urlscan.io logo urlscan.io
SecurityTrails logo

www.xumo.tv Open in urlscan Pro
152.195.39.56  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.xumo.tv/on-now
Effective URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Submission: On October 25 via manual from MX
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 24 IPs in 6 countries across 21 domains to perform 50 HTTP transactions. The main IP is 152.195.39.56, located in United States and belongs to EDGECAST, US. The main domain is www.xumo.tv.
TLS certificate: Issued by GeoTrust RSA CA 2018 on June 26th 2020. Valid for: 2 years.
This is the only time www.xumo.tv was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 152.195.39.56 15133 (EDGECAST)
2 2a04:4e42:1b:... 54113 (FASTLY)
1 4 104.111.238.139 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 65.9.57.72 16509 (AMAZON-02)
3 2600:9000:20f... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
10 2606:2800:134... 15133 (EDGECAST)
1 2600:9000:20f... 16509 (AMAZON-02)
1 151.101.112.157 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 143.204.213.143 16509 (AMAZON-02)
1 34.246.91.36 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.7.115.230 14618 (AMAZON-AES)
1 104.244.42.69 13414 (TWITTER)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f11... 32934 (FACEBOOK)
2 2600:9000:20f... 16509 (AMAZON-02)
1 104.244.42.195 13414 (TWITTER)
50 24
9    152.195.39.56 (United States)

ASN15133 (EDGECAST, US)
www.xumo.tv
2    2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY, US)
cdn.polyfill.io
4    104.111.238.139 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-238-139.deploy.static.akamaitechnologies.com
sb.scorecardresearch.com
1    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    65.9.57.72 (Seattle, United States)

ASN16509 (AMAZON-02, US)
cdn.branch.io
3    2600:9000:20fc:7a00:2:42d9:3100:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn-gl.imrworldwide.com
2    2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
10    2606:2800:134:2a84:b04b:f6ef:8280:dcd7 (United States)

ASN15133 (EDGECAST, US)
valencia-beacons.xumo.com
image.xumo.com
1    2600:9000:20fc:9600:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)
app.link
1    151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    143.204.213.143 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-213-143.fra53.r.cloudfront.net
media-cdn.ipredictive.com
1    34.246.91.36 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-91-36.eu-west-1.compute.amazonaws.com
trends.revcontent.com
2    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    52.7.115.230 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-115-230.compute-1.amazonaws.com
ad.ipredictive.com
1    104.244.42.69 (United States)

ASN13414 (TWITTER, US)
t.co
1    2a00:1450:4001:821::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2600:9000:20fc:a00:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)
api2.branch.io
1    104.244.42.195 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
Domain Requested by
9 www.xumo.tv 1 redirects www.xumo.tv
7 image.xumo.com www.xumo.tv
4 sb.scorecardresearch.com 1 redirects www.xumo.tv
www.googletagmanager.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.xumo.tv
3 valencia-beacons.xumo.com www.xumo.tv
3 cdn-gl.imrworldwide.com www.xumo.tv
cdn-gl.imrworldwide.com
2 api2.branch.io cdn.branch.io
2 www.facebook.com www.xumo.tv
2 connect.facebook.net www.xumo.tv
connect.facebook.net
2 fonts.gstatic.com fonts.googleapis.com
2 cdn.polyfill.io www.xumo.tv
1 analytics.twitter.com static.ads-twitter.com
1 www.google.de www.xumo.tv
1 www.google.com www.xumo.tv
1 t.co www.xumo.tv
1 ad.ipredictive.com www.xumo.tv
1 stats.g.doubleclick.net www.google-analytics.com
1 trends.revcontent.com www.xumo.tv
1 media-cdn.ipredictive.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 app.link cdn.branch.io
1 cdn.branch.io www.xumo.tv
1 www.googletagmanager.com www.xumo.tv
1 fonts.googleapis.com www.xumo.tv
50 24

This site contains links to these domains. Also see Links.

Domain
www.xumo.com
Subject Issuer Validity Valid
*.xumo.tv
GeoTrust RSA CA 2018		 2020-06-26 -
2022-06-27		 2 years crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-10-05 -
2021-04-17		 6 months crt.sh
sb.scorecardresearch.com
DigiCert Secure Site ECC CA-1		 2020-07-17 -
2021-06-02		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.branch.io
DigiCert SHA2 Secure Server CA		 2018-12-05 -
2020-12-08		 2 years crt.sh
*.imrworldwide.com
DigiCert SHA2 Secure Server CA		 2020-01-21 -
2021-02-24		 a year crt.sh
*.gstatic.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.xumo.com
DigiCert SHA2 Secure Server CA		 2020-04-06 -
2022-05-25		 2 years crt.sh
appipv4.link
Amazon		 2020-07-22 -
2021-08-22		 a year crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA		 2020-08-14 -
2021-08-19		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-09-11 -
2020-12-10		 3 months crt.sh
*.ipredictive.com
Amazon		 2020-06-11 -
2021-07-11		 a year crt.sh
revcontent.com
Amazon		 2020-07-08 -
2021-08-08		 a year crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
t.co
DigiCert SHA2 High Assurance Server CA		 2020-03-05 -
2021-03-02		 a year crt.sh
www.google.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA		 2020-03-05 -
2021-03-02		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.xumo.tv/on-now/9999247/nbc-news-now
Frame ID: 028FDE138326B631C791670EDEEC2297
Requests: 49 HTTP requests in this frame

Frame: https://cdn-gl.imrworldwide.com/novms/html/ls.html
Frame ID: 15B4A3E8EAE4C285D831560D72939B3C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.xumo.tv/on-now HTTP 302
    https://www.xumo.tv/on-now/9999247/nbc-news-now Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^ECS/i
Overall confidence: 100%
Detected patterns
  • html /<[^>]+data-react/i
Overall confidence: 100%
Detected patterns
  • headers server /^ECS/i
Overall confidence: 100%
Detected patterns
  • headers server /^ECS/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:ECAcc|ECS|ECD)/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

50
Requests

100 %
HTTPS

63 %
IPv6

21
Domains

24
Subdomains

24
IPs

6
Countries

1003 kB
Transfer

3010 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.xumo.tv/on-now HTTP 302
    https://www.xumo.tv/on-now/9999247/nbc-news-now Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 31
  • https://sb.scorecardresearch.com/b?c1=2&c2=20010499&ns__t=1603660459213&ns_c=UTF-8&c8=On%20Now%20-%20NBC%20News%20NOW%20%7C%20XUMO&c7=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=20010499&ns__t=1603660459213&ns_c=UTF-8&c8=On%20Now%20-%20NBC%20News%20NOW%20%7C%20XUMO&c7=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&c9=&cs_ak_ss=1

