Submitted URL: http://samplesource.com/
Effective URL: https://samplesource.com/
Submission Tags: tranco_l324
Submission: On April 05 via api from DE — Scanned from DE

Summary

This website contacted 8 IPs in 2 countries across 7 domains to perform 43 HTTP transactions. The main IP is 3.222.158.73, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is samplesource.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on January 13th 2024. Valid for: a year.
This is the only time samplesource.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
35 3.222.158.73 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
1 2602:816:5001... 54113 (FASTLY)
1 162.247.243.29 54113 (FASTLY)
43 8
Apex Domain
Subdomains
Transfer
35 samplesource.com
samplesource.com
www.samplesource.com Failed
2 MB
2 realtimely.io
ua.realtimely.io — Cisco Umbrella Rank: 52258
api.realtimely.io — Cisco Umbrella Rank: 51908
3 KB
1 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 250
597 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 655
16 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2709
254 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 43
91 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 38
915 B
43 7
Domain Requested by
35 samplesource.com samplesource.com
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com samplesource.com
1 region1.google-analytics.com www.googletagmanager.com
1 api.realtimely.io samplesource.com
1 ua.realtimely.io samplesource.com
1 www.googletagmanager.com samplesource.com
1 fonts.googleapis.com samplesource.com
0 www.samplesource.com Failed samplesource.com
43 9

This site contains links to these domains. Also see Links.

Domain
corporate.samplesource.com
www.instagram.com
Subject Issuer Validity Valid
samplesource.com
Amazon RSA 2048 M03
2024-01-13 -
2025-02-10
a year crt.sh
upload.video.google.com
GTS CA 1C3
2024-03-04 -
2024-05-27
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-03-04 -
2024-05-27
3 months crt.sh
realtimely.io
GTS CA 1P5
2024-02-21 -
2024-05-21
3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2024 Q1
2024-03-21 -
2025-04-22
a year crt.sh
*.nr-data.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-29 -
2024-10-01
a year crt.sh

This page contains 1 frames:

Primary Page: https://samplesource.com/
Frame ID: DEFF66A5862889F95583647B9D10C999
Requests: 43 HTTP requests in this frame

Screenshot

Page Title

SampleSource.com - Free Samples - home, health, beauty, makeup, food, and more!

Page URL History Show full URLs

  1. http://samplesource.com/ HTTP 307
    https://samplesource.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Page Statistics

43
Requests

98 %
HTTPS

71 %
IPv6

7
Domains

9
Subdomains

8
IPs

2
Countries

1975 kB
Transfer

2880 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://samplesource.com/ HTTP 307
    https://samplesource.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36
  • https://samplesource.com/js/images/bx_loader.gif HTTP 302
  • https://www.samplesource.com/

43 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
samplesource.com/
Redirect Chain
  • http://samplesource.com/
  • https://samplesource.com/
50 KB
17 KB
Document
General
Full URL
https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
24f5f5209416cb1bcf2b9a6ea76a4efe25af523dff682c0aa6b456e6443ff8c4
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
access-control-allow-origin
*
access-control-max-age
1000
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
15602
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-type
text/html; charset=UTF-8
date
Fri, 05 Apr 2024 02:22:50 GMT
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
expires
Thu, 19 Nov 1981 08:52:00 GMT
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

