urlscan.io logo urlscan.io
SecurityTrails logo

flyformiles.hk Open in urlscan Pro
104.21.30.184  Public Scan

Go To Rescan Add Verdict Report
URL: https://flyformiles.hk/26781/livi-bank
Submission: On June 16 via manual from HK
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 26 IPs in 3 countries across 19 domains to perform 418 HTTP transactions. The main IP is 104.21.30.184, located in United States and belongs to CLOUDFLARENET, US. The main domain is flyformiles.hk.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 11th 2021. Valid for: a year.
This is the only time flyformiles.hk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
47 104.21.30.184 13335 (CLOUDFLAR...)
28 51 142.250.185.134 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
91 2a00:1450:400... 15169 (GOOGLE)
91 2a00:1450:400... 15169 (GOOGLE)
39 2a00:1450:400... 15169 (GOOGLE)
30 142.250.186.66 15169 (GOOGLE)
8 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
7 2a03:2880:f01... 32934 (FACEBOOK)
10 2a00:1450:400... 15169 (GOOGLE)
3 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
4 213.254.244.24 36062 (DOUBLE-VE...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
31 2a03:2880:f01... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
6 213.254.244.17 3257 (GTT-BACKB...)
2 213.254.244.12 3257 (GTT-BACKB...)
4 2a03:2880:f11... 32934 (FACEBOOK)
9 192.0.77.48 2635 (AUTOMATTIC)
418 26
47    104.21.30.184 (United States)

ASN13335 (CLOUDFLARENET, US)
flyformiles.hk
51    142.250.185.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f6.1e100.net
ad.doubleclick.net
8121631.fls.doubleclick.net
9304630.fls.doubleclick.net
1    2606:4700::6810:a723 (United States)

ASN13335 (CLOUDFLARENET, US)
ajax.cloudflare.com
91    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
www.googletagservices.com
91    2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
39    2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
30    142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net
googleads4.g.doubleclick.net
8    2a02:26f0:6c00:297::4469 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cdn.doubleverify.com
7    2a03:2880:f01c:8004:face:b00c:0:8c (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
ad.atdmt.com
10    2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
3    2a02:26f0:6c00::210:ba1a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
code.createjs.com
2    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    213.254.244.24 (United States)

ASN36062 (DOUBLE-VERIFY, US)
tps.doubleverify.com
1    2a00:1450:400c:c08::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
31    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
static.xx.fbcdn.net
scontent.xx.fbcdn.net
1    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
6    213.254.244.17 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
tps20222.doubleverify.com
tps20235.doubleverify.com
tps20225.doubleverify.com
2    213.254.244.12 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
tps20224.doubleverify.com
4    2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
9    192.0.77.48 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org
s.w.org
Domain Requested by
91 s0.2mdn.net ad.doubleclick.net
s0.2mdn.net
flyformiles.hk
72 pagead2.googlesyndication.com ad.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
47 flyformiles.hk flyformiles.hk
ajax.cloudflare.com
39 tpc.googlesyndication.com ad.doubleclick.net
tpc.googlesyndication.com
pagead2.googlesyndication.com
35 ad.doubleclick.net 20 redirects flyformiles.hk
www.googletagservices.com
30 googleads4.g.doubleclick.net ad.doubleclick.net
26 static.xx.fbcdn.net www.facebook.com
static.xx.fbcdn.net
19 www.googletagservices.com ajax.cloudflare.com
ad.doubleclick.net
s0.2mdn.net
10 adservice.google.com ad.doubleclick.net
10 8121631.fls.doubleclick.net 5 redirects ad.doubleclick.net
9 s.w.org
8 cdn.doubleverify.com ad.doubleclick.net
s0.2mdn.net
flyformiles.hk
7 ad.atdmt.com ad.doubleclick.net
6 9304630.fls.doubleclick.net 3 redirects ad.doubleclick.net
4 www.facebook.com static.xx.fbcdn.net
4 fonts.gstatic.com fonts.googleapis.com
4 tps.doubleverify.com cdn.doubleverify.com
3 connect.facebook.net flyformiles.hk
connect.facebook.net
3 code.createjs.com s0.2mdn.net
2 tps20225.doubleverify.com cdn.doubleverify.com
2 scontent.xx.fbcdn.net www.facebook.com
2 tps20235.doubleverify.com cdn.doubleverify.com
2 tps20224.doubleverify.com cdn.doubleverify.com
2 tps20222.doubleverify.com cdn.doubleverify.com
2 www.google-analytics.com flyformiles.hk
www.google-analytics.com
1 fonts.googleapis.com ajax.googleapis.com
1 www.googletagmanager.com flyformiles.hk
1 ajax.googleapis.com flyformiles.hk
1 www.google.de flyformiles.hk
1 www.google.com flyformiles.hk
1 stats.g.doubleclick.net www.google-analytics.com
1 ajax.cloudflare.com flyformiles.hk
418 32

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-11 -
2022-06-10		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
ajax.cloudflare.com
DigiCert ECC Secure Server CA		 2020-08-11 -
2022-08-16		 2 years crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
*.doubleverify.com
DigiCert SHA2 Secure Server CA		 2021-01-10 -
2022-01-17		 a year crt.sh
*.atlassolutions.com
DigiCert SHA2 High Assurance Server CA		 2021-05-15 -
2021-08-13		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
tls.adobe.com
DigiCert SHA2 Secure Server CA		 2020-06-01 -
2022-06-06		 2 years crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-05-24 -
2021-08-16		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-05-17 -
2021-08-09		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-05-26 -
2021-08-24		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-05-17 -
2021-08-09		 3 months crt.sh
*.w.org
Sectigo RSA Domain Validation Secure Server CA		 2019-12-19 -
2021-12-18		 2 years crt.sh

This page contains 51 frames:

Primary Page: https://flyformiles.hk/26781/livi-bank
Frame ID: A04AB19BCDAC3482DDC2F79F3F11DD6A
Requests: 84 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761455;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D
Frame ID: E7ACA393F0742D41F8EFD59B95598B18
Requests: 9 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761842;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D
Frame ID: 40197C0D3B527C650E04D3A50EB2EE26
Requests: 9 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D
Frame ID: DD1552F978D4A5699E14D1A5B7E23F76
Requests: 12 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Frame ID: A716E10A819A05B94B175520DF5FBDCF
Requests: 13 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Frame ID: B4674C30486B7CDD8CAB2B24EC988436
Requests: 13 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Frame ID: 4003613D36BFC0C2D28F18E4485E9425
Requests: 12 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Frame ID: D4D57C00152296A6580A76E975578C99
Requests: 12 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D
Frame ID: C012ABC87E24A346EC44AA31D54283DB
Requests: 12 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Frame ID: 2817C97C178E428564C4F8E897E4F5E9
Requests: 13 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22789712.251200615;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Frame ID: 88E3D681E15054375213A6A13F66E1ED
Requests: 7 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22643491.245678814;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Frame ID: 858ED78B25FB4FBA24BB08656B44607C
Requests: 7 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Frame ID: 11B460977CA9488B4A720D2F9D7830C9
Requests: 13 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
Frame ID: 7A660AB7745C09A16D702C4CBBE4878C
Requests: 13 HTTP requests in this frame

Frame: https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
Frame ID: 089C5C7A8FCC8EF89EBCAA2E0F3B5513
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/8295605/1611580770840/index.html
Frame ID: 6F7E78FC291A1258271469E93F3828D2
Requests: 30 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B069471696ABE9DE215BCCF30B380C1A
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1425.js
Frame ID: 393894479B73537F95A2BC8C2CA75654
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5E9E126F726551D497AAEADC8A34E9BC
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 909EB714A7662FD8BFB700F3A8E60842
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 97D3365F54574A633DE65B7973B7BF78
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1425.js
Frame ID: 8D18A66C8553B76699781196A7FDF886
Requests: 4 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1425.js
Frame ID: 7EE8F5D8037F796948BA81D7E8E58403
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FC6F8876E5AF31331FFC4A3E82A66102
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CBBCED3C8A037A8F5F9EC3303E63FD3B
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F33F9BD2FFB1EC0D08D8946784345733
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B61FD232360B21A2C4FA7B9322665739
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5DA15F011BDD4E5A521DB5CE660CE169
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AE2396C00E5C289523DF58A436F681C1
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F7D9919F169691DE1EAEA41493D4FD2E
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 23AE0D98ED07C39ADA57C581D3544F7E
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 78D42687559F05707F149EC6619DD868
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
Frame ID: F767AD316590F595D95551A73BA176F2
Requests: 20 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/3894074470716932096/300x250.html
Frame ID: DC28C98600088403EB30D182D3C2C56B
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Frame ID: EEA5AF7C94EEF1B4B546F55DB57FD212
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Frame ID: 590389C26ADF36E556299617B73094CC
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Frame ID: 053F390337AB386C98783FCFC1D6ACEA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Frame ID: 0959E1CDF7BE26B6491B895F52B35CA2
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Frame ID: 9AFAD9F1E4D112ECB7C99DDD0E1D2985
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Frame ID: C566E66532335ABCB1844635F7E38119
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Frame ID: C073FC2DEED008CD818772E14337D50D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Frame ID: D5AAB32B69686E13D8B11A091F3C4357
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Frame ID: B78932C9D433A1FAD558F851B3E3796B
Requests: 1 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1300847.3528642SIUC/B25554442.301288128;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=702412196;ord=ar63kv;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=348;prcl=s
Frame ID: 527DE3030CC0574B567A42EB32F9D5B0
Requests: 7 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
Frame ID: B78203CBA529AACD962A54AE832721F3
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E60BB2A7646B2E3CC074A52576AED6CA
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/3048254225462688419/index.html
Frame ID: 0A4AEA0D82C00EE149BC22BB0A358A15
Requests: 6 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252FFlyForMiles%252F%26tabs%26width%3D340%26height%3D130%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId
Frame ID: C498247A72A1396520FDF8CA1AB1E7DD
Requests: 31 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 07CF29DEB9A5EFD9266485C174F56FFC
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/8295605/1623497534626/300x250_html5.html
Frame ID: 5AD7C648ED4C6F1C03E8AE18A826A7E7
Requests: 7 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1425.js
Frame ID: 5F84D4BADF534D29B2781AA67906E993
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