50 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request nbc-news-now
www.xumo.tv/on-now/9999247/
Redirect Chain
  • https://www.xumo.tv/on-now
  • https://www.xumo.tv/on-now/9999247/nbc-news-now
899 KB
128 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.39.56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/419E) /
Resource Hash
70272620a3334e8ba7b240116353d97e66defcc3b0f09662b6c5458590e360f1
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Security-Policy child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.xumo.tv
:scheme
https
:path
/on-now/9999247/nbc-news-now
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
content-encoding
gzip
accept-ranges
bytes
access-control-allow-origin
*
age
1174
cache-control
max-age=900
content-security-policy
child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
content-type
text/html; charset=utf-8
date
Sun, 25 Oct 2020 21:14:18 GMT
etag
W/"e0ad3-aGcbNpboy8nylEeiVeDrAWfmY+o"
expires
Sun, 25 Oct 2020 21:29:18 GMT
last-modified
Sun, 25 Oct 2020 20:54:45 GMT
server
ECS (fcn/419E)
vary
Accept-Encoding
via
1.1 vegur
x-cache
HIT
x-content-security-policy
child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-webkit-csp
child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
x-xss-protection
1; mode=block
content-length
127985

Redirect headers

status
302
access-control-allow-origin
*
cache-control
max-age=900
content-security-policy
child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
date
Sun, 25 Oct 2020 21:14:18 GMT
expires
Sun, 25 Oct 2020 21:29:18 GMT
location
/on-now/9999247/nbc-news-now
server
Cowboy
via
1.1 vegur
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
index-9dc750e8a4473229ab64.css
www.xumo.tv/client/ 		39 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.xumo.tv/client/index-9dc750e8a4473229ab64.css
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.39.56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/41AE) /
Resource Hash
8661978d88b970174a5b3111c4c9117e250b453b27484d728453f9bd601a892d
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Security-Policy child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
content-encoding
gzip
x-content-type-options
nosniff
age
656
x-cache
HIT
status
200
vary
Accept-Encoding
content-length
7145
etag
W/"9ac6-1754ba0a2a0"
access-control-allow-origin
*
expires
Sun, 25 Oct 2020 21:29:18 GMT
last-modified
Wed, 21 Oct 2020 14:47:00 GMT
server
ECS (fcn/41AE)
date
Sun, 25 Oct 2020 21:14:18 GMT
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
text/css; charset=UTF-8
via
1.1 vegur
x-xss-protection
1; mode=block
cache-control
max-age=900
accept-ranges
bytes
x-webkit-csp
child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
x-content-security-policy
child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
appButton-AppStore@2x.png
www.xumo.tv/images/ 		5 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.xumo.tv/images/appButton-AppStore@2x.png
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.39.56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/41A6) /
Resource Hash
064cd7955fa794dedfb434b581ab3bbaa8cea5af4d980720b0ada2134d991e2a
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Security-Policy child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
via
1.1 vegur
x-content-type-options
nosniff
x-content-security-policy
child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
age
656
x-cache
HIT
status
200
content-length
4900
x-xss-protection
1; mode=block
last-modified
Wed, 21 Oct 2020 14:45:24 GMT
server
ECS (fcn/41A6)
date
Sun, 25 Oct 2020 21:14:18 GMT
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=900
etag
W/"1324-1754b9f2ba0"
accept-ranges
bytes
x-webkit-csp
child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
expires
Sun, 25 Oct 2020 21:29:18 GMT
appButton-GooglePlay@2x.png
www.xumo.tv/images/ 		6 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.xumo.tv/images/appButton-GooglePlay@2x.png
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.39.56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/419A) /
Resource Hash
41827ad9edf07853f0bfbc4a3ca8a2328e2d3e7215022b5fbd86d3a1acceae6f
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Security-Policy child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
via
1.1 vegur
x-content-type-options
nosniff
x-content-security-policy
child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
age
656
x-cache
HIT
status
200
content-length
6558
x-xss-protection
1; mode=block
last-modified
Wed, 21 Oct 2020 14:45:24 GMT
server
ECS (fcn/419A)
date
Sun, 25 Oct 2020 21:14:18 GMT
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=900
etag
W/"199e-1754b9f2ba0"
accept-ranges
bytes
x-webkit-csp
child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
expires
Sun, 25 Oct 2020 21:29:18 GMT
polyfill.min.js
cdn.polyfill.io/v2/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.polyfill.io/v2/polyfill.min.js?features=default,es6&flags=gated
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
439b453be0952fb5dda4026b3b2ace4e901ba84d13e823d71ec3d4431dc1763b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
x-content-type-options
nosniff
content-type
text/javascript; charset=utf-8
age
13468501
detected-user-agent
Chrome/83.0.4103
status
200
request_came_from_shield
HHN
server-timing
HIT, fastly;desc="Edge time";dur=0, HIT-CLUSTER, fastly;desc="Edge time";dur=1
content-length
980
referrer-policy
origin-when-cross-origin
last-modified
Fri, 22 May 2020 20:11:24 GMT
date
Sun, 25 Oct 2020 21:14:18 GMT
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
normalized-user-agent
chrome/83.0.0
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges
bytes
timing-allow-origin
*
index-9dc750e8a4473229ab64.js
www.xumo.tv/client/ 		614 KB
176 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.xumo.tv/client/index-9dc750e8a4473229ab64.js
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.39.56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40D8) /
Resource Hash
a282b6422011aa459fa950dc62e35107b5011b9d1997cc8c9f279494fb2921c4
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Security-Policy child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
content-encoding
gzip
x-content-type-options
nosniff
age
656
x-cache
HIT
status
200
vary
Accept-Encoding
content-length
176445
etag
W/"9987f-1754ba0a2a0"
access-control-allow-origin
*
expires
Sun, 25 Oct 2020 21:29:18 GMT
last-modified
Wed, 21 Oct 2020 14:47:00 GMT
server
ECS (fcn/40D8)
date
Sun, 25 Oct 2020 21:14:18 GMT
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript
via
1.1 vegur
x-xss-protection
1; mode=block
cache-control
max-age=900
accept-ranges
bytes
x-webkit-csp
child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
x-content-security-policy
child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
streamingtag_plugin_jwplayer.js
sb.scorecardresearch.com/c2/plugins/ 		210 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/c2/plugins/streamingtag_plugin_jwplayer.js
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-238-139.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
96281150fc4b153640ffd15f9ce9a133ee631aecb0f955cd67974e72af74ae64