Location
https://samplesource.com/
Non-Authoritative-Reason
HttpsUpgrades
colorbox.css
samplesource.com/css/
3 KB
3 KB
Stylesheet
General
Full URL
https://samplesource.com/css/colorbox.css
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
b58fb7d020c67738c39dc9b48415b6d6faf1ba985b107f92a2af5c6a58aaab8f
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1072
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"baa-5d8d73ca6fa04-gzip"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
vary
Accept-Encoding
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
jquery-ui.css
samplesource.com/css/
35 KB
10 KB
Stylesheet
General
Full URL
https://samplesource.com/css/jquery-ui.css
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
44f8a56d427917b5fa0dd7933ba545679be5e6b3b93099e64a4e29c2159f57c0
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains
content-length
8378
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"8c85-5d8d73ca6fa04-gzip"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
vary
Accept-Encoding
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
bootstrap.min.css
samplesource.com/css/
115 KB
21 KB
Stylesheet
General
Full URL
https://samplesource.com/css/bootstrap.min.css
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains
content-length
19249
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"1ca39-5d8d73ca6fa04-gzip"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
vary
Accept-Encoding
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
css
fonts.googleapis.com/
1 KB
915 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Varela+Round
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ee8b4c63b428fb78db8978da6ea0e7898dc3b508a15a37bea33703c452945933
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 05 Apr 2024 00:30:10 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 05 Apr 2024 02:22:50 GMT
jquery.bxslider.css
samplesource.com/js/
4 KB
3 KB
Stylesheet
General
Full URL
https://samplesource.com/js/jquery.bxslider.css
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
6300ba1c19b24d427fdec05b16c8b7c85f21155097c82ffdced06192a5f70d31
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1193
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"efc-5d8d73ca73884-gzip"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
vary
Accept-Encoding
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
style.css
samplesource.com/
36 KB
9 KB
Stylesheet
General
Full URL
https://samplesource.com/style.css
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
a44e0f06869a2f8def8c54d3b17c810957b3ac5c2428438df15ca4effc31f289
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains
content-length
7365
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Aug 2023 18:57:11 GMT
server
Apache
etag
"909e-601e11d4c1a20-gzip"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
vary
Accept-Encoding
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
jquery-latest.min.js
samplesource.com/js/
94 KB
34 KB
Script
General
Full URL
https://samplesource.com/js/jquery-latest.min.js
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains
content-length
33225
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"1762a-5d8d73ca73884-gzip"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
jquery-ui.js
samplesource.com/js/
509 KB
124 KB
Script
General
Full URL
https://samplesource.com/js/jquery-ui.js
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"7f20a-5d8d73ca73884-gzip"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
bootstrap.min.js
samplesource.com/js/
35 KB
11 KB
Script
General
Full URL
https://samplesource.com/js/bootstrap.min.js
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains
content-length
9539
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"8c6f-5d8d73ca73884-gzip"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
jquery.colorbox.js
samplesource.com/js/
28 KB
10 KB
Script
General
Full URL
https://samplesource.com/js/jquery.colorbox.js
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ea60fb337f7672693ab00cd0a4699ef3b720f382b7bfc4e1ac3baa6fe8ff79bb
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains
content-length
8824
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"71b1-5d8d73ca73884-gzip"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
jquery.validate.js
samplesource.com/js/
42 KB
13 KB
Script
General
Full URL
https://samplesource.com/js/jquery.validate.js
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
8332059e24b7aaa3585e312bb9cd3f35c0a4b16861e52bb216f2abaf0f22fa12
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains
content-length
11290
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"a6ca-5d8d73ca73884-gzip"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
samplesource.js
samplesource.com/js/
15 KB
4 KB
Script
General
Full URL
https://samplesource.com/js/samplesource.js
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
893bdf4c6e638ea14d8c4e4d7e0f9e83da3abee66a1aaabf1d1243f832e0e6c2
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains
content-length
2662
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 09 Mar 2022 20:07:00 GMT
server
Apache
etag
"3de3-5d9cea3f0b990-gzip"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
jquery.bxslider.js
samplesource.com/js/
49 KB
13 KB
Script
General
Full URL
https://samplesource.com/js/jquery.bxslider.js
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
bddbba35635904eca1d7f9edc74bdbcba04ec0f5a16286fdbd8f78fb0f7e0c6f
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=31536000; includeSubDomains
content-length
11960
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"c58d-5d8d73ca73884-gzip"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
js
www.googletagmanager.com/gtag/
261 KB
91 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-8NKH4X0LYS
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c591b6e341fa0b1049d358914d29d83bea2ff2313982a714fef0fc75f4e5ac30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92768
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 05 Apr 2024 02:22:51 GMT
script.js
ua.realtimely.io/
4 KB
2 KB
Script
General
Full URL
https://ua.realtimely.io/script.js
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bbc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3b53536facfed547d2c1809944ea7c227b43e3e7ae6c833c461066a1d158545