418
Requests

100 %
HTTPS

72 %
IPv6

19
Domains

32
Subdomains

26
IPs

3
Countries

8969 kB
Transfer

18468 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 86
  • https://8121631.fls.doubleclick.net/activityi;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3352926033?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none HTTP 302
  • https://8121631.fls.doubleclick.net/activityi;dc_pre=CMn4rrjMm_ECFebhuwgdU_gATA;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3352926033?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
Request Chain 87
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=;cat=;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3352926033 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CLHrsrjMm_ECFRrxsgod58IGVQ;type=;cat=;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3352926033 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CLHrsrjMm_ECFRrxsgod58IGVQ;type=;cat=;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3352926033
Request Chain 88
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=banki02b;cat=banki0;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=3352926033 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CIvosrjMm_ECFc-dsgodKh4NBA;type=banki02b;cat=banki0;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=3352926033 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CIvosrjMm_ECFc-dsgodKh4NBA;type=banki02b;cat=banki0;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=3352926033
Request Chain 107
  • https://9304630.fls.doubleclick.net/activityi;src=9304630;type=homep0;cat=dbs_c0;u22=254264903;u23=22951334;u24=5508578;u25=130770651;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2576064953 HTTP 302
  • https://9304630.fls.doubleclick.net/activityi;dc_pre=CO7dtbjMm_ECFdnyuwgd1VENVg;src=9304630;type=homep0;cat=dbs_c0;u22=254264903;u23=22951334;u24=5508578;u25=130770651;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2576064953
Request Chain 124
  • https://8121631.fls.doubleclick.net/activityi;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1685922575?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none HTTP 302
  • https://8121631.fls.doubleclick.net/activityi;dc_pre=COGavLjMm_ECFaTEuwgdtxoPuQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1685922575?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
Request Chain 125
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=banki02b;cat=banki0;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1685922575 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CLX-vLjMm_ECFcLSsgodHbUPKw;type=banki02b;cat=banki0;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1685922575 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CLX-vLjMm_ECFcLSsgodHbUPKw;type=banki02b;cat=banki0;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1685922575
Request Chain 126
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=;cat=;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1685922575 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CNr_vLjMm_ECFULFsgodR7wNfw;type=;cat=;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1685922575 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CNr_vLjMm_ECFULFsgodR7wNfw;type=;cat=;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1685922575
Request Chain 134
  • https://9304630.fls.doubleclick.net/activityi;src=9304630;type=homep0;cat=dbs_c0;u22=254708604;u23=22914006;u24=5508578;u25=135457059;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2932534977 HTTP 302
  • https://9304630.fls.doubleclick.net/activityi;dc_pre=CPbfvLjMm_ECFZvuuwgdewwN2Q;src=9304630;type=homep0;cat=dbs_c0;u22=254708604;u23=22914006;u24=5508578;u25=135457059;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2932534977
Request Chain 141
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=;cat=;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=432449823 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CJKVvrjMm_ECFZWNsgod6eUIoQ;type=;cat=;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=432449823 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CJKVvrjMm_ECFZWNsgod6eUIoQ;type=;cat=;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=432449823
Request Chain 142
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=banki02b;cat=banki0;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=432449823 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CKKbvrjMm_ECFUTJsgodyD4FHw;type=banki02b;cat=banki0;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=432449823 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CKKbvrjMm_ECFUTJsgodyD4FHw;type=banki02b;cat=banki0;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=432449823
Request Chain 143
  • https://8121631.fls.doubleclick.net/activityi;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=432449823?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none HTTP 302
  • https://8121631.fls.doubleclick.net/activityi;dc_pre=CIq3vbjMm_ECFTlc5QodNPMKiQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=432449823?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
Request Chain 150
  • https://8121631.fls.doubleclick.net/activityi;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3567141238?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none HTTP 302
  • https://8121631.fls.doubleclick.net/activityi;dc_pre=CPz8vbjMm_ECFXDIuwgdaJkNhQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3567141238?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
Request Chain 151
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=banki02b;cat=banki0;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=3567141238 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CPHhvrjMm_ECFbhIkQUd9jAGQA;type=banki02b;cat=banki0;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=3567141238 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CPHhvrjMm_ECFbhIkQUd9jAGQA;type=banki02b;cat=banki0;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=3567141238
Request Chain 152
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=;cat=;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3567141238 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CPTjvrjMm_ECFdT6sgodMVQA7A;type=;cat=;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3567141238 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CPTjvrjMm_ECFdT6sgodMVQA7A;type=;cat=;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3567141238
Request Chain 161
  • https://9304630.fls.doubleclick.net/activityi;src=9304630;type=homep0;cat=dbs_c0;u22=250997556;u23=22953560;u24=5508578;u25=147730717;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=51269104 HTTP 302
  • https://9304630.fls.doubleclick.net/activityi;dc_pre=CLnLvrjMm_ECFc7Guwgdoa8DMg;src=9304630;type=homep0;cat=dbs_c0;u22=250997556;u23=22953560;u24=5508578;u25=147730717;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=51269104
Request Chain 171
  • https://8121631.fls.doubleclick.net/activityi;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1493121368?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none HTTP 302
  • https://8121631.fls.doubleclick.net/activityi;dc_pre=CLGdv7jMm_ECFUPuuwgd7RgGWw;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1493121368?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
Request Chain 172
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=;cat=;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1493121368 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=COqBwLjMm_ECFZmMsgod5ZUNpA;type=;cat=;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1493121368 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=COqBwLjMm_ECFZmMsgod5ZUNpA;type=;cat=;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1493121368
Request Chain 173
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=banki02b;cat=banki0;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1493121368 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CPKEwLjMm_ECFZ2rsgodTOECMQ;type=banki02b;cat=banki0;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1493121368 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CPKEwLjMm_ECFZ2rsgodTOECMQ;type=banki02b;cat=banki0;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1493121368

418 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request livi-bank
flyformiles.hk/26781/ 		543 KB
269 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7fd94e8ff8e24c98e30552008be27fccb40b2a721360fb623b0a2120780bfc8f

Request headers

:method
GET
:authority
flyformiles.hk
:scheme
https
:path
/26781/livi-bank
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:53 GMT
content-type
text/html; charset=UTF-8
vary
X-Forwarded-Proto,Accept-Encoding,User-Agent
last-modified
Wed, 16 Jun 2021 06:43:28 GMT
cf-cache-status
DYNAMIC
cf-request-id
0ab540c472000016a106aea000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=SHsA08a6EuB7LBJXENafpJrhucCrQPYckuKOAD82SUopVrtdpFKo5CXvnyVcu0LXDqwC3nh2611sO2EafL27jr%2F9vfos8BlqoL5Bp%2B2tOw3GHiKIH7enqUmPYUQ%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6602371a4aa516a1-ARN
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
8i7dJI7NVL6pf3IdYBbv1q2VaI4.js
flyformiles.hk/cdn-cgi/apps/head/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/cdn-cgi/apps/head/8i7dJI7NVL6pf3IdYBbv1q2VaI4.js
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4267a142b848bdb572f99058f3ec484445096d7d2b36c85cb6c05725e0316d01

Request headers

:path
/cdn-cgi/apps/head/8i7dJI7NVL6pf3IdYBbv1q2VaI4.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-request-id
RM5FDWGBZC5P79K3
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-version-id
xJN8vd4x8QHPj.H6R07CYACsNsRYr71j
x-amz-id-2
w45ajALa0h0NNxMSJmHn1+nU6q0vf0TbrxmmUk7ERgOD34ClQSeS8ZWRoEItQBFUoLS606WBrC0=
last-modified
Fri, 06 Mar 2020 18:12:37 GMT
server
cloudflare
etag
W/"cec9fe50654b64bce07e959e50030705"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=GNmdwih1GKTu9iQRnmUOzdkNkRJBLEF%2BKv9G6%2FFbWEDAgQbneLFLzsaxmFuOwy9ukMTD6hRl8%2BLHgsQ2F30dcD79Bp89mk%2B4ahhBALNOEFbsHPWReumaGOUpDKM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-request-id
0ab540c59d0000f15ed3172000000001
cf-ray
6602371c2e55f15e-ARN
style.min.css
flyformiles.hk/wp-includes/css/dist/block-library/ 		50 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-includes/css/dist/block-library/style.min.css?ver=5.6.2
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe9ad9796d39e706fe661ddf90151c0ebc03251164354d55f1ee95ca06878b40