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 25 Oct 2020 21:14:18 GMT
Content-Encoding
gzip
Last-Modified
Wed, 23 Sep 2020 11:19:16 GMT
ETag
"45e1b1186d270bf042fe7ed57882f85b:1600859956.005702"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=259200
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
Expires
Wed, 28 Oct 2020 21:14:18 GMT
css
fonts.googleapis.com/ 		5 KB
747 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato|Raleway:300,400,800
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/client/index-9dc750e8a4473229ab64.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
acf140e030e142954ada508bf924ac3414bf138fa752559d87252e40ada37539
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.xumo.tv/client/index-9dc750e8a4473229ab64.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 25 Oct 2020 21:14:18 GMT
server
ESF
date
Sun, 25 Oct 2020 21:14:18 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 25 Oct 2020 21:14:18 GMT
gtm.js
www.googletagmanager.com/ 		134 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PWGQZ7T&gtm_auth=gnBbfwpbBh_Wgtggul3AZw&gtm_preview=env-2&gtm_cookies_win=x
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1949652be6cfc4b953d0a79edc7a2c16b9cbf191d40cb8a64b955af094d062fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:18 GMT
content-encoding
br
vary
*
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46439
x-xss-protection
0
pragma
no-cache
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 01 Jan 1990 00:00:00 GMT
branch-latest.min.js
cdn.branch.io/ 		77 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.branch.io/branch-latest.min.js
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
65.9.57.72 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bd267f2d0d68c6d1883bb9f9b5e5b732bde49a492ac19234401072a0a9f42328

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
qUsVXa2CqXuPs.NGFn3NydCCxKekLUxX
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Tue, 20 Oct 2020 19:39:43 GMT
Server
AmazonS3
Age
245
ETag
"f86b6ccc32abe890cf40cbf300bb0d9c"
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Via
1.1 2f7792bdc67f7953e2dce93aea1bb9ee.cloudfront.net (CloudFront)
Cache-Control
max-age=300
Date
Sun, 25 Oct 2020 21:10:19 GMT
X-Amz-Cf-Pop
ARN54-C1
Content-Length
23343
X-Amz-Cf-Id
JmYSW2tTqWxjIptZlCGqzNWTzrUghrkF_E_UslPHsl8HXKI4_LfmNw==
PB893CB22-9072-4FB1-86F7-4F738233E34B.js
cdn-gl.imrworldwide.com/conf/ 		29 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/conf/PB893CB22-9072-4FB1-86F7-4F738233E34B.js
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20fc:7a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ae534b69f8d95e349e4ca2ad90f821e3f024777a6430a13808670838c533024d

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
Wpc4RJiuZwyh4bgFl9cRryZcApdOGdKG
content-encoding
gzip
etag
"e4b557ec810c50c94be4404ebe716cc3"
last-modified
Sat, 24 Oct 2020 07:17:35 GMT
server
AmazonS3
x-amz-cf-pop
ARN54-C1
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
max-age=86400,s-maxage=86400
date
Sun, 25 Oct 2020 21:14:18 GMT
x-amz-cf-id
ENSWlf74XuqXl8Ks6wOQkQP1Ek3T5x4_JVJAAqxFYtB1FXL-V2-vxw==
via
1.1 5f5aa47bb337704a0ad6f14b5e9a076b.cloudfront.net (CloudFront)
arrow-Combo12x8@2x.png
www.xumo.tv/images/ 		254 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.xumo.tv/images/arrow-Combo12x8@2x.png
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/client/index-9dc750e8a4473229ab64.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.39.56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/41AE) /
Resource Hash
ce10183fa64e6aa8d63dfc67b6a7188060161f7f2615abe7bfbf38d0e2bc8ad7
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.xumo.tv/client/index-9dc750e8a4473229ab64.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
via
1.1 vegur
x-content-type-options
nosniff
age
1651
x-cache
HIT
status
200
content-length
254
x-xss-protection
1; mode=block
last-modified
Wed, 21 Oct 2020 14:45:24 GMT
server
ECS (fcn/41AE)
date
Sun, 25 Oct 2020 21:14:18 GMT
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=900
etag
W/"fe-1754b9f2ba0"
accept-ranges
bytes
expires
Sun, 25 Oct 2020 21:29:18 GMT
1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
fonts.gstatic.com/s/raleway/v18/ 		41 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v18/1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato|Raleway:300,400,800
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb0c201f0ca67e745869967d48db2e90bf01353d1f305959d487291cab6d0755
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.xumo.tv
Referer
https://fonts.googleapis.com/css?family=Lato|Raleway:300,400,800
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 19 Oct 2020 20:00:29 GMT
x-content-type-options
nosniff
last-modified
Wed, 30 Sep 2020 20:45:21 GMT
server
sffe
age
522829
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42444
x-xss-protection
0
expires
Tue, 19 Oct 2021 20:00:29 GMT
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v17/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato|Raleway:300,400,800
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.xumo.tv
Referer
https://fonts.googleapis.com/css?family=Lato|Raleway:300,400,800
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 21 Oct 2020 11:20:36 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:12:59 GMT
server
sffe
age
381222
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14044
x-xss-protection
0
expires
Thu, 21 Oct 2021 11:20:36 GMT
polyfill.min.js
cdn.polyfill.io/v2/ 		4 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.polyfill.io/v2/polyfill.min.js?features=default,es6&flags=gated
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
439b453be0952fb5dda4026b3b2ace4e901ba84d13e823d71ec3d4431dc1763b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
x-content-type-options
nosniff
content-type
text/javascript; charset=utf-8
age
13468501
detected-user-agent
Chrome/83.0.4103
status
200
request_came_from_shield
HHN
server-timing
HIT, fastly;desc="Edge time";dur=0, HIT, fastly;desc="Edge time";dur=1
content-length
980
referrer-policy
origin-when-cross-origin
last-modified
Fri, 22 May 2020 20:11:24 GMT
date
Sun, 25 Oct 2020 21:14:19 GMT
access-control-allow-methods
GET,HEAD,OPTIONS
normalized-user-agent
chrome/83.0.0
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges
bytes
timing-allow-origin
*
index.html
www.xumo.tv/geo-check/ 		345 B
446 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.xumo.tv/geo-check/index.html
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/client/index-9dc750e8a4473229ab64.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.39.56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/41A7) /
Resource Hash
d9f7e0aa1bff501986995b7c69742a14f373819ab6ecd599af29d67f9d8b4794

