUVL%2FL%2BEgp9v9xyIRTkGNdd0
flights.booking.com/ Name: fsc
Value: s%3A85deb5d1fa6d9f3ac2fdc4df2451f366.1j4GVHLO651apL1cX1nXUVL%2FL%2BEgp9v9xyIRTkGNdd0
.booking.com/ Name: pcm_consent
Value: analytical%3Dfalse%26countryCode%3DDE%26consentId%3Da24ddb44-042d-48f5-b3d9-2b26b5283090%26consentedAt%3D2023-11-10T07%3A34%3A28.800Z%26expiresAt%3D2024-05-08T07%3A34%3A28.800Z%26implicit%3Dtrue%26marketing%3Dfalse%26regionCode%3DBE%26regulation%3Dgdpr%26legacyRegulation%3Dgdpr
.booking.com/ Name: bkng_sso_auth
Value: CAIQsOnuTRpyTVNMpH2ua5MRUxWRDqAcNG7ERhBIgIa/dfi5oh2SEXn7bkWJmqFvfdnE+ify8M8LMYsw+Fe/X+eoWf0685nsS4+d/QBtDMylsVaWkAw2rDTdbHavkCbsUJqN6SCVnTP9dPAs8c3q646VX1xsWNPw+NAv
.booking.com/ Name: px_init
Value: 0
.booking.com/ Name: _pxhd
Value: IFBkUDbWJUpy2ZDyOuiwByF0NxBBbMEd5BhK5%252FJSWfp9lr0QbBKIaPEnxDSY2VkCMaFm1%252FGge3t5CuRKU8kgQw%253D%253D%253A%252FvyDTcl5ZFqqOen63KHCM3S4Eyq-vWkAQVXpM9ZdXX7-4jFKeCCaWo92iwbeXeH3-vQncjVs%252FTbJLeXxmHhL3VY%252FMjjBVjjz9-aSzuwTCZ4%253D
www.booking.com/ Name: fsc
Value: s%3A85deb5d1fa6d9f3ac2fdc4df2451f366.1j4GVHLO651apL1cX1nXUVL%2FL%2BEgp9v9xyIRTkGNdd0
.booking.com/ Name: _gcl_au
Value: 1.1.1772549259.1699601671
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.booking.com/ Name: _uetsid
Value: 9626d1807f9b11eea3496d0d99319be8
.booking.com/ Name: _uetvid
Value: 9626ef007f9b11eeb9c6f9d3437741fc
.booking.com/ Name: bkng
Value: 11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbof7CEiNviT%2BkKAp0BB49vc6RlcUEdrI1Xd8DeysoDGZGbzY7I0jUpMXF7JxkA7eCJ38X5YTgsr%2B74N2LXGwuW0lCuivRPlJqmZhuml3%2FyjX6pa3hi1EqI9RTK5mtCiJORHujvVUfO2TKtrY0LdfEQxdaqGjUK0VZ%2FNfxa6MijOA%3D
.www.booking.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Fri+Nov+10+2023+08%3A34%3A31+GMT%2B0100+(Central+European+Standard+Time)&version=202308.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=f53d38dc-6688-427b-88bf-3e313afbf981&interactionCount=0&landingPath=https%3A%2F%2Fwww.booking.com%2Fflights%2Findex.nl.html%3Faid%3D2097130%26label%3Dconfirmation_text%26sid%3D1c992d0f614246f052101d4bf8f83ebc%26adplat%3Demail-mg_confirmation_email-lp_in_copy-flight-checklist-6Y4uQSwdDcpIseRpYZnC0Q%26adults%3D2%26cabinClass%3DECONOMY%26depart%3D2023-10-30%26destination%3DBRU%26from%3DPAR%26origin%3DPAR%26return%3D2023-10-31%26showLoader%3D1%26to%3DBRU%26type%3DROUNDTRIP%26&groups=C0001%3A1%2CC0002%3A0%2CC0004%3A0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
cdn.cookielaw.org
ch.booking.com
flights.booking.com
geolocation.onetrust.com
googleads.g.doubleclick.net
q-cf.bstatic.com
q-xx.bstatic.com
r-cf.bstatic.com
t-cf.bstatic.com
www.booking.com
www.google.com
www.google.de
www.googletagmanager.com
13.32.27.6
18.245.60.76
2600:9000:2057:f000:1c:d826:cd80:93a1
2600:9000:2251:b600:5:bf05:acc0:93a1
2606:4700:4400::ac40:9b77