Request headers

:path
/wp-includes/css/dist/block-library/style.min.css?ver=5.6.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 07 Mar 2021 07:21:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=7nFe0EJGXefsnTkLq6U1gWYwD%2Bl7JSkxZjKtmNMpy7kn9Bsoy4fcebNql9yTXOdMto6qFvZ14pzLq6TED%2Fn9wjA4qf8jeEP70cs%2FAVU%2BfIMfXrdZvHgOVrgwOdg%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6602371c2e45f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59e0000f15ec22a4000000001
rounded-thumbs.min.css
flyformiles.hk/wp-content/plugins/contextual-related-posts/css/ 		1 KB
917 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=1.0.1
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ca7188912ef3473bb7943356daf3909fb28acf076110495dd4eff399334fe70

Request headers

:path
/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=1.0.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 07 Mar 2021 07:18:04 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=WaOP6VAbTVvlWHBcpu2TnI6K%2F3xcTldavaDVbU8Sh8aOysfui%2BiFStNFyVw%2B%2FF9k8zaN1oc1cTPuvmfn0F09b4k%2Bs7iG1LI%2BZIKxMbpfrBQ1MMC1XTrlnk97qh0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6602371c2e2ff15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59c0000f15edc88d000000001
jquery-ui.css
flyformiles.hk/wp-content/plugins/faq-schema-for-pages-and-posts//css/ 		16 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/faq-schema-for-pages-and-posts//css/jquery-ui.css?ver=2.0.0
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbe23090c2328bdb543b98f8cf4dba715589dd0b9c8f537e3af26704e2e24a3c

Request headers

:path
/wp-content/plugins/faq-schema-for-pages-and-posts//css/jquery-ui.css?ver=2.0.0
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=18837
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59e0000f15edc88e000000001
last-modified
Thu, 06 Aug 2020 20:19:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=EaIozlVmRkF5H98K0YUnU1CdS1X3RZ8hJWOUzTPZLOqyakieMvRpah8gf0Ye1jMW0MWSE3U1p6ZZXXcMrdTJbd1F%2FGZe%2BYj6hB8p3woeoLGd4oqCkOw1BVkqrXo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
cf-ray
6602371c2e4ff15e-ARN
cf-bgj
minify
wp-style.css
flyformiles.hk/wp-content/plugins/table-sorter/ 		451 B
802 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/table-sorter/wp-style.css?ver=5.6.2
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98bbaf19814e65ef8f6cc17b355b9f09cad3d9bda9b7726453dce11ef81815af

Request headers

:path
/wp-content/plugins/table-sorter/wp-style.css?ver=5.6.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=538
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59a0000f15ec22a3000000001
last-modified
Tue, 28 Aug 2018 09:33:23 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XD9OB%2FUW4WidP7ehkqVt9Chaar4jDJb8gBxopBGq9%2FlxXo7oBDJASDewW88vuIeIpV8IOKMWZN9r%2FavLCfT%2FH5RMY%2F6sqYo4dZ6vQsgt2G3Eu1lEfD72aaHyBfk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
cf-ray
6602371c2e3ef15e-ARN
cf-bgj
minify
style.min.css
flyformiles.hk/wp-content/plugins/easy-table-of-contents/vendor/icomoon/ 		438 B
782 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/easy-table-of-contents/vendor/icomoon/style.min.css?ver=2.0.16
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b88fca268e1352a0922f301c6b88f0499606c01faa8d0718de11a8153a5edc3a

Request headers

:path
/wp-content/plugins/easy-table-of-contents/vendor/icomoon/style.min.css?ver=2.0.16
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 07 Mar 2021 07:20:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Y781v%2B1kISPpqnFEhbpR8srR%2FuERpLYDVOWEjUy3d1q6%2F8UprBs3NoQmZzf5SdxS%2FW3EkRrJzPlBynjYGzY%2BCpTHuKtVmZxPGeZIL3jZU0t2ie0zRUok%2Fglt%2BLo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6602371c2e51f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59d0000f15efc26c000000001
screen.min.css
flyformiles.hk/wp-content/plugins/easy-table-of-contents/assets/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/easy-table-of-contents/assets/css/screen.min.css?ver=2.0.16
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22af5d3bf749542c2d95975186991b7b8c1e0766449c3fdeab55d57eb0d1ffdc

Request headers

:path
/wp-content/plugins/easy-table-of-contents/assets/css/screen.min.css?ver=2.0.16
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 07 Mar 2021 07:20:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=60MbvycBbp2nKYqn8sruvyyFL%2FB1yowW44smzT%2BczDi9BfrDQvN7XfK8LW2N8mole8ei9yKKAGMg6%2F8oR6dkPeWn6dr%2FENqk2OWFud7vDzItx2vEsvd6bm5TOeU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6602371c2e44f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59e0000f15e830dd000000001
bootstrap.min.css
flyformiles.hk/wp-content/themes/graphene/bootstrap/css/ 		119 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/themes/graphene/bootstrap/css/bootstrap.min.css?ver=5.6.2
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80504e05cca74721295131958dab58ebc0f94cdbcfbb10569149243a0cace741

Request headers

:path
/wp-content/themes/graphene/bootstrap/css/bootstrap.min.css?ver=5.6.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 01 Nov 2020 16:54:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=MJ0HAGR7njYg%2BCJoqX2hodAY5NsMbZGwFptvWFkpxE1D1JxL1yJfqlgv%2FDB2Yd5f9D%2Bl6VhKrvaN7SsMoupM2n377nmkBgYkwkhFUXMO9vLWWEpP7ltylvpNAaU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6602371c2e3bf15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59d0000f15e72b15000000001
font-awesome.min.css
flyformiles.hk/wp-content/themes/graphene/fonts/font-awesome/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/themes/graphene/fonts/font-awesome/css/font-awesome.min.css?ver=5.6.2
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
939f88a524b63a4deff0c05148b3eff7a90c31dd352544712d297a08b028585d

Request headers

:path
/wp-content/themes/graphene/fonts/font-awesome/css/font-awesome.min.css?ver=5.6.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 01 Nov 2020 16:54:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=g1elZQl%2BhZzFqHt6M46JpBTJv%2FPjoFVCuWmqItHsAWR114KKf2Z3i7HLw9Mza%2Bo1CpiARliYzP9OGZgPWceqDGUT1Ur0kOiAoKMjP5ODrltnmhvV5fppDaMYLNQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6602371c2e57f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59d0000f15e8fa76000000001
style.css
flyformiles.hk/wp-content/themes/graphene/ 		41 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/themes/graphene/style.css?ver=2.8.2
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a67e521fc8b5a136206d23ab0bf47b3b1a049f7cdcdf2d4a4b560445d95caf70

Request headers

:path
/wp-content/themes/graphene/style.css?ver=2.8.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=57636
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59e0000f15efc26d000000001
last-modified
Sun, 01 Nov 2020 16:54:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=trE00sqQfX7SVrQB9G%2BdbyH%2Bph7sRIvVsgRUhySHczKGl3JLKEhdIwIU27J20Tr2FckizAlKGjiHw8C6l%2F8kU7DOBm4oy1dSUI8RELfK0pwDDmsz32qiMpwM9dk%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
cf-ray
6602371c2e5cf15e-ARN
cf-bgj
minify
responsive.css
flyformiles.hk/wp-content/themes/graphene/ 		8 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/themes/graphene/responsive.css?ver=2.8.2
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8bec30587c8cba5bee5b2eef246ac0757c255ef63e6667296b89fd98a7d41fce

Request headers

:path
/wp-content/themes/graphene/responsive.css?ver=2.8.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=11348
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59e0000f15e7dafa000000001
last-modified
Sun, 01 Nov 2020 16:54:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=FXSJJHfe2%2F04Dw17yzPog5k4xyFBAVNh4OXp2v8GCYtcFUCH%2BN9t7IzS71MRAUEEAYHdxAOvwKNsk4%2FnEjp8V%2BJlPnxbq%2FUba7yQVkbajwPpnve5Ip4faljgsbc%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
cf-ray
6602371c2e5df15e-ARN
cf-bgj
minify
blocks.css
flyformiles.hk/wp-content/themes/graphene/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/themes/graphene/blocks.css?ver=2.8.2
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87b1742a27c3dded57320174685dd14ad7f2a4c13c3e64173811f9ae8f8bdfb1

Request headers

:path
/wp-content/themes/graphene/blocks.css?ver=2.8.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=4628
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59e0000f15e7a1e4000000001
last-modified
Sun, 01 Nov 2020 16:54:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=dKeQF%2B6wCTyVgsFcuw%2FYyP8p3tpk3qpFAj8WTm0YdcAhHO%2FSJ2DicxlZcFMNCDXdQSTsTqnTl%2FNBG%2FGh9UCwDNPwOEH%2BifSLpQw96hrvsayc6VumCEBAJ7ZAUYA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
cf-ray
6602371c2e5ff15e-ARN
cf-bgj
minify
tablepress-combined.min.css
flyformiles.hk/wp-content/ 		5 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/tablepress-combined.min.css?ver=11
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01f16ba5385a2b555d59212f0f988fe2b510735005cb497ef938c05b1df9106b