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
403
date
Sun, 25 Oct 2020 21:14:19 GMT
cache-control
max-age=900
server
ECS (fcn/41A7)
content-type
text/html
content-length
345
expires
Sun, 25 Oct 2020 21:29:19 GMT
impression.json
valencia-beacons.xumo.com/content/v2/ 		0
239 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://valencia-beacons.xumo.com/content/v2/impression.json?eventType=appStart&clientVersion=1.22.0&timestamp=1603660459121&deviceId=undefined&sessionId=16036604591219367549477&pageViewId=160366045912193675494778389782145
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/client/index-9dc750e8a4473229ab64.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:2a84:b04b:f6ef:8280:dcd7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/418F) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:18 GMT
via
1.1 google
server
ECS (fcn/418F)
status
202
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
access-control-allow-origin
*
cache-control
no-cache, no-store
access-control-allow-credentials
true
access-control-allow-headers
accept, authorization, origin, content-type
content-length
0
impression.json
valencia-beacons.xumo.com/content/v2/ 		0
46 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://valencia-beacons.xumo.com/content/v2/impression.json?eventType=appReport&clientVersion=1.22.0&timestamp=1603660459121&deviceId=870b6022-607b-0765-fe47-05dcf5dd900b&sessionId=16036604591219367549477&pageViewId=160366045912193675494778389782145&viewedItems=mobile%3Dfalse&assetId=undefined
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/client/index-9dc750e8a4473229ab64.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:2a84:b04b:f6ef:8280:dcd7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/418F) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
via
1.1 google
server
ECS (fcn/418F)
status
202
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
access-control-allow-origin
*
cache-control
no-cache, no-store
access-control-allow-credentials
true
access-control-allow-headers
accept, authorization, origin, content-type
content-length
0
2-599d17832b51bdf23a42.js
www.xumo.tv/client/ 		80 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.xumo.tv/client/2-599d17832b51bdf23a42.js
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/client/index-9dc750e8a4473229ab64.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.195.39.56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/41A9) /
Resource Hash
14f6630350c4be6046d8329072a1a76800e8d2076c7d440802badab6b8adb48e
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Security-Policy child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
content-encoding
gzip
x-content-type-options
nosniff
age
1652
x-cache
HIT
status
200
vary
Accept-Encoding
content-length
18199
etag
W/"13fff-1754ba0a2a0"
access-control-allow-origin
*
expires
Sun, 25 Oct 2020 21:29:19 GMT
last-modified
Wed, 21 Oct 2020 14:47:00 GMT
server
ECS (fcn/41A9)
date
Sun, 25 Oct 2020 21:14:19 GMT
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript
via
1.1 vegur
x-xss-protection
1; mode=block
cache-control
max-age=900
accept-ranges
bytes
x-content-security-policy
child-src 'self' blob:; connect-src * blob:; default-src 'self' *.googlesyndication.com; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
nlsSDK600.bundle.min.js
cdn-gl.imrworldwide.com/novms/js/2/ 		172 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/conf/PB893CB22-9072-4FB1-86F7-4F738233E34B.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20fc:7a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
45d44ed1def934ce3674420609b209ffe6f2b5d4d3a8b7ba9ac3fa7ff9eabafb

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 20:47:33 GMT
content-encoding
gzip
age
1607
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
last-modified
Wed, 14 Oct 2020 13:35:39 GMT
server
AmazonS3
etag
W/"f371dd53681d6f05ee150610e7fe689e"
vary
Accept-Encoding
x-amz-version-id
ZQzG2EPqC8W3xxwHV.boVXmF7_bxCufj
via
1.1 5f5aa47bb337704a0ad6f14b5e9a076b.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
ARN54-C1
content-type
application/javascript
x-amz-cf-id
2fRwz7mpG9l4thcG8Jm89DFqgoLn4cSk53ZGKOQME9fby28miusNog==
_r
app.link/ 		90 B
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.link/_r?sdk=web2.56.2&branch_key=key_live_lhaJ6uCpRmpgXL09vDvH9mogsCcOnpMj&callback=branch_callback__0
Requested by
Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20fc:9600:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty / Express
Resource Hash
4cb8ac2299a072ea6335a63c29810cff2d0418bb1d84ae807a83f7858d344c41
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 25 Oct 2020 21:14:19 GMT
Via
1.1 432d52d55ad517cddd9081b248b2f116.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Server
openresty
X-Amz-Cf-Pop
ARN54-C1
X-Powered-By
Express
X-Cache
Miss from cloudfront
Content-Type
text/javascript; charset=utf-8
Connection
keep-alive
Content-Length
90
ETag
W/"5a-GNhq9FmAh79TpbMHp7lNGPP9IIQ"
X-Amz-Cf-Id
6HTfQ1O_FRKRFQhiDBB_AdZJ5i9ldlmY_6E62zId0or3I-gLiRI77A==
300x300.png
image.xumo.com/v1/channels/channel/9999247/ 		101 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.xumo.com/v1/channels/channel/9999247/300x300.png?type=smartCast_channelTile
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:2a84:b04b:f6ef:8280:dcd7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40EA) /
Resource Hash
c75f9d352ea5d68377a0dc4a9061074854d6ac2eee3efe890908a0d7ef222ef7

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
via
1.1 google
age
23406526
x-cache
HIT
status
200
content-length
103423
last-modified
Tue, 28 Jan 2020 23:25:34 GMT
server
ECS (fcn/40EA)
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=21600, s-maxage=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
accept, authorization, origin, content-type
expires
Mon, 26 Oct 2020 03:14:18 GMT
300x300.png
image.xumo.com/v1/channels/channel/9999247/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.xumo.com/v1/channels/channel/9999247/300x300.png?type=color_onBlack
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:2a84:b04b:f6ef:8280:dcd7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40EA) /
Resource Hash
d8e2d314460b1448484d472fa21d5f0c4ae8d4e8b0ecad6896edc25b33328931

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
via
1.1 google
age
23406533
x-cache
HIT
status
200
content-length
17013
last-modified
Tue, 28 Jan 2020 23:25:26 GMT
server
ECS (fcn/40EA)
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=21600, s-maxage=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
accept, authorization, origin, content-type
expires
Mon, 26 Oct 2020 03:14:19 GMT
248x140.png
image.xumo.com/v1/channels/channel/9999247/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.xumo.com/v1/channels/channel/9999247/248x140.png?type=channelTile
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:2a84:b04b:f6ef:8280:dcd7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/41A7) /
Resource Hash
07591c8ec3d60e53b117c901d3331824945331df2e1b1b9671cf045a1631c4de