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
424607
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sun, 08 Oct 2023 07:39:41 GMT
server
cloudflare
etag
W/"65225cbd-fd3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QngL0fcS7iD5H0UWpkTCqk8OzD0NUk8cXN4sG4piZT2bsqnkoo2CgCYhnCaZZVtv%2Fewxdyo9vTFTW%2BUIBn%2F82NapNRUIeNhNgyD0cXTxB%2BZnYcgHU%2B2bL0YERXaoi8wsg39RisbKHYDn%2Fb6rk4c%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
cf-ray
86f612a26da330c6-FRA
logo_black_en.svg
samplesource.com/images/
23 KB
24 KB
Image
General
Full URL
https://samplesource.com/images/logo_black_en.svg
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
62a4c1cd0c1e4738b373461cb96bc29311d30292a7bf81c4bd523e89dd3fda8a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
23310
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"5b0e-5d8d73ca728e4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
ca_64.png
samplesource.com/images/
3 KB
4 KB
Image
General
Full URL
https://samplesource.com/images/ca_64.png
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
303e8b2c06f07ee6bd4058e41424739f74fcbc5c7e8989085acf5c394d2e79d3
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:50 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
2813
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"afd-5d8d73ca709a4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
us_64.png
samplesource.com/images/
3 KB
5 KB
Image
General
Full URL
https://samplesource.com/images/us_64.png
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ee78e49f2b8e2ea508e214441566c33ba6e5f97c93bd44a404a681b1346f7c05
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
3458
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"d82-5d8d73ca73884"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
ca.png
samplesource.com/images/
843 B
3 KB
Image
General
Full URL
https://samplesource.com/images/ca.png
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
59f1c41813b3ec86c38ac3d81e081dfd92677b37b007f6ba8d2997c1afb6b984
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
843
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"34b-5d8d73ca709a4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
logo_white_en.svg
samplesource.com/images/
23 KB
24 KB
Image
General
Full URL
https://samplesource.com/images/logo_white_en.svg
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
0341022da58ddeaa8e466f5f6aea3e288c356b42cc829d4992609a402be4cc2c
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
23310
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"5b0e-5d8d73ca728e4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
icon_close.jpg
samplesource.com/images/
5 KB
7 KB
Image
General
Full URL
https://samplesource.com/images/icon_close.jpg
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ffeef03a1f0c9d55344d7d76401137af3572f172654814e850e1f0070b6a9769
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
4998
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 12 Mar 2022 15:17:28 GMT
server
Apache
etag
"1386-5da06f203d670"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
header-image_en.jpg
samplesource.com/images/
245 KB
247 KB
Image
General
Full URL
https://samplesource.com/images/header-image_en.jpg
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
e3396046b324a43fd38d90f5ede519bad2323b41de3f9fc0fb4b4a40ce167837
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
250867
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"3d3f3-5d8d73ca709a4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
home_img_en.jpg
samplesource.com/images/
225 KB
227 KB
Image
General
Full URL
https://samplesource.com/images/home_img_en.jpg
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
44b1518cc43b3d752114fb6e2267ee0182444fb8a4cc6e6300712840b72d3f68
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
230244
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 13 Apr 2023 16:10:22 GMT
server
Apache
etag
"38364-5f939f6307440"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
animated_register.gif
samplesource.com/images/
219 KB
221 KB
Image
General
Full URL
https://samplesource.com/images/animated_register.gif
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
573035747a1937c7e515ccf1fa3542d702e81015c3324f3817cc1bc94d924b72
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
224440
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"36cb8-5d8d73ca709a4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
animated_add_to_cart.gif
samplesource.com/images/
342 KB
344 KB
Image
General
Full URL
https://samplesource.com/images/animated_add_to_cart.gif
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
086cc811e55486db6cb6d7c3433a8d47c29afd3114ad6e25df674ffaec24cc2f
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
350064
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"55770-5d8d73ca709a4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
animated_shipped.gif
samplesource.com/images/
264 KB
266 KB
Image
General
Full URL
https://samplesource.com/images/animated_shipped.gif
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
03e121a8b6db6ef0d52c5b7456278e8752cdc866c3d317d7cf2eb3720bf2b452
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
270815