Request headers

:path
/wp-content/tablepress-combined.min.css?ver=11
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 16 Aug 2020 16:25:29 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=43c17ySqyD43GE7QE6djUq2qNSrC%2Fmqa%2BBOhU2MJ7H%2FrzHtCWAZJTccOQSS0ED6pn2xUzRS5NnJODL9L9FGcK5FZ0uSO%2BfRraCRkxVa7UMm2bjxyBbjOgijuauo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6602371c2e4ef15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59b0000f15ef782b000000001
tablepress-responsive.min.css
flyformiles.hk/wp-content/plugins/tablepress-responsive-tables/css/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.7
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70a5b0b12138d72265e36399b36ce4590a9df3bd22ee73c201d269b109a8177a

Request headers

:path
/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.7
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 21 Jul 2020 10:18:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Is4kF9NGy0ONdnPFb6QhdDR%2FQnhUTDmM%2BIWPx1OtE2AkrSHaP8OLL1sRtiRr7SXuIFKwPFEf36B93hPehyVXFeiNPtv5mnOgfggDAbedmNLXUCWldpUdmfUAeCY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6602371c2e49f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59b0000f15efc26b000000001
6eb86a46dba7b7014c3ca5b60295946fe81eecea.css
flyformiles.hk/wp-content/sedlex/inline_styles/ 		70 B
677 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/sedlex/inline_styles/6eb86a46dba7b7014c3ca5b60295946fe81eecea.css?ver=20210616
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76ba2b14a8d25e6d5af09b300cf33c6ee77dfb1ddad67533b857f771d23ab6cd

Request headers

:path
/wp-content/sedlex/inline_styles/6eb86a46dba7b7014c3ca5b60295946fe81eecea.css?ver=20210616
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=303
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c59b0000f15ef804d000000001
last-modified
Tue, 28 Aug 2018 15:18:43 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=YnT1SDGcCE4WzMPo53wGu1kzfCxhSBhDq99bzcTbsHtd583%2BQcy328G8SpFzu%2FP840z25mx77IaC99OtEcaOrRq%2F0PYsvx6zpmyYX3EsgehaSY%2FlnfiKnGnm89o%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
cache-control
max-age=86400
cf-ray
6602371c2e47f15e-ARN
cf-bgj
minify
email-decode.min.js
flyformiles.hk/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

:path
/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"cf-nel","max_age":604800}
cf-request-id
0ab540c7730000f15e82b4f000000001
last-modified
Tue, 08 Jun 2021 15:58:01 GMT
server
cloudflare
x-frame-options
DENY
etag
W/"60bf9389-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kU3lPlEJ8gRrJJUr8eMdkOmq4xiOVNAx8OGz6ZkYJNxiyZ%2BcyL5odeuEHsAql55zkJoJQ1ut5wvf34sddMYPhKzPR5%2FLqD8iPRvs%2BicJIqdYrSjuekkkrkgMXuQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800 public
cf-ray
6602371f1c79f15e-ARN
expires
Fri, 18 Jun 2021 07:09:54 GMT
Screen-Shot-2015-01-11-at-5.14.51-pm.png
flyformiles.hk/wp-content/uploads/2015/01/ 		74 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flyformiles.hk/wp-content/uploads/2015/01/Screen-Shot-2015-01-11-at-5.14.51-pm.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0abb0d42eb78e164ab150bde5a8c203670c362bfab3507f34fc64ba3d6eb2f4e

Request headers

:path
/wp-content/uploads/2015/01/Screen-Shot-2015-01-11-at-5.14.51-pm.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Aug 2018 15:19:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=3gtUG6CNL0R3%2Bd3eNevoJ5leztEnMY%2BKmZ4M1IrS5y9frjtMucBhMEwehiHbQzVFOeajYj47BBWLZqDjQokH27pVbMGPzdeVkEkzZsmdXCfSvgQ42R3m33Ot1Nc%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6602371f5ccbf15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c79a0000f15e0d01d000000001
D7NFE007Hri_MGWdsyvz1sK-xHo.js
flyformiles.hk/cdn-cgi/apps/body/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/cdn-cgi/apps/body/D7NFE007Hri_MGWdsyvz1sK-xHo.js
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/cdn-cgi/apps/head/8i7dJI7NVL6pf3IdYBbv1q2VaI4.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a87c83cca8e0c358884b3ca6798993ef045e1f6337808cc624314869b54389df

Request headers

:path
/cdn-cgi/apps/body/D7NFE007Hri_MGWdsyvz1sK-xHo.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
x-amz-request-id
RM58E8MD9EJJBZY4
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-version-id
Nb7KhTlFuvKU1ma5uomdsL8msPwuxvde
x-amz-id-2
ZH0Dw12hROGS0RHV3Ln5OEghFnAr9rDBEeAZxuI5w+J1reHhv5aalOgCl84sYB+lAnSgL9NX0Lc=
last-modified
Fri, 06 Mar 2020 18:12:37 GMT
server
cloudflare
etag
W/"2aca869dfafd54eee841f5dbe01af45e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=bjdHJ3KpNG2NaQQgZHsHss9GtZLZ1QIEDrTUcd7qRryLjk%2BQ6zESISLyfIpgsUEJIOxIP4cbtw1OuCTi5utZOGE5%2FVyitDduh0eYQAY9uTyJbqvQRX3%2F4Dv6nOk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-request-id
0ab540c79a0000f15ed319f000000001
cf-ray
6602371f5ccef15e-ARN
truncated
/ 		24 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8a8efa475e1a3f6126c98ffdf77ad7a27254e27fb31f1656117da5101d7fb663

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		83 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4ff082cb1e77243205c2f83bba479fe0dea29580744419a3a8e0015fdefc5b7

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f915a5e3dec1835dea44dccc51557870cd4b30b9351f44399930ed4bd26d8387

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		23 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
584e5dc88a5650ab2971244bc07c490a5c815c1577db97c3cdefd83fa6b59f91

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		31 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ce47d8ee0469b5e3553adb0c3c6f94c74de59ea0f3999d0c400bf1ba97707aff

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		35 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f02750118adf5a67b613c6ce1a9c781c452da3998c3d2ec1bc87e205cc174b45

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		26 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9654d0fa4c77e7236c7fd5183b55600a76091fae4bfd8c62418c5c5802bf4843

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
fontawesome-webfont.woff2
flyformiles.hk/wp-content/themes/graphene/fonts/font-awesome/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/themes/graphene/fonts/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/wp-content/themes/graphene/fonts/font-awesome/css/font-awesome.min.css?ver=5.6.2
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

:path
/wp-content/themes/graphene/fonts/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
pragma
no-cache
origin
https://flyformiles.hk
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
flyformiles.hk
referer
https://flyformiles.hk/wp-content/themes/graphene/fonts/font-awesome/css/font-awesome.min.css?ver=5.6.2
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://flyformiles.hk
Referer
https://flyformiles.hk/wp-content/themes/graphene/fonts/font-awesome/css/font-awesome.min.css?ver=5.6.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
cf-cache-status
HIT
last-modified
Sun, 01 Nov 2020 16:54:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gJ6b0OewVhF795OWc%2FoBFSXEB%2B4%2Fl4dBjKj1SW1afRq4xCdSLN0idXWN%2FG0Gqu5tSkWcJTkgnx5MBBNRzDcdy%2F82Dx4SEH0owH45%2Fbj8Tr8%2FBhknaQCFTJQ8njA%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
6602371fad30f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c7c60000f15ed11da000000001
B20804340.302761455;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D
ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/ Frame E7AC 		36 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761455;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
cec854fb5d5a2345b2d6dc28fa06ffe5595c1d22dbace6d87d6be3963ada2ac3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761455;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
18402
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B20804340.302761842;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D
ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/ Frame 4019 		36 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761842;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
b86c6b2dfc3b7af774f38ccd62686c2d58efb31eae54f44eb9afae3ac18ebf7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761842;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
18180
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D
ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/ Frame DD15 		34 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
0a1bc48803e545da4f2f63651d13aae3f03393f73f63870bf94839a4df6ac07d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
17612
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/ Frame A716 		35 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
2574d0f27ffba09f0692ccb215ca0d6a70edb1aae006422dd87124daafe73f00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
18159
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/ Frame B467 		34 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
5f9f2f2dc796a153b64d0377e37a973a3dd99bd5701218fe8f6d2dc2d0d51143
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
17613
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/ Frame 4003 		35 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
cc576aedac7134fa043a59aa6660c0dc8cc5de5c6b12eb24324bd9c7722f1676
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N1087891.2520714FLYFORMILES/B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
18165
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/ Frame D4D5 		34 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
328eea8bdd4e8ed2624f645e6a5fcf4d9730531c8680e110b95782bd4186a0e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N1087891.2520714FLYFORMILES/B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
17737
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cropped-blog-banner-_5-planes_logo_powered-byno-shadow-1.png
flyformiles.hk/wp-content/uploads/2018/02/ 		209 KB
210 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flyformiles.hk/wp-content/uploads/2018/02/cropped-blog-banner-_5-planes_logo_powered-byno-shadow-1.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab2dd49f6a66249e00dbda0aa2a37a457d8644c983e0330353edb97dcd4b580e