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
via
1.1 google
age
23406552
x-cache
HIT
status
200
content-length
54097
last-modified
Tue, 28 Jan 2020 23:25:08 GMT
server
ECS (fcn/41A7)
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=21600, s-maxage=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
accept, authorization, origin, content-type
expires
Mon, 26 Oct 2020 03:14:18 GMT
300x300.png
image.xumo.com/v1/channels/channel/9999377/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.xumo.com/v1/channels/channel/9999377/300x300.png?type=color_onBlack
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:2a84:b04b:f6ef:8280:dcd7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40FE) /
Resource Hash
15066e070c0c0f96ff398a57092d23f249cc33630c6bbfbde29c83ac0164ef1e

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
via
1.1 google
age
22624779
x-cache
HIT
status
200
content-length
7141
last-modified
Fri, 07 Feb 2020 00:34:41 GMT
server
ECS (fcn/40FE)
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=21600, s-maxage=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
accept, authorization, origin, content-type
expires
Mon, 26 Oct 2020 03:14:19 GMT
248x140.png
image.xumo.com/v1/channels/channel/9999377/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.xumo.com/v1/channels/channel/9999377/248x140.png?type=channelTile
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:2a84:b04b:f6ef:8280:dcd7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/41AF) /
Resource Hash
2ff510dbf0591bf09bfcdc904e95d6aff78a8b71b4995a6ed642dc253abd18a8

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
via
1.1 google
age
22624680
x-cache
HIT
status
200
content-length
46796
last-modified
Fri, 07 Feb 2020 00:36:20 GMT
server
ECS (fcn/41AF)
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=21600, s-maxage=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
accept, authorization, origin, content-type
expires
Mon, 26 Oct 2020 03:14:18 GMT
300x300.png
image.xumo.com/v1/channels/channel/9999158/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.xumo.com/v1/channels/channel/9999158/300x300.png?type=color_onBlack
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:2a84:b04b:f6ef:8280:dcd7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40E7) /
Resource Hash
df765a093fc6bfc783d0f2f8813a28e8eb2c15711488110bdc39af1268febbf8

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
via
1.1 google
age
13125259
x-cache
HIT
status
200
content-length
8773
last-modified
Tue, 26 May 2020 23:20:02 GMT
server
ECS (fcn/40E7)
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=21600, s-maxage=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
accept, authorization, origin, content-type
expires
Mon, 26 Oct 2020 03:14:17 GMT
248x140.png
image.xumo.com/v1/channels/channel/9999158/ 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.xumo.com/v1/channels/channel/9999158/248x140.png?type=channelTile
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:2a84:b04b:f6ef:8280:dcd7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/40B6) /
Resource Hash
e9869727d83302ebabceb2792b4fd6bf5ed174cf5f73b74f77da0328d23de202

Request headers

Referer
https://www.xumo.tv/on-now/9999247/nbc-news-now
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
via
1.1 google
age
13297035
x-cache
HIT
status
200
content-length
55068
last-modified
Sun, 24 May 2020 23:37:05 GMT
server
ECS (fcn/40B6)
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=21600, s-maxage=31536000
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
accept, authorization, origin, content-type
expires
Mon, 26 Oct 2020 03:14:18 GMT
uwt.js
static.ads-twitter.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWGQZ7T&gtm_auth=gnBbfwpbBh_Wgtggul3AZw&gtm_preview=env-2&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
content-encoding
gzip
age
85306
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1958
x-served-by
cache-hhn4075-HHN
last-modified
Wed, 21 Oct 2020 21:46:56 GMT
x-timer
S1603660459.287829,VS0,VE0
etag
"a4cc3f907681b24a3efd540acd5d2996+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWGQZ7T&gtm_auth=gnBbfwpbBh_Wgtggul3AZw&gtm_preview=env-2&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Sep 2020 01:50:37 GMT
server
Golfe2
age
7111
date
Sun, 25 Oct 2020 19:15:48 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18650
expires
Sun, 25 Oct 2020 21:15:48 GMT
fbevents.js
connect.facebook.net/en_US/ 		88 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/on-now/9999247/nbc-news-now
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
23070
x-xss-protection
0
pragma
public
x-fb-debug
/T5pG/Y9rb1+7+H6Piu7P8X2rvFEQUNTQI9ebkaGrMtJenDMnDxaZ+4ccT/sj2nty8QkNylQd1nXz8p14ekX1A==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Sun, 25 Oct 2020 21:14:19 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
expires
Sat, 01 Jan 2000 00:00:00 GMT
cirt_v2.min.js
media-cdn.ipredictive.com/js/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://media-cdn.ipredictive.com/js/cirt_v2.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWGQZ7T&gtm_auth=gnBbfwpbBh_Wgtggul3AZw&gtm_preview=env-2&gtm_cookies_win=x
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.213.143 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-213-143.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4308b770a8f544c1fc4487836df776d7a8a4170b0947e45c9b748369846ee115

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 25 Oct 2020 03:02:29 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Jun 2016 03:48:58 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:501/gname:staff/uname:tpu/gid:20/mode:33188/mtime:1466480833/atime:1466480865/md5:06959ee0164f60e0f6954610590aff8e/ctime:1466480833
Age
65511
ETag
W/"06959ee0164f60e0f6954610590aff8e"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 1764af62d635a1a6ee51aabc37405452.cloudfront.net (CloudFront)
Connection
keep-alive
Transfer-Encoding
chunked
X-Amz-Cf-Pop
FRA53-C1
X-Amz-Cf-Id
BjtSQFJQlrp-4SFSHdu0KFNGARocH5kqqq14nNYUjAwnfC9cak2HOQ==
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=20010499&ns__t=1603660459213&ns_c=UTF-8&c8=On%20Now%20-%20NBC%20News%20NOW%20%7C%20XUMO&c7=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&c9=
  • https://sb.scorecardresearch.com/b2?c1=2&c2=20010499&ns__t=1603660459213&ns_c=UTF-8&c8=On%20Now%20-%20NBC%20News%20NOW%20%7C%20XUMO&c7=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&c9=&cs_ak_ss=1
0
528 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=20010499&ns__t=1603660459213&ns_c=UTF-8&c8=On%20Now%20-%20NBC%20News%20NOW%20%7C%20XUMO&c7=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&c9=&cs_ak_ss=1
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/geo-block
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-238-139.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 25 Oct 2020 21:14:19 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=2&c2=20010499&ns__t=1603660459213&ns_c=UTF-8&c8=On%20Now%20-%20NBC%20News%20NOW%20%7C%20XUMO&c7=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&c9=&cs_ak_ss=1
Pragma
no-cache
Date
Sun, 25 Oct 2020 21:14:19 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
conv.php
trends.revcontent.com/ 		49 B
417 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trends.revcontent.com/conv.php?t=Jy0GPDM%2B35spVAtRYFkMr4Bb3WZACj3kQ5KMg6XQwxDNi3MVhwCi%2B0rjJcJ0R0ms&gtmcb=329193852
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/geo-block
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.246.91.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-246-91-36.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.25 (Debian) /
Resource Hash
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
Security Headers
Name Value
Strict-Transport-Security max-age=931536000; includeSubDomains