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"421df-5d8d73ca709a4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
star-reviews.png
samplesource.com/images/
9 KB
11 KB
Image
General
Full URL
https://samplesource.com/images/star-reviews.png
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
35671b15460b603bac2db14a425f1fc8ed62edebbc6066ebb7ae05ccd598d5cc
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
9113
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"2399-5d8d73ca73884"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
products_spring_2024_cad.gif
samplesource.com/images/
124 KB
126 KB
Image
General
Full URL
https://samplesource.com/images/products_spring_2024_cad.gif
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
316e9610bbbb344f31d4f93709f37b599b51ed043435d704e23ac0f4283712ef
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
126959
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Sun, 24 Mar 2024 13:54:05 GMT
server
Apache
etag
"1efef-6146863ed3420"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
icon_instagram_white.svg
samplesource.com/images/
1 KB
3 KB
Image
General
Full URL
https://samplesource.com/images/icon_instagram_white.svg
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
da59d9eff1c01d11a1901b27d595e54126757b1f5a2d6fd3319d95a8f5e1cbb8
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
1120
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"460-5d8d73ca728e4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
logo_black_en.svg
samplesource.com/images/
23 KB
24 KB
Image
General
Full URL
https://samplesource.com/images/logo_black_en.svg
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
62a4c1cd0c1e4738b373461cb96bc29311d30292a7bf81c4bd523e89dd3fda8a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
23310
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"5b0e-5d8d73ca728e4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
ca.png
samplesource.com/images/
843 B
3 KB
Image
General
Full URL
https://samplesource.com/images/ca.png
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
59f1c41813b3ec86c38ac3d81e081dfd92677b37b007f6ba8d2997c1afb6b984
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:52 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
843
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"34b-5d8d73ca709a4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
star-reviews.png
samplesource.com/images/
9 KB
11 KB
Image
General
Full URL
https://samplesource.com/images/star-reviews.png
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
35671b15460b603bac2db14a425f1fc8ed62edebbc6066ebb7ae05ccd598d5cc
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
9113
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"2399-5d8d73ca73884"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
logo_white_en.svg
samplesource.com/images/
23 KB
24 KB
Image
General
Full URL
https://samplesource.com/images/logo_white_en.svg
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
0341022da58ddeaa8e466f5f6aea3e288c356b42cc829d4992609a402be4cc2c
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
23310
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"5b0e-5d8d73ca728e4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
controls.png
samplesource.com/css/images/
2 KB
3 KB
Image
General
Full URL
https://samplesource.com/css/images/controls.png
Requested by
Host: samplesource.com
URL: https://samplesource.com/css/colorbox.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
a74f8231760b80cd51dedb5c168f9be3d305d8930835add80566e788b6300892
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/css/colorbox.css
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:52 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
1633
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"661-5d8d73ca6fa04"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
loading.gif
samplesource.com/css/images/
6 KB
8 KB
Image
General
Full URL
https://samplesource.com/css/images/loading.gif
Requested by
Host: samplesource.com
URL: https://samplesource.com/css/colorbox.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
646ef3b2d197aebb633ba93a32485e9b289956697f8e0658d4b642c1aae5997d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/css/colorbox.css
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:53 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
6244
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"1864-5d8d73ca6fa04"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
modal_close.png
samplesource.com/images/
2 KB
4 KB
Image
General
Full URL
https://samplesource.com/images/modal_close.png
Requested by
Host: samplesource.com
URL: https://samplesource.com/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
05947f91fe23f865abe6da5a75f7a39bb5b35ea752c83c97238ea13cde6545a0
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/style.css
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:53 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
2486
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 25 Feb 2022 12:57:10 GMT
server
Apache
etag
"9b6-5d8d73ca728e4"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
/
www.samplesource.com/
Redirect Chain
  • https://samplesource.com/js/images/bx_loader.gif
  • https://www.samplesource.com/
0
0