Request headers

:path
/wp-content/uploads/2018/02/cropped-blog-banner-_5-planes_logo_powered-byno-shadow-1.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
cf-cache-status
HIT
last-modified
Tue, 28 Aug 2018 15:17:40 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=A3gHUUY6fitcMlWfBim6JPdmm5JUBPcyX7iA8pOH4EKkEvlWxqa9R%2BcL2jEv8way1qkymlsCnjMaD%2FarW6GAYxkPZBCtwN%2BgkMkgUdA3QA%2BDvjOFeo7f8DQxbKY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023720ffaff15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8980000f15ecbaa0000000001
livi-bank-jun-promote-03-2-756x756.png
flyformiles.hk/wp-content/uploads/2021/06/ 		706 KB
707 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flyformiles.hk/wp-content/uploads/2021/06/livi-bank-jun-promote-03-2-756x756.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e838bcf0aa8213cbde6f573516e98de3e328f4cdfd64f9840bb9ce062ca2bfa

Request headers

:path
/wp-content/uploads/2021/06/livi-bank-jun-promote-03-2-756x756.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
cf-cache-status
HIT
last-modified
Tue, 08 Jun 2021 10:42:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=izgGp%2BQWP61Wqrt4xD3VumA%2B30F6yV6RlIVEq9bubJTTjZhSG9haTF6JBhSgZ9KbTlo1yDNvkfP96%2BffpQYTtZH4Y8o%2Bf0naNvYV5F2O%2FxbQ6Q2r8xxd%2FHsyV%2FI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023720ffb4f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8990000f15ebb2b9000000001
happiness-yuu-hiw-tab-3-screen-1-tc-1-719x1024.png
flyformiles.hk/wp-content/uploads/2021/06/ 		590 KB
590 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flyformiles.hk/wp-content/uploads/2021/06/happiness-yuu-hiw-tab-3-screen-1-tc-1-719x1024.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e73a362a6e1e4b71261f8b36050b1ff136ecfde72d78f52f45ec1fad660a3a06

Request headers

:path
/wp-content/uploads/2021/06/happiness-yuu-hiw-tab-3-screen-1-tc-1-719x1024.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
cf-cache-status
HIT
last-modified
Tue, 08 Jun 2021 08:43:11 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=FyxXpUGo6S%2FrNyEswkcc2IV9tZwOdJ%2FQA1HPRuqu7tsHmirIwvalTJuTrAL9muWMhnXbUE0cSW5HYE7m8q5%2Bpt04S310V3%2Fp%2FxPDPI6Nl3xhCII6b2zLhjCqQNI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023720ffb7f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8990000f15ed31b4000000001
happiness-yuu-hiw-tab-3-screen-2-tc-719x1024.png
flyformiles.hk/wp-content/uploads/2021/06/ 		432 KB
432 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flyformiles.hk/wp-content/uploads/2021/06/happiness-yuu-hiw-tab-3-screen-2-tc-719x1024.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c25b306180da2f6f6b81559094e47294fbfdccaa20afde02a30d05340898848

Request headers

:path
/wp-content/uploads/2021/06/happiness-yuu-hiw-tab-3-screen-2-tc-719x1024.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
cf-cache-status
HIT
last-modified
Tue, 08 Jun 2021 08:43:40 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=vvdlvfNBwY2dTjy%2Fkz%2BWwgTnhoQcG9IWp6ybjPfgMciU7%2F9M1RmUU3RrPDH5exk%2F1AT8JYD5ZYjQGGfYst8ySWS815neVJvHfMSI2vGi8evy4Kf7vLWJAF8g8SA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023720ffbef15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c89a0000f15e93270000000001
AE-Explorer-Card.gif
flyformiles.hk/wp-content/uploads/2021/06/ 		415 KB
415 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flyformiles.hk/wp-content/uploads/2021/06/AE-Explorer-Card.gif
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe6e14d412c58f9751a770ea60e74c9153e653fae9dfcc92721137eedfac1a6c

Request headers

:path
/wp-content/uploads/2021/06/AE-Explorer-Card.gif
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
cf-cache-status
HIT
last-modified
Tue, 01 Jun 2021 08:24:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mA%2BBoNbuE3bVxuPqBWZ6CZcWg%2F%2BPfjolTOf%2FACMWuoRfuv1SN3eNHetJ4XD571OGv3pMcGEHr%2FOYdrmnxxifZg983O5uwlPjzoRzYKQ4MMIBCt%2BFsBJbJPwYDVo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=31536000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023720ffc2f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c89a0000f15e72b4a000000001
ICBC-28.png
flyformiles.hk/wp-content/uploads/2020/10/ 		526 KB
527 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flyformiles.hk/wp-content/uploads/2020/10/ICBC-28.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f038645d6320c363cf4dab7df079c187f71e961d68834e7c565efb27166e5eab

Request headers

:path
/wp-content/uploads/2020/10/ICBC-28.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
cf-cache-status
HIT
last-modified
Tue, 08 Jun 2021 09:57:31 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=z1c7ta8GsazYvQ5i2vvsFY%2FTWMO51UBF230J2SzVy5neyaYj53kQ%2BEPaQcmSs8U2IkD6UM8PoJtJk9oFHelEWU4Wf9OlIomC3qqFCWnwvliKtgED5mBJpq198m4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023720ffc6f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c89b0000f15ee6b44000000001
EarnMORE-oct2017Banner300x250.png
flyformiles.hk/wp-content/uploads/2020/10/ 		105 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flyformiles.hk/wp-content/uploads/2020/10/EarnMORE-oct2017Banner300x250.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
082dd517fd04cfeea4c344eb3ef52bf1eeee411c98b3d73095087e886bdee6e3

Request headers

:path
/wp-content/uploads/2020/10/EarnMORE-oct2017Banner300x250.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
cf-cache-status
HIT
last-modified
Mon, 26 Oct 2020 11:34:25 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Df4bNDyqB%2FqHgU05PlNt8P0Lc3m8ej8jebTbjMbosWTr2OBmpkA0mtZ3NZ7ht7hMHtcyWQWkEAfe2DEsIqHTlKv9kYT9pF2CnKGe%2FxWPfO3aMkLhm0tdmNS93GE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023720ffc9f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c89b0000f15e87b09000000001
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:a723 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
cf-request-id
0ab540c89700004e14e237a000000001
last-modified
Tue, 08 Jun 2021 15:58:01 GMT
server
cloudflare
x-frame-options
DENY
etag
W/"60bf9389-302c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=KM4MFdKN0fkCc9Az%2BbkresbcYMwX99EYxeHJLwtlvGTD2EV4MBOfpEl882uBCD7dhc6j2D%2BkPWE8ZPyEFcrj8M8Hc6pH3hW0Rh2OgtWV7xiCEbCMXWOGxsNjSGzhkBK2ycx6CQv09JRugmv8"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
66023720e9dd4e14-FRA
expires
Fri, 18 Jun 2021 07:09:54 GMT
B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D
ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/ Frame C012 		35 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
0fab439ad5cc1869bc68fd4c1b261e5fcbe18117c29695681629e167ce10274a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N1087891.2520714FLYFORMILES/B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
18268
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/ Frame 2817 		34 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
723f4b2c519a0d266fb3bf4d8e1a980eb1c3332b80786584eb8e9763576403c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
17539
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B22789712.251200615;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/ Frame 88E3 		38 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22789712.251200615;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
6f45c1b5512658541c9ad41a7f69f834261f08abb8f1153ff3570ac230d7a26d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N1025300.2520714FLYFORMILES/B22789712.251200615;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
18215
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B22643491.245678814;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/ Frame 858E 		36 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22643491.245678814;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
c42774c3c87cca02e46e4352f8c2e1a70ed1e257849a9b270c86cdab4357ec28
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N1025300.2520714FLYFORMILES/B22643491.245678814;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
18097
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/ Frame 11B4 		34 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
e12a094d95d98c11c429b77830fc10283e5034a30389923f2f9ebeccff44d1fa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
17495
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/ Frame 7A66 		35 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
11f2e1310d99fe9757ee215cae5ca598743eed9ab45c269341833c019a7a1546
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:54 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
18030
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 16-Jun-2021 07:24:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame E7AC 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761455;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
106
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
express_html_inpage_rendering_lib_200_271.js
s0.2mdn.net/879366/ Frame E7AC 		111 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761455;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://ad.doubleclick.net
Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 08:33:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81406
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39287
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 18:02:50 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jun 2021 08:33:08 GMT
lazyload.min.js
flyformiles.hk/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/lazyload.min.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41