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Oct 2020 21:14:19 GMT
last-modified
Sun, 25 Oct 2020 21:14:19 GMT
server
Apache/2.4.25 (Debian)
cache-control
public, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
status
200
strict-transport-security
max-age=931536000; includeSubDomains
content-type
image/gif
access-control-allow-origin
https://www.xumo.tv
timestamp
1603660459
access-control-allow-credentials
true
content-length
49
expires
Mon, 23 Jul 2002 05:00:00 GMT
impression.json
valencia-beacons.xumo.com/content/v2/ 		0
23 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://valencia-beacons.xumo.com/content/v2/impression.json?eventType=pageView&clientVersion=1.22.0&timestamp=1603660459346&deviceId=870b6022-607b-0765-fe47-05dcf5dd900b&sessionId=16036604591219367549477&pageViewId=160366045912193675494778389782145&pageId=geoBlockScreen&channelId=0
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/client/index-9dc750e8a4473229ab64.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:2a84:b04b:f6ef:8280:dcd7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (fcn/418F) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
via
1.1 google
server
ECS (fcn/418F)
status
202
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
access-control-allow-origin
*
cache-control
no-cache, no-store
access-control-allow-credentials
true
access-control-allow-headers
accept, authorization, origin, content-type
content-length
0
collect
www.google-analytics.com/j/ 		2 B
64 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j86&a=1499510122&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&ul=en-us&de=UTF-8&dt=On%20Now%20-%20NBC%20News%20NOW%20%7C%20XUMO&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1051663039&gjid=1219914846&cid=1342798277.1603660459&tid=UA-59849642-23&_gid=1022922241.1603660459&_r=1&gtm=2wgae1PWGQZ7T&z=1805411285
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 25 Oct 2020 21:14:19 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://www.xumo.tv
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j86&a=1499510122&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&ul=en-us&de=UTF-8&dt=On%20Now%20-%20NBC%20News%20NOW%20%7C%20XUMO&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=&gjid=&cid=1342798277.1603660459&tid=UA-59849642-23&_gid=1022922241.1603660459&gtm=2wgae1PWGQZ7T&z=1112035610
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/geo-block
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Oct 2020 15:48:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
19561
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ls.html
cdn-gl.imrworldwide.com/novms/html/ Frame 15B4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn-gl.imrworldwide.com/novms/html/ls.html
Requested by
Host: cdn-gl.imrworldwide.com
URL: https://cdn-gl.imrworldwide.com/novms/js/2/nlsSDK600.bundle.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20fc:7a00:2:42d9:3100:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

:method
GET
:authority
cdn-gl.imrworldwide.com
:scheme
https
:path
/novms/html/ls.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.xumo.tv/geo-block
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.xumo.tv/geo-block

Response headers

status
200
content-type
text/html
last-modified
Wed, 14 Oct 2020 13:35:38 GMT
x-amz-server-side-encryption
AES256
x-amz-version-id
T6NZJgp4VrusmGuRqxgYfwvhEIID.g55
server
AmazonS3
content-encoding
gzip
date
Sun, 25 Oct 2020 20:16:31 GMT
etag
"7fa83dfc7b78314b137e2eb13834daa7"
cache-control
max-age=86400
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 5f5aa47bb337704a0ad6f14b5e9a076b.cloudfront.net (CloudFront)
x-amz-cf-pop
ARN54-C1
x-amz-cf-id
18vc-Eo4YJiCeTAlEax4kQJpCs7oPWbBWPZdYyvPl_PuU3vGyR3qjA==
age
3469
collect
stats.g.doubleclick.net/j/ 		4 B
86 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-59849642-23&cid=1342798277.1603660459&jid=1051663039&gjid=1219914846&_gid=1022922241.1603660459&_u=YEBAAEAAAAAAAC~&z=1826563893
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sun, 25 Oct 2020 21:14:19 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://www.xumo.tv
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
952158421515503
connect.facebook.net/signals/config/ 		234 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/952158421515503?v=2.9.27&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
59844e133fef3bf7cb2ab86ef05af5d085c56e9ef4f10cb97a40b92ca9e49fcc
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
69813
x-xss-protection
0
pragma
public
x-fb-debug
MkrU1p0YcNF81ipN/Zxt5VsDS2v3GJXWdXTK/ZZwidy6jtxUFm+t9wr1vMDh7Xn0t/VqNwyoDgL740yIIeUdVA==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Sun, 25 Oct 2020 21:14:19 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel
ad.ipredictive.com/d/rt/ 		631 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.ipredictive.com/d/rt/pixel?uuid=b752e089-0d8a-41fc-85d3-d2c85da8b1ca&rtsite_id=25092&sdk_src=js&ts=1603660459&rr=932142872244947&sdkv=1.0.0-beta&res=1600x1200&cookie=1&ref=&dloc=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&ds=1&xp_pdf=0&xp_qt=0&xp_realp=0&xp_wma=0&xp_dir=0&xp_fla=0&xp_java=0&xp_gears=0&xp_ag=0&event=pageview&ev_pageview=%7B%22url%22%3A%22https%3A%2F%2Fwww.xumo.tv%2Fgeo-block%22%2C%22title%22%3A%22On%20Now%20-%20NBC%20News%20NOW%20%7C%20XUMO%22%7D
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/geo-block
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.7.115.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-7-115-230.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
25cf0f0ce42f8acd9ea6facc223f54105c7fd0cce63fb7bb5d83e6600100acbd