/
api.realtimely.io/c/
0
424 B
Image
General
Full URL
https://api.realtimely.io/c/?p=%2F&u=no&s=no&h=https%3A%2F%2Fsamplesource.com&r=&sid=SAMPLE&t=SampleSource.com%20-%20Free%20Samples%20-%20home%2C%20health%2C%20beauty%2C%20makeup%2C%20food%2C%20and%20more!&qs=%7B%7D&cid=62691540
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:bbc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:51 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QhkZ1z%2B%2F6ce6Dmmm0p%2BR%2Fzqu7etiIEk%2Bkh%2BP0zuhDENXUn4GexmWDXABsvmwt6lxnzO29XZ07elp3Mx63Z6w%2FDy5PnV9vm0OxoX3fNjSGbmPw%2BtlUovZ2MNXmFPcMvz6hdSNpbEm3%2FNmBYQ4bP1f"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
86f612a2bdc430c6-FRA
alt-svc
h3=":443"; ma=86400
collect
region1.google-analytics.com/g/
0
254 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-8NKH4X0LYS&gtm=45je4430v887669933za200&_p=1712283771211&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=455093202.1712283771&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1712283771&sct=1&seg=0&dl=https%3A%2F%2Fsamplesource.com%2F&dt=SampleSource.com%20-%20Free%20Samples%20-%20home%2C%20health%2C%20beauty%2C%20makeup%2C%20food%2C%20and%20more!&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=940
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8NKH4X0LYS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 05 Apr 2024 02:22:51 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://samplesource.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
nr-rum-1.253.0.min.js
js-agent.newrelic.com/
45 KB
16 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-rum-1.253.0.min.js
Requested by
Host: samplesource.com
URL: https://samplesource.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2602:816:5001::39 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6d7aa6bb298937661d993695e32a86a9c891b3cb77e46cda3831bc8ca616c55c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
Origin
https://samplesource.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
TgvqgvoYAHsERQ1.OBrfuMt0ieYpGWt5
content-encoding
br
via
1.1 varnish
date
Fri, 05 Apr 2024 02:22:53 GMT
strict-transport-security
max-age=300
x-amz-request-id
X82XS7DBSPX3PXEJ
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
15820
x-amz-id-2
RrtdF0rpIyjb9pUYMfZU6aT+D5q/1pYTBzAX4N4P4uIJEG2uAlulcTYHCIGMbAcjtPk3O9B+4lU=
x-served-by
cache-fra-eddf8230059-FRA
last-modified
Wed, 13 Mar 2024 21:07:25 GMT
server
AmazonS3
etag
"25a03a86ccddb342618e06f726d40778"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
34414
favicon.ico
samplesource.com/
1 KB
3 KB
Other
General
Full URL
https://samplesource.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.158.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-158-73.compute-1.amazonaws.com
Software
Apache /
Resource Hash
401d9abcac52aad1d5787ae70dec327b3f667c6158719ff43459e1ed127c479f
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 02:22:54 GMT
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-permitted-cross-domain-policies
none
content-length
1150
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 09 Mar 2022 19:50:42 GMT
server
Apache
etag
"47e-5d9ce69a700a0"
expect-ct
enforce, max-age=300, report-uri='https://samplesource.com/'
access-control-max-age
1000
x-frame-options
SAMEORIGIN, SAMEORIGIN
content-type
image/vnd.microsoft.icon
access-control-allow-origin
*
feature-policy
fullscreen 'none'
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
access-control-allow-headers
XMLHttpRequest, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
ac25e462e9
bam.nr-data.net/1/
148 B
597 B
XHR
General
Full URL
https://bam.nr-data.net/1/ac25e462e9?a=121556617&v=1.253.0&to=Y1EGMEJRVkUHAhdbC1obMRZZH1FYAgQbHBRcRA%3D%3D&rst=3620&ck=0&s=662de54dcd8d5505&ref=https://samplesource.com/&hr=0&ap=13&be=409&fe=3173&dc=503&at=TxYFRgpLRUs%3D&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1712283770391,%22n%22:0,%22f%22:1,%22dn%22:13,%22dne%22:13,%22c%22:13,%22s%22:106,%22ce%22:202,%22rq%22:202,%22rp%22:410,%22rpe%22:412,%22di%22:822,%22ds%22:900,%22de%22:912,%22dc%22:3581,%22l%22:3581,%22le%22:3582%7D,%22navigation%22:%7B%7D%7D&fp=854&fcp=854
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.253.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
78c9b8dc420fcfea2333c4bff02f446e16504e8546826315177235827196b8f2