Request headers

:path
/wp-content/plugins/wp-rocket/assets/js/lazyload/16.1/lazyload.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 06 Mar 2021 04:32:24 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=dn4wPh1Ljpc1HC2l6KgcJ6fLhO6NgkTNIaWccDXaOUKLmf%2FlWukrklhlGFeKMB5n6%2FforOAd%2BVIC5mycTSW%2FTOCUAr8ezuqAFLwwVByUT3cnZtJbu%2FpD%2BZGq4PI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023721382af15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c50000f15eb2864000000001
form.js
flyformiles.hk/wp-content/plugins/akismet/_inc/ 		595 B
838 B 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/akismet/_inc/form.js?ver=4.1.9
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe6cdd6708f445b8c824d895ac0738a2c6692923879f5cff00abb26489d2ea43

Request headers

:path
/wp-content/plugins/akismet/_inc/form.js?ver=4.1.9
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=700
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c10000f15e87b0c000000001
last-modified
Sun, 07 Mar 2021 07:17:54 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=STV6T3YZEtfMb9xwCafpgifeX15hFXZ6R2q%2Fdn%2B4ytLRpwwtZuS7nEaktZMkoBmqtUuSzp5H2Vyr7Jx5Di04S9LaXaXYGvUbApR2fEleaxAPCoWHbn7DsrI14pk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
cf-ray
66023721382ff15e-ARN
cf-bgj
minify
wp-embed.min.js
flyformiles.hk/wp-includes/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-includes/js/wp-embed.min.js?ver=5.6.2
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path
/wp-includes/js/wp-embed.min.js?ver=5.6.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 07 Mar 2021 07:21:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=JKH79XdjsadrbEKJoks6bAE9oPV7LlHnzSNj0fBPbcMVM49ANirg09c0mCqNZ5%2BdZDx%2BZkAFO1uRTiz3fi%2BjgrtgburXCQMURj3lZfNfAJ2VcoJzmOKIQX4vSuA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
660237213831f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c10000f15efc2b0000000001
comment-reply.min.js
flyformiles.hk/wp-includes/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-includes/js/comment-reply.min.js?ver=5.6.2
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab21fef3ac4ee12ebb305942f85de99b290b8a24654c69060e54673d5f3a11f2

Request headers

:path
/wp-includes/js/comment-reply.min.js?ver=5.6.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 07 Mar 2021 07:21:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2BYFlBXjQsyX06n0bI6TyUrk9cbwZr25L5yMpU8uMbjelQxixdfX%2FLJZ%2FFTf3bcGq5dpdcpAorC0DytU46onBG7XaAFnIsmmXk5xp2eOP%2F1WNxKXXxvKBqPWBxa4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
660237213833f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8cd0000f15e153f6000000001
mystickymenu.min.js
flyformiles.hk/wp-content/plugins/mystickymenu/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/mystickymenu/js/mystickymenu.min.js?ver=2.5.1
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65b978e80fdf031da25da84fd0f3e56d5d3282a2c3c07d1436e8cf1bfce4c449

Request headers

:path
/wp-content/plugins/mystickymenu/js/mystickymenu.min.js?ver=2.5.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 16 Mar 2021 16:18:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2BhxW5na4NOu96TcGSaMZRCGhFHYZOY9bjqJGM385spXdi0Z8%2Bl3c8L2n79OjkgBgJtzXnTCwcfpue2f0YP7U69QBIuKaaQmMeeBKur1oPdyv6C11bg6QAmIeP10%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
660237213834f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c20000f15ed11f6000000001
detectmobilebrowser.js
flyformiles.hk/wp-content/plugins/mystickymenu/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/mystickymenu/js/detectmobilebrowser.js?ver=2.5.1
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4cbc4d45480053fdaacb8b61331ed2c2117a92b380edde10a1baa4f5d9553eb2

Request headers

:path
/wp-content/plugins/mystickymenu/js/detectmobilebrowser.js?ver=2.5.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=2217
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c30000f15ecbaa3000000001
last-modified
Tue, 16 Mar 2021 16:18:00 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4ViaGDzp%2FjJgH3QDyrk2aLCtMZuiI9j0KgHunSjUdFTNgDArVLyEJm77HiURUOEyAW7oBxfgiqGoGLqdHFDgIlImJ3a9LcUMxSaF2ruHU8YaWqh0ONJCPF8vzpg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
cf-ray
660237213836f15e-ARN
cf-bgj
minify
frontend.js
flyformiles.hk/wp-content/plugins/faq-schema-for-pages-and-posts//js/ 		111 B
717 B 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/faq-schema-for-pages-and-posts//js/frontend.js?ver=2.0.0
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12b6742262933edb939e8114acaa11f2d100a1da507b1fd56ea3fca9fb3a5f10

Request headers

:path
/wp-content/plugins/faq-schema-for-pages-and-posts//js/frontend.js?ver=2.0.0
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=188
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c70000f15eb8035000000001
last-modified
Thu, 06 Aug 2020 20:19:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=SqWnCyAbDSptfs0JyvvxxF66bByjsaA9gVwJfC91pWdi2icZg2%2FRW%2FLuxvbL0KWrUoALwLnNdKgOUROeJ0qbQXDmOPrTOYw5uEyLWpiSuqgMqP3oW8v9cyJlDMg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
cf-ray
660237213839f15e-ARN
cf-bgj
minify
accordion.min.js
flyformiles.hk/wp-includes/js/jquery/ui/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-includes/js/jquery/ui/accordion.min.js?ver=1.12.1
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
638caa40d39dec20d95e4119187482e3c5939616252d96ded196b05c2e1cfc27

Request headers

:path
/wp-includes/js/jquery/ui/accordion.min.js?ver=1.12.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 07 Mar 2021 07:21:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=upsOz2g5slLMgHgJH5yfi%2BkzRtYNX7W8dum3JQ4ZdyldTclhReB6z9N35EKiGGMr3%2BkqJInj8TFMZE%2BGA6xECwbrgubhMRS%2B%2BEGMCFby82jaZE4fNlzRBy5BM78%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023721383af15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c40000f15e0f030000000001
core.min.js
flyformiles.hk/wp-includes/js/jquery/ui/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5be7f1c5aafff9458c12362747e1ad99ea6b891b82995622e2f448427ece1480

Request headers

:path
/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 07 Mar 2021 07:21:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=t5TlcepveDvvl05HsefcHNaXGYzdM2kb3wWEXhIt%2Fe%2BTP5ybEpcNEqd5dWKyLi%2FZ63MVW2ud96kqPpjN2oQPh%2Fwpkp9DJgXPp%2BiAgRWde2GID5DtKFl%2BdzC%2Bpqk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023721383cf15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c80000f15eb2865000000001
dcmads.js
www.googletagservices.com/dcm/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/dcmads.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7c1022dbae2ac5b2997f6e92f1f25907b053736a52aa40753fb44fcf4760370
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 06:29:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2427
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3796
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 18:22:56 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Wed, 16 Jun 2021 07:29:27 GMT
graphene.js
flyformiles.hk/wp-content/themes/graphene/js/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/themes/graphene/js/graphene.js?ver=2.8.2
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cb7ae6d2e129a344bb8f3edd5cd733bc68963ef33efb605a6f6b328ae95c9c3

Request headers

:path
/wp-content/themes/graphene/js/graphene.js?ver=2.8.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=13551
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8ca0000f15efc2b2000000001
last-modified
Sun, 01 Nov 2020 16:54:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=cz3QoLlSiy1HfGEN1rVIPuWY8pjlcY23t0SuHY%2FLJLqBpioALPISTzh5LnuU9LlPQVXDVOqegjErq25qd8J3cMbKKpKzgNaZEZtX7qET2It81CFf4i15kn9t0TM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
cf-ray
66023721383ef15e-ARN
cf-bgj
minify
jquery.infinitescroll.min.js
flyformiles.hk/wp-content/themes/graphene/js/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/themes/graphene/js/jquery.infinitescroll.min.js?ver=2.8.2
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d60d99522c9c278a427179ed1a605b6f6e228425f05807dbe40f4d7a2e7ade3

Request headers

:path
/wp-content/themes/graphene/js/jquery.infinitescroll.min.js?ver=2.8.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 01 Nov 2020 16:54:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Qy3RBdoqu5QyYnqGyCKB7pnD2yylyv8fz4gT3YAgAT3kgpitTRHy9OgQCQMPpX%2B7tGS%2BylTh01QsifOYiAzud7hnL6JrfACT4AEcof1TDnGdnpC1I%2BiFF6QNtH0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023721383ff15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c50000f15ebc17e000000001
bootstrap-submenu.min.js
flyformiles.hk/wp-content/themes/graphene/js/bootstrap-submenu/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/themes/graphene/js/bootstrap-submenu/bootstrap-submenu.min.js?ver=2.8.2
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0764e40c476a1164764274671bea4c13651e343596f384f38b59346f02224e32