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 25 Oct 2020 21:14:19 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
631
X-CI-RTID
0bfc83c2-1707-11eb-95f9-eb82160be94a
Content-Type
image/jpeg
adsct
t.co/i/ 		43 B
448 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nvxnb&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/geo-block
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
115
pragma
no-cache
last-modified
Sun, 25 Oct 2020 21:14:19 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
cfba53b2519418d4b0e96ad9cef16a81
x-transaction
00bf722a0007d818
expires
Tue, 31 Mar 1981 05:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-59849642-23&cid=1342798277.1603660459&jid=1051663039&_u=YEBAAEAAAAAAAC~&z=1038628403
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/geo-block
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Oct 2020 21:14:19 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-59849642-23&cid=1342798277.1603660459&jid=1051663039&_u=YEBAAEAAAAAAAC~&z=1038628403
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/geo-block
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Oct 2020 21:14:19 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
323 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=952158421515503&ev=ViewContent&dl=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&rl=&if=false&ts=1603660459440&sw=1600&sh=1200&v=2.9.27&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1603660459438.1405272533&it=1603660459409&coo=false&rqm=GET
Requested by
Host: www.xumo.tv
URL: https://www.xumo.tv/geo-block
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Sun, 25 Oct 2020 21:14:19 GMT
open
api2.branch.io/v1/ 		303 B
584 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api2.branch.io/v1/open
Requested by
Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20fc:a00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
d23c96be4e5045b039b34018678706a5f989462207ba555e3ec4e494b16ca286

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
via
1.1 660625642e0df86c41275db1ce1ac923.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
ARN54-C1
status
200
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache
content-length
303
x-amz-cf-id
z2qqeNG0rSFGI7Z8NDWmthm9rI0cdI8BouMyI4TqEj5BtGUCBBhvpQ==
pageview
api2.branch.io/v1/ 		28 B
356 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api2.branch.io/v1/pageview
Requested by
Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20fc:a00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty / Express
Resource Hash
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
via
1.1 660625642e0df86c41275db1ce1ac923.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
ARN54-C1
x-powered-by
Express
etag
W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
status
200
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
content-length
28
x-amz-cf-id
WJSHn2UEWPCSOMKZoObK8aZAwTqM-dKVs3D5vCCtG7kMOzPz9hlutQ==
cs.js
sb.scorecardresearch.com/c2/20010499/ 		0
400 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/c2/20010499/cs.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWGQZ7T&gtm_auth=gnBbfwpbBh_Wgtggul3AZw&gtm_preview=env-2&gtm_cookies_win=x
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.238.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-238-139.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 25 Oct 2020 21:14:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 08 Apr 2011 23:11:26 GMT
ETag
"d41d8cd98f00b204e9800998ecf8427e:1349196464"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=259200
Connection
keep-alive
Content-Length
20
Expires
Wed, 28 Oct 2020 21:14:20 GMT
adsct
analytics.twitter.com/i/ 		31 B
387 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=nvxnb&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
57
x-xss-protection
0
x-response-time
116
pragma
no-cache
last-modified
Sun, 25 Oct 2020 21:14:19 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
d02c37716e10f428e3d7b4e7ef977dfc
x-transaction
00d2da1e003bae65
expires
Tue, 31 Mar 1981 05:00:00 GMT
/
www.facebook.com/tr/ 		44 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=952158421515503&ev=Microdata&dl=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&rl=&if=false&ts=1603660459942&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Geo%20Blocked%20%7C%20XUMO%22%2C%22meta%3Adescription%22%3A%22NBC%20News%20NOW%20is%20a%20streaming%20network%20from%20NBC%20News.%20NOW%20features%20deep%20reporting%2C%20thoughtful%20storytelling%2C%20and%20live%2C%20breaking%20news%20from%20the%20global%20resources%20of%20NBC%20News.%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22XUMO%22%2C%22og%3Atitle%22%3A%22NBC%20News%20NOW%22%2C%22og%3Adescription%22%3A%22NBC%20News%20NOW%20is%20a%20streaming%20network%20from%20NBC%20News.%20NOW%20features%20deep%20reporting%2C%20thoughtful%20storytelling%2C%20and%20live%2C%20breaking%20news%20from%20the%20global%20resources%20of%20NBC%20News.%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fimage.xumo.com%2Fv1%2Fchannels%2Fchannel%2F9999247%2F800x800.png%3Ftype%3DsmartCast_channelTile%22%2C%22og%3Aimage%3Awidth%22%3A%22800%22%2C%22og%3Aimage%3Aheight%22%3A%22800%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.27&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1603660459438.1405272533&it=1603660459409&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.xumo.tv/geo-block
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 25 Oct 2020 21:14:19 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Sun, 25 Oct 2020 21:14:19 GMT

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| dataLayer object| branch object| nSdkInstance object| NOLBUNDLE object| __CLIENT_CONFIG__ object| __ASYNC_COMPONENTS_REHYDRATE_STATE__ object| __JOBS_REHYDRATE_STATE__ function| webpackJsonp object| regeneratorRuntime object| lazySizesConfig object| lazySizes object| google_tag_manager object| ns_ object| google_tag_data function| twq string| GoogleAnalyticsObject function| ga function| fbq function| _fbq object| ciads_settings object| gaplugins object| gaGlobal object| gaData function| _typeof object| ns object| paramsPassed object| stateObject string| BUILDVERSION object| stateEvents object| twttr object| _caq object| Ci number| onloadDateTime object| unloadDateTime boolean| navGeoSupported object| citracker_ref object| plugins object| documentAlias object| navigatorAlias object| screenAlias object| windowAlias string| locationHrefAlias string| locationHostnameAlias boolean| hasLoaded object| registeredOnLoadHandlers object| info_demographics string| SDK_VERSION

8 Cookies

Domain/Path Name / Value
.imrworldwide.com/ Name: IMRID
Value: 0bdaf140-1707-11eb-9303-7bdb773d0b49
.imrworldwide.com/ Name: SSCVER
Value: v1
.xumo.tv/ Name: _fbp
Value: fb.1.1603660459438.1405272533
.xumo.tv/ Name: _gcl_au
Value: 1.1.1731789298.1603660459
.xumo.tv/ Name: _gat_UA-59849642-23
Value: 1
.xumo.tv/ Name: _ga
Value: GA1.2.1342798277.1603660459
.xumo.tv/ Name: nol_fpid
Value: kkwrt8cdq7p5gpaym7s6jh4joikiv1603660459|1603660459393|1603660459393|1603660459393
.xumo.tv/ Name: _gid
Value: GA1.2.1022922241.1603660459