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://samplesource.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 05 Apr 2024 02:22:54 GMT
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
content-type
text/plain
access-control-allow-origin
https://samplesource.com
access-control-expose-headers
Date
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
Connection
keep-alive
timing-allow-origin
https://samplesource.com
Content-Length
148
x-served-by
cache-fra-eddf8230153-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.samplesource.com
URL
https://www.samplesource.com/

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| NREUM object| webpackChunk:NRBA-1.253.0.PROD object| newrelic function| $ function| jQuery object| jQuery111105428329203945701 string| initialEmailValue string| initialCellValue string| initialAddressValue string| initialAptValue string| initialCityValue string| initialCountryValue string| initialProvinceValue string| initialPostalValue function| forceSubmitForm function| forcePartnerRegisterForm function| gtag object| dataLayer function| b function| a object| realtimely string| data_url_new object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal

12 Cookies

Domain/Path Name / Value
samplesource.com/ Name: PHPSESSID
Value: 0fts172ahi35ud792kn2543ed8
.samplesource.com/ Name: _ga_8NKH4X0LYS
Value: GS1.1.1712283771.1.0.1712283771.0.0.0
.samplesource.com/ Name: _ga
Value: GA1.1.455093202.1712283771
www.samplesource.com/ Name: AWSALBTG
Value: gs1kwYkK5vTcD0pE4hYKCCetNZW4ewHHj0Wegt4m1X4LaWkLEx8RQYEtdHUGoE0ruijpAmQEB2dh1dwqAeggVSCO0vwbs2GLVDlaT/USpkX4Okc2J8Mmj5kSSxLlVA99MuJWZpaJeUjjgpyD6LPAtvQno4j6NnO6PQBrxoXY8NT32OEVk0A=
www.samplesource.com/ Name: AWSALBTGCORS
Value: gs1kwYkK5vTcD0pE4hYKCCetNZW4ewHHj0Wegt4m1X4LaWkLEx8RQYEtdHUGoE0ruijpAmQEB2dh1dwqAeggVSCO0vwbs2GLVDlaT/USpkX4Okc2J8Mmj5kSSxLlVA99MuJWZpaJeUjjgpyD6LPAtvQno4j6NnO6PQBrxoXY8NT32OEVk0A=
www.samplesource.com/ Name: AWSALB
Value: +LoevdUwMVR1yhR/Uzt6ougeyMGNRw+H/BMFDAYRua6TI8s0pwPfgHL1UdLyfpEH2PSxiPhMEPwQj3yEg/FUi/RsRciBuuQxStpa2C0V1J3FgvWw3+ZtEtAH4w/1
www.samplesource.com/ Name: AWSALBCORS
Value: +LoevdUwMVR1yhR/Uzt6ougeyMGNRw+H/BMFDAYRua6TI8s0pwPfgHL1UdLyfpEH2PSxiPhMEPwQj3yEg/FUi/RsRciBuuQxStpa2C0V1J3FgvWw3+ZtEtAH4w/1
www.samplesource.com/ Name: PHPSESSID
Value: bsc4v5rni0rfh3i7bbiqhqj1r5
samplesource.com/ Name: AWSALBTG
Value: 7qWulsjKhULpShRlWN97OQ9o3SmXjstBWAiwOcqkPY8ivof5FhEiFgS+xsOaRuxKBaLH6emU2hDGlkIu98n+SiuWtYggr6mVgpJDYVfMiT38RQvsnHXJl9IodaXwK4hYuS3PK+PHITav5DtAfEWK+r5J/PbVVbNleMD//6mbub7sJOsTamk=
samplesource.com/ Name: AWSALBTGCORS
Value: 7qWulsjKhULpShRlWN97OQ9o3SmXjstBWAiwOcqkPY8ivof5FhEiFgS+xsOaRuxKBaLH6emU2hDGlkIu98n+SiuWtYggr6mVgpJDYVfMiT38RQvsnHXJl9IodaXwK4hYuS3PK+PHITav5DtAfEWK+r5J/PbVVbNleMD//6mbub7sJOsTamk=
samplesource.com/ Name: AWSALB
Value: GVbohacNWRpuWd7nNDPiH4FHFoHK2z5vBMTOhN8ah/s6906tODNR780ohFubhEp7AqclSEjIJPgsGKk/zSsS0G/C3ALiPzUS5uzjFmA59X94UKX0eOJOh/8abBUJ
samplesource.com/ Name: AWSALBCORS
Value: GVbohacNWRpuWd7nNDPiH4FHFoHK2z5vBMTOhN8ah/s6906tODNR780ohFubhEp7AqclSEjIJPgsGKk/zSsS0G/C3ALiPzUS5uzjFmA59X94UKX0eOJOh/8abBUJ