Request headers

:path
/wp-content/themes/graphene/js/bootstrap-submenu/bootstrap-submenu.min.js?ver=2.8.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 01 Nov 2020 16:54:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zaUJEAySaGQV3kGmnDeO%2BqUCv36NUpX1M0uj10D%2BpM31Q3cqfiSUZAZbdHe8Onkt0IDFQWyDxw8InjgLl8jvGXaDZjeMmSnvccWsJq75m%2Bm5mUFh28UjR75I0%2Bg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
660237213840f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c60000f15e82b69000000001
bootstrap-hover-dropdown.min.js
flyformiles.hk/wp-content/themes/graphene/js/bootstrap-hover-dropdown/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/themes/graphene/js/bootstrap-hover-dropdown/bootstrap-hover-dropdown.min.js?ver=2.8.2
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a19529e542e1f688a45a02f83c9fdc7947551f114fd2fd85d704010bb88bb8e4

Request headers

:path
/wp-content/themes/graphene/js/bootstrap-hover-dropdown/bootstrap-hover-dropdown.min.js?ver=2.8.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 01 Nov 2020 16:54:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=iydMq268o%2FSFrMhz8ulrdzf%2FuIG6d5DukqUatfnI6XHvXAwRdVGDSQ5MjcFw28mXFz3urMDVbp16ApkNmtB1467gu9RHVv6pdaQwV7E7hDBzF70b8L86ouyGVtw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
660237213841f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8cb0000f15ec22e3000000001
bootstrap.min.js
flyformiles.hk/wp-content/themes/graphene/bootstrap/js/ 		39 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/themes/graphene/bootstrap/js/bootstrap.min.js?ver=2.8.2
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe

Request headers

:path
/wp-content/themes/graphene/bootstrap/js/bootstrap.min.js?ver=2.8.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 01 Nov 2020 16:54:28 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=EdCyRH3sgrozzZJ%2BweOAOKlHOUZH%2BD7D%2FfcUToH3XcuFb%2FV800nQ6HgO9cib4kFfEiJz1yfabeASmsy5DjAh8Qc1XJk5S5qoriRD6lzQqvrp41BA9zpT%2BDXKwMc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
660237213842f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c60000f15ebb2bc000000001
wp-script.js
flyformiles.hk/wp-content/plugins/table-sorter/ 		150 B
724 B 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/table-sorter/wp-script.js?ver=2.2
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
446a0351c2c9ba4b47e0e8dfac02e1e3179b5eb9b6c848c2b096c962df7e83b6

Request headers

:path
/wp-content/plugins/table-sorter/wp-script.js?ver=2.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=184
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c70000f15e28818000000001
last-modified
Tue, 28 Aug 2018 09:33:23 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=vyUKskXmVz33ovIiJ4k1jQKnVqeZY3KoFsa4FV2HgM7O9noitBAKZ1D0a5Rsq2Z%2BjBTS1Yd28favA5rEE7SsH132nrLzchOnJBUC4X41IfMDT5g8NXdB8uGN%2FLQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
cf-ray
660237213843f15e-ARN
cf-bgj
minify
jquery.metadata.js
flyformiles.hk/wp-content/plugins/table-sorter/ 		921 B
1011 B 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/table-sorter/jquery.metadata.js?ver=2.2
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
630c7acec1d256baef486579502fecdc2186bdb46526ccf16747fc883ceb1fc6

Request headers

:path
/wp-content/plugins/table-sorter/jquery.metadata.js?ver=2.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=3892
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c70000f15e739ef000000001
last-modified
Tue, 28 Aug 2018 09:33:23 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kulpKL6RdWh5CNE65OQqO9gmDEc6NEjU4Ktdf0MA9nJA1tTL7f%2BmAY5re71XaFcjvaYYzhdqUSRJsxW3aZG6P%2BU4HgJBRjqDBASDiTl4l%2FcpzAShCTLsd9Cj1hM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
cf-ray
660237213845f15e-ARN
cf-bgj
minify
jquery.tablesorter.min.js
flyformiles.hk/wp-content/plugins/table-sorter/ 		41 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-content/plugins/table-sorter/jquery.tablesorter.min.js?ver=5.6.2
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fc964c79af23756bfe5330837b86e51d87a0d1e5d1a672f7c4fd58dab268e40

Request headers

:path
/wp-content/plugins/table-sorter/jquery.tablesorter.min.js?ver=5.6.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 28 Aug 2018 09:33:23 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=fYLEXHu%2Fr%2FRvO8rG%2Bw2lqHlYwt7%2B6SO7cE2KjuReONATtUKCCYQZYIBHLwB6D%2FLFiywOCJLdRkLteD5%2FHG02lsW9A%2FAgZYl82QHWJOLqj0M4SQ9UzJq9n1jxFIA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
660237213847f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c90000f15eeb03e000000001
jquery-migrate.min.js
flyformiles.hk/wp-includes/js/jquery/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

:path
/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 07 Mar 2021 07:21:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=oSPWnjzc8HMbBuQ5a50mtrfxmF5uctEkgnhTvjz8nvZNe1Dptl5OkqEDS7ez6OsMxb5CyNS4abdf%2Fk%2BZA8t%2FU07O8K3KESr53T5fEWnVEXflKMs1dR7U5CGno3Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
660237213849f15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c80000f15ee6b4a000000001
jquery.min.js
flyformiles.hk/wp-includes/js/jquery/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

:path
/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 07 Mar 2021 07:21:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=I9gslsqXRuvVwbtyzwvCYHPmlVkMc7vG0N0uPsvXzmf3lWSayFAj6y0eSBGB8LXQffS1FLAr%2FJYzJ3meprbH5M03zJWJBzYqoWP8ms2zer3NmBiUuUbhtRT03Io%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023721384af15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540c8c80000f15e93274000000001
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame 4019 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761842;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
106
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
express_html_inpage_rendering_lib_200_271.js
s0.2mdn.net/879366/ Frame 4019 		111 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761842;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://ad.doubleclick.net
Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 08:33:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81406
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39287
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 18:02:50 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jun 2021 08:33:08 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame E7AC 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761455;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77292
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 4019 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761842;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77292
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
01262021-191754814-Smart_Card_300x250_Display_Banner_Launch_5__TC.png
s0.2mdn.net/8295605/ Frame DD15 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/01262021-191754814-Smart_Card_300x250_Display_Banner_Launch_5__TC.png
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
17eaae1e75435de951939d14755b4d2c3e6001a11b563b7dc6e7623f34688926
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 04:20:28 GMT
x-content-type-options
nosniff
last-modified
Wed, 27 Jan 2021 03:17:54 GMT
server
sffe
age
10166
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29927
x-xss-protection
0
expires
Thu, 17 Jun 2021 04:20:28 GMT
sodar_loader.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/ Frame DD15 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5317781d9e780e3f322cba012aca14f5b55b533c0a125f06271d09b33a9974d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 10:52:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
73045
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4286
x-xss-protection
0
server
cafe
etag
12837953992469573683
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 29 Jun 2021 10:52:29 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame DD15 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
106
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame DD15 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:54 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame DD15 		0
60 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu3OXG-M5hk7d4zZ8u4Gfq_zdH22_96nlxk-38hhyylFD0hTOLkrO3yyYhJE0vlZZFWPNR7k6fhtaOg6-qLA5oNKmS7HIrIIdw7wcFPrE-JGduYOjftGcMddtvz&sig=Cg0ArKJSzP8qAJKFTdCyEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210610.61602&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
dvtp_src.js
cdn.doubleverify.com/ Frame DD15 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvtp_src.js?ctx=19395023&cmp=20804340&sid=3088811&plc=302946724&num=&adid=&advid=8295605&adsrv=1&btreg=414502669&btadsrv=doubleclick&crt=145162250&crtname=&chnl=&unit=&pid=&uid=&tagtype=&dvtagver=6.1.src
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:297::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7fd6685c64b8fc149daad29346247b5c8119e2ed193b0055389a91587a3ecc9c

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 16 Jun 2021 07:09:54 GMT
Content-Encoding
gzip
Last-Modified
Tue, 15 Jun 2021 15:24:16 GMT
Server
Microsoft-IIS/10.0
ETag
"050b880fa61d71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3122
img;adv=11197228156288;ec=11197228156756;adv.a=8295605;c.a=20804340;s.a=3088811;p.a=302946724;a.a=414502669;cache=1343115236;
ad.atdmt.com/i/ Frame DD15 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.atdmt.com/i/img;adv=11197228156288;ec=11197228156756;adv.a=8295605;c.a=20804340;s.a=3088811;p.a=302946724;a.a=414502669;cache=1343115236;
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8004:face:b00c:0:8c Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
x-xss-protection
0
pragma
no-cache
x-fb-debug
PiO9t/d49YYtKlnGG3OYz3HydNNiKN3YXFqCME1LeNtwP3z8b9H+SjtWyNiCKgNaKxeDBjxmMCX8M6dDRDyzFA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
date
Wed, 16 Jun 2021 07:09:54 GMT
vary
Accept-Encoding
report-to
{"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-fb-rlafr
0
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame DD15 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77292
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
5643351976437499534
s0.2mdn.net/simgad/ Frame B467 		117 KB
117 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/5643351976437499534
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2eb708721a5d60b71acdd0e5be67a6385e14b86a961ed00c77a8ce936c90301f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 13 Jun 2021 00:13:44 GMT
x-content-type-options
nosniff
age
284170
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
119887
x-xss-protection
0
last-modified
Sun, 23 Aug 2020 15:02:48 GMT
server
sffe
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 13 Jun 2022 00:13:44 GMT
sodar_loader.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/ Frame B467 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5317781d9e780e3f322cba012aca14f5b55b533c0a125f06271d09b33a9974d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 10:52:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
73045
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4286
x-xss-protection
0
server
cafe
etag
12837953992469573683
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 29 Jun 2021 10:52:29 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame B467 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
106
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B467 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:54 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame B467 		0
60 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssQzDmMMRcsO2fdgZcXY093xw_Fa_YS-9-rsHmH0uEzTbryZnSfEX_zMZLxL_irVmsJKBcDp_PLKDOQDUxfAox1V-Rt8_Lr87JUWNDNHx3BLhm5fQpMHiHfQb9T&sig=Cg0ArKJSzB2ywokjhKjKEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=1&cisv=r20210610.19627&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
activityi;dc_pre=CMn4rrjMm_ECFebhuwgdU_gATA;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord...
8121631.fls.doubleclick.net/ Frame B467
Redirect Chain
  • https://8121631.fls.doubleclick.net/activityi;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;o...
  • https://8121631.fls.doubleclick.net/activityi;dc_pre=CMn4rrjMm_ECFebhuwgdU_gATA;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_chil...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://8121631.fls.doubleclick.net/activityi;dc_pre=CMn4rrjMm_ECFebhuwgdU_gATA;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3352926033?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date
Wed, 16 Jun 2021 07:09:54 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
location
https://8121631.fls.doubleclick.net/activityi;dc_pre=CMn4rrjMm_ECFebhuwgdU_gATA;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3352926033?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
src=8121631;dc_pre=CLHrsrjMm_ECFRrxsgod58IGVQ;type=;cat=;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3352926033
adservice.google.com/ddm/fls/z/ Frame B467
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=;cat=;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3352926033
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CLHrsrjMm_ECFRrxsgod58IGVQ;type=;cat=;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=...
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CLHrsrjMm_ECFRrxsgod58IGVQ;type=;cat=;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;...
42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CLHrsrjMm_ECFRrxsgod58IGVQ;type=;cat=;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3352926033
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CLHrsrjMm_ECFRrxsgod58IGVQ;type=;cat=;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3352926033
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
src=8121631;dc_pre=CIvosrjMm_ECFc-dsgodKh4NBA;type=banki02b;cat=banki0;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=3...
adservice.google.com/ddm/fls/z/ Frame B467
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=banki02b;cat=banki0;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=...
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CIvosrjMm_ECFc-dsgodKh4NBA;type=banki02b;cat=banki0;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatme...
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CIvosrjMm_ECFc-dsgodKh4NBA;type=banki02b;cat=banki0;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
42 B
515 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CIvosrjMm_ECFc-dsgodKh4NBA;type=banki02b;cat=banki0;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=3352926033
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CIvosrjMm_ECFc-dsgodKh4NBA;type=banki02b;cat=banki0;u10=241093901;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=3352926033
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame B467 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77292
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
dvtp_src.js
cdn.doubleverify.com/ Frame 4019 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvtp_src.js?ctx=19395023&cmp=20804340&sid=3088811&plc=302761842&num=&adid=&advid=8295605&adsrv=1&btreg=492081119&btadsrv=doubleclick&crt=148156334&crtname=&chnl=&unit=&pid=&uid=&tagtype=&dvtagver=6.1.src
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:297::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7fd6685c64b8fc149daad29346247b5c8119e2ed193b0055389a91587a3ecc9c

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 16 Jun 2021 07:09:54 GMT
Content-Encoding
gzip
Last-Modified
Tue, 15 Jun 2021 15:24:16 GMT
Server
Microsoft-IIS/10.0
ETag
"050b880fa61d71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3122
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 4019 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:54 GMT
300x250_html5.html
s0.2mdn.net/8295605/1616664824199/ Frame 089C 		77 KB
77 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
965c0aadffa6db29f567ccc7e588eeb5fe2e40488ffd0545a7a102a89a6b99e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
s0.2mdn.net
:scheme
https
:path
/8295605/1616664824199/300x250_html5.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
78633
date
Wed, 16 Jun 2021 04:20:30 GMT
expires
Thu, 17 Jun 2021 04:20:30 GMT
last-modified
Thu, 25 Mar 2021 09:33:44 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
age
10164
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 4019 		0
60 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvJ2GK2X751WRMpBzjucitPamhAhz2__jBMTMgj3iaugjLons0azSQV1C-YPV_lHh2Y-AKnNUbOlhP-P_2lpbohkJsgjbM_wuDwLPEofhugXduaembkjck4puYf&sig=Cg0ArKJSzFmteNSkDc__EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=47&cbvp=1&cstd=44&cisv=r20210610.82135&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761842;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
img;adv=11197228156288;ec=11197228156756;adv.a=8295605;c.a=20804340;s.a=3088811;p.a=302761842;a.a=492081119;cache=3039643693;
ad.atdmt.com/i/ Frame 4019 		43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.atdmt.com/i/img;adv=11197228156288;ec=11197228156756;adv.a=8295605;c.a=20804340;s.a=3088811;p.a=302761842;a.a=492081119;cache=3039643693;
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761842;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8004:face:b00c:0:8c Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
x-xss-protection
0
pragma
no-cache
x-fb-debug
o1nHFKIXd6xGu3Qo5HCNvUn0TQgLBQN2aV9M9VcdM/qMI9xNiZSBlJbzT425ifp6fDXD6PT1YNytkFZvUXS6xw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
date
Wed, 16 Jun 2021 07:09:54 GMT
vary
Accept-Encoding
report-to
{"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-fb-rlafr
0
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
dvtp_src.js
cdn.doubleverify.com/ Frame E7AC 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvtp_src.js?ctx=19395023&cmp=20804340&sid=3088811&plc=302761455&num=&adid=&advid=8295605&adsrv=1&btreg=487289930&btadsrv=doubleclick&crt=145069175&crtname=&chnl=&unit=&pid=&uid=&tagtype=&dvtagver=6.1.src
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:297::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7fd6685c64b8fc149daad29346247b5c8119e2ed193b0055389a91587a3ecc9c

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 16 Jun 2021 07:09:54 GMT
Content-Encoding
gzip
Last-Modified
Tue, 15 Jun 2021 15:24:16 GMT
Server
Microsoft-IIS/10.0
ETag
"050b880fa61d71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3122
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E7AC 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:54 GMT
index.html
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		133 KB
133 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/8295605/1611580770840/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e3ab2105d35e3fbd7dee31a3d0fe56a6534683cc888ff8aa7d633150a34c34e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
s0.2mdn.net
:scheme
https
:path
/8295605/1611580770840/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
136355
date
Wed, 16 Jun 2021 07:09:54 GMT
expires
Thu, 17 Jun 2021 07:09:54 GMT
last-modified
Mon, 25 Jan 2021 13:19:30 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=86400
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame E7AC 		0
545 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstoT5hZpvJ6u-nBzp6tnskkAprySpR8U4JPmfdL3nKe2JK0sedJii1exnZufHK7F9xueRDHwEncu8MUxygwDGQ82vnXGn9lHZ3_L_K1WbBBQGXBCvrtZcDIdodM&sig=Cg0ArKJSzGxC3QC6ZkKYEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=104&cbvp=1&cstd=65&cisv=r20210610.91713&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761455;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
img;adv=11197228156288;ec=11197228156756;adv.a=8295605;c.a=20804340;s.a=3088811;p.a=302761455;a.a=487289930;cache=2430313457;
ad.atdmt.com/i/ Frame E7AC 		43 B
161 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.atdmt.com/i/img;adv=11197228156288;ec=11197228156756;adv.a=8295605;c.a=20804340;s.a=3088811;p.a=302761455;a.a=487289930;cache=2430313457;
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761455;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8004:face:b00c:0:8c Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
x-xss-protection
0
pragma
no-cache
x-fb-debug
kHG2Cyg3WeA6UbIQ0OAUd0MAiM03G0Gix8kOm8IiH6Ij8L7ZmM8maGAPwZLc17qhoZRg0nNLHCZKmwxL4z9U0A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
date
Wed, 16 Jun 2021 07:09:54 GMT
vary
Accept-Encoding
report-to
{"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-fb-rlafr
0
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame DD15 		5 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3c4792bbb953b72f673cf87a337e3bc3b37c3a860df24afa5f0167041e8e2159
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4266
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame DD15 		0
60 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu3OXG-M5hk7d4zZ8u4Gfq_zdH22_96nlxk-38hhyylFD0hTOLkrO3yyYhJE0vlZZFWPNR7k6fhtaOg6-qLA5oNKmS7HIrIIdw7wcFPrE-JGduYOjftGcMddtvz&sig=Cg0ArKJSzP8qAJKFTdCyEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=133&vt=11&dtpt=132&dett=2&cstd=0&cisv=r20210610.61602&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302946724;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
10808387234492918185
s0.2mdn.net/simgad/ Frame 4003 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/10808387234492918185
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18b9f3950a53904a49494427f77731b5f9889dceae1da765cc1134734abaac7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 14 Jun 2021 14:50:30