2606:4700::6812:83ec
2620:1ec:c11::200
2a00:1450:4001:809::2002
2a00:1450:4001:81c::2003
2a00:1450:4001:829::2004
2a00:1450:4001:830::2008
52.222.214.96
088b13a857e18e1a40fef56a4666334295ea0f5ac267292d835afa2831da18cf
0dc90421cbf6414c9f1ef5e93af3dbe48a4e51899452330f0ae0b2815e38be94
0ed37c039c511d40e23876bd20ff2c0b3d60a5c93e9614a426b819680f379e85
18c62988860a8ffd90bab6376b4fe36a723bd39403c420d3943aa3eb5a0029c5
1c4e33b7116fb6312490019554754143187cb4ab075b3bd2c7854e2786b6ffbb
1d6e86e59ab7235a8343f494c8e8da6cc02c5a98a75d682401340e6d06935f20
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
2ded31b005c9664eb4db7e37fc7a3ad329b8bdbe3ba2937b0ad757956d2c6806
40637fab1442d0ecfde3fac829c13dbf340af06ab9fcbb4c79bf5d7e5747b28e
47b58f0909cae06bc80a8d79e50758d188832800d541c7285a8bd72f3b23a0c2
4a2171ec292f93f36d2472b2c50723e1f7da73444b412321aa310e0c1c74916e
5147eef02a949fda1f4f2d0335ee29d0e75670de519caec953316d38d2fd03e4
521c3e951f88bebeba43714f45b9da25886839757348d3599c2bf12034b585b8
54370e8f589fef00fbdc853c168f40c1955c478a26c2f464f76f927951f9ffb4
5839f0330821cf08029beddd6d248170da1af16cd7aff253e7bd075d591f5d42
5cbf41c1d2cdac0aace6b9464c581ed8a6c3ca2c29d160ce019b300f3a22d662
64f453647371603630edff1d0594577ae9ad63981bf8e7203dead4312386fdaf
65b94f4b92578d0f37cd28b59eedf5fbfca7bd95e15106c6b9439b9a34425a4f
6a2e89f45bfab062e59e06b106a4996f0098ca9c7ba84d6fa3a77e048d9c644e
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
6caf656dbddd9bf86408182dd8d677976f90c2f9539aa05245d0f7e41ceba6c6
6f8527d9408a651f17cf4de43262a6fa2927ab2af6ca98641828793af062f118
807c8a1b498e17d227cf48a640b778bdc4398a9852493cb2f40bf0f33651d0dd
8561e200a6a57195e480ed9d893b14579ef6acdeabfbb3fe22b5e4ec9b84b455
b23272a9692c4ec3c020935917e9d096490876c976abec1290bd3cc9aae13974
b44980f2a165dd5f9199b793bd72da6160e15ca01bf2480bec589a8abbe3f1b5
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
bfbe1a9cc8a14086aafa1c4b0836ec64dc12eb522a419e6600190033aff686e0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d5d5badb50d07fe792765fc98388901290efc2cd2014b1afe513321acaa6710f
da36ba580d641a2de9479e6d1a4bc4a019bb20c6f706ff32377c4801e5ad09c5
da4d6cbe029e66af0b914d74b4058756451fda4f79b4e7b85c0ebf4f0e74cfb2
df47fadeb73a49a882a6036d212b6baecb8244a3ea5c6867b07e11ece51fea5b
e0bd98de54a1e8513bb07af1cd94749bbb5da568b21ba74580b4a2c510dd6283
e1117bd0c871b65190e19381e2856bb55fab15b957b14e6cce36ed3c3c384908
e34ca49f80000da27e323f52dbcf71cc4cfc2bb6f09bed001e3d341c0b4ea683
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ee39d0cbc9e9cd88b7dac8ebca680b89e8879081f855152f21772c7834474437
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4b37393f2c075b901968f72e63b4057dbd6f1b0e48acba372529b13faa3dc6a
f989a782db55adc01bde5f898b3e080a69e42e61534bd421a28ef85c86fda618