2 Console Messages

Source Level URL
Text
console-api log URL: https://media-cdn.ipredictive.com/js/cirt_v2.min.js(Line 1)
Message:
https://ad.ipredictive.com/d/rt/pixel?uuid=b752e089-0d8a-41fc-85d3-d2c85da8b1ca&rtsite_id=25092&sdk_src=js&ts=1603660459&rr=932142872244947&sdkv=1.0.0-beta&res=1600x1200&cookie=1&ref=&dloc=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&ds=1&xp_pdf=0&xp_qt=0&xp_realp=0&xp_wma=0&xp_dir=0&xp_fla=0&xp_java=0&xp_gears=0&xp_ag=0&event=pageview&ev_pageview=%7B%22url%22%3A%22https%3A%2F%2Fwww.xumo.tv%2Fgeo-block%22%2C%22title%22%3A%22On%20Now%20-%20NBC%20News%20NOW%20%7C%20XUMO%22%7D
console-api debug URL: https://media-cdn.ipredictive.com/js/cirt_v2.min.js(Line 1)
Message:
img loaded url = https://ad.ipredictive.com/d/rt/pixel?uuid=b752e089-0d8a-41fc-85d3-d2c85da8b1ca&rtsite_id=25092&sdk_src=js&ts=1603660459&rr=932142872244947&sdkv=1.0.0-beta&res=1600x1200&cookie=1&ref=&dloc=https%3A%2F%2Fwww.xumo.tv%2Fgeo-block&ds=1&xp_pdf=0&xp_qt=0&xp_realp=0&xp_wma=0&xp_dir=0&xp_fla=0&xp_java=0&xp_gears=0&xp_ag=0&event=pageview&ev_pageview=%7B%22url%22%3A%22https%3A%2F%2Fwww.xumo.tv%2Fgeo-block%22%2C%22title%22%3A%22On%20Now%20-%20NBC%20News%20NOW%20%7C%20XUMO%22%7D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Security-Policy child-src 'self' blob:; connect-src * blob:; img-src 'self' 'unsafe-inline' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.jwpcdn.com; object-src 'self' *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.2mdn.net static.ads-twitter.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org app.link *.branch.io *.cloudfront.net *.combotag.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com adservice.google.com tagmanager.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.jwplatform.com *.jwpcdn.com *.jwpsrv.com *.moatads.com *.outbrain.com cdn.polyfill.io *.scorecardresearch.com *.serving-sys.com *.spotxcdn.com *.spotxchange.com *.tremorhub.com analytics.twitter.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' blob: fonts.googleapis.com *.gstatic.com tagmanager.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.imrworldwide.com *.outbrain.com *.serving-sys.com *.fbsbx.com
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.ipredictive.com
analytics.twitter.com
api2.branch.io
app.link
cdn-gl.imrworldwide.com
cdn.branch.io
cdn.polyfill.io
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
image.xumo.com
media-cdn.ipredictive.com
sb.scorecardresearch.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
trends.revcontent.com
valencia-beacons.xumo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.xumo.tv
104.111.238.139
104.244.42.195
104.244.42.69
143.204.213.143
151.101.112.157
152.195.39.56
2600:9000:20fc:7a00:2:42d9:3100:93a1
2600:9000:20fc:9600:19:9934:6a80:93a1
2600:9000:20fc:a00:11:f728:3040:93a1
2606:2800:134:2a84:b04b:f6ef:8280:dcd7
2a00:1450:4001:802::2003
2a00:1450:4001:802::200a
2a00:1450:4001:806::2008
2a00:1450:4001:809::200e
2a00:1450:4001:81f::2003
2a00:1450:4001:821::2004
2a00:1450:4001:824::200e
2a00:1450:400c:c00::9a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::621
34.246.91.36
52.7.115.230
65.9.57.72
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
064cd7955fa794dedfb434b581ab3bbaa8cea5af4d980720b0ada2134d991e2a
07591c8ec3d60e53b117c901d3331824945331df2e1b1b9671cf045a1631c4de
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14f6630350c4be6046d8329072a1a76800e8d2076c7d440802badab6b8adb48e
15066e070c0c0f96ff398a57092d23f249cc33630c6bbfbde29c83ac0164ef1e
1949652be6cfc4b953d0a79edc7a2c16b9cbf191d40cb8a64b955af094d062fa
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
25cf0f0ce42f8acd9ea6facc223f54105c7fd0cce63fb7bb5d83e6600100acbd
2ff510dbf0591bf09bfcdc904e95d6aff78a8b71b4995a6ed642dc253abd18a8
41827ad9edf07853f0bfbc4a3ca8a2328e2d3e7215022b5fbd86d3a1acceae6f
4308b770a8f544c1fc4487836df776d7a8a4170b0947e45c9b748369846ee115
439b453be0952fb5dda4026b3b2ace4e901ba84d13e823d71ec3d4431dc1763b
45d44ed1def934ce3674420609b209ffe6f2b5d4d3a8b7ba9ac3fa7ff9eabafb
4cb8ac2299a072ea6335a63c29810cff2d0418bb1d84ae807a83f7858d344c41
59844e133fef3bf7cb2ab86ef05af5d085c56e9ef4f10cb97a40b92ca9e49fcc
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
70272620a3334e8ba7b240116353d97e66defcc3b0f09662b6c5458590e360f1
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8661978d88b970174a5b3111c4c9117e250b453b27484d728453f9bd601a892d
96281150fc4b153640ffd15f9ce9a133ee631aecb0f955cd67974e72af74ae64
a282b6422011aa459fa950dc62e35107b5011b9d1997cc8c9f279494fb2921c4
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acf140e030e142954ada508bf924ac3414bf138fa752559d87252e40ada37539
ae534b69f8d95e349e4ca2ad90f821e3f024777a6430a13808670838c533024d
bb0c201f0ca67e745869967d48db2e90bf01353d1f305959d487291cab6d0755
bd267f2d0d68c6d1883bb9f9b5e5b732bde49a492ac19234401072a0a9f42328
c75f9d352ea5d68377a0dc4a9061074854d6ac2eee3efe890908a0d7ef222ef7
ce10183fa64e6aa8d63dfc67b6a7188060161f7f2615abe7bfbf38d0e2bc8ad7
d23c96be4e5045b039b34018678706a5f989462207ba555e3ec4e494b16ca286
d8e2d314460b1448484d472fa21d5f0c4ae8d4e8b0ecad6896edc25b33328931
d9f7e0aa1bff501986995b7c69742a14f373819ab6ecd599af29d67f9d8b4794
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
df765a093fc6bfc783d0f2f8813a28e8eb2c15711488110bdc39af1268febbf8
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9869727d83302ebabceb2792b4fd6bf5ed174cf5f73b74f77da0328d23de202
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629