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: fullscreen. Values defined in Permissions-Policy header will be used.
security error URL: https://samplesource.com/
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.realtimely.io
bam.nr-data.net
fonts.googleapis.com
js-agent.newrelic.com
region1.google-analytics.com
samplesource.com
ua.realtimely.io
www.googletagmanager.com
www.samplesource.com
www.samplesource.com
162.247.243.29
2001:4860:4802:34::36
2602:816:5001::39
2606:4700:20::681a:bbc
2a00:1450:4001:810::200a
2a00:1450:4001:81d::2008
3.222.158.73
0341022da58ddeaa8e466f5f6aea3e288c356b42cc829d4992609a402be4cc2c
03e121a8b6db6ef0d52c5b7456278e8752cdc866c3d317d7cf2eb3720bf2b452
05947f91fe23f865abe6da5a75f7a39bb5b35ea752c83c97238ea13cde6545a0
086cc811e55486db6cb6d7c3433a8d47c29afd3114ad6e25df674ffaec24cc2f
24f5f5209416cb1bcf2b9a6ea76a4efe25af523dff682c0aa6b456e6443ff8c4
303e8b2c06f07ee6bd4058e41424739f74fcbc5c7e8989085acf5c394d2e79d3
316e9610bbbb344f31d4f93709f37b599b51ed043435d704e23ac0f4283712ef
35671b15460b603bac2db14a425f1fc8ed62edebbc6066ebb7ae05ccd598d5cc
401d9abcac52aad1d5787ae70dec327b3f667c6158719ff43459e1ed127c479f
44b1518cc43b3d752114fb6e2267ee0182444fb8a4cc6e6300712840b72d3f68
44f8a56d427917b5fa0dd7933ba545679be5e6b3b93099e64a4e29c2159f57c0
4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
573035747a1937c7e515ccf1fa3542d702e81015c3324f3817cc1bc94d924b72
59f1c41813b3ec86c38ac3d81e081dfd92677b37b007f6ba8d2997c1afb6b984
62a4c1cd0c1e4738b373461cb96bc29311d30292a7bf81c4bd523e89dd3fda8a
6300ba1c19b24d427fdec05b16c8b7c85f21155097c82ffdced06192a5f70d31
646ef3b2d197aebb633ba93a32485e9b289956697f8e0658d4b642c1aae5997d
6d7aa6bb298937661d993695e32a86a9c891b3cb77e46cda3831bc8ca616c55c
78c9b8dc420fcfea2333c4bff02f446e16504e8546826315177235827196b8f2
8332059e24b7aaa3585e312bb9cd3f35c0a4b16861e52bb216f2abaf0f22fa12
893bdf4c6e638ea14d8c4e4d7e0f9e83da3abee66a1aaabf1d1243f832e0e6c2
a44e0f06869a2f8def8c54d3b17c810957b3ac5c2428438df15ca4effc31f289
a74f8231760b80cd51dedb5c168f9be3d305d8930835add80566e788b6300892
b58fb7d020c67738c39dc9b48415b6d6faf1ba985b107f92a2af5c6a58aaab8f
bddbba35635904eca1d7f9edc74bdbcba04ec0f5a16286fdbd8f78fb0f7e0c6f
c3b53536facfed547d2c1809944ea7c227b43e3e7ae6c833c461066a1d158545
c591b6e341fa0b1049d358914d29d83bea2ff2313982a714fef0fc75f4e5ac30
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
da59d9eff1c01d11a1901b27d595e54126757b1f5a2d6fd3319d95a8f5e1cbb8
e3396046b324a43fd38d90f5ede519bad2323b41de3f9fc0fb4b4a40ce167837
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea60fb337f7672693ab00cd0a4699ef3b720f382b7bfc4e1ac3baa6fe8ff79bb
ee78e49f2b8e2ea508e214441566c33ba6e5f97c93bd44a404a681b1346f7c05
ee8b4c63b428fb78db8978da6ea0e7898dc3b508a15a37bea33703c452945933
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
ffeef03a1f0c9d55344d7d76401137af3572f172654814e850e1f0070b6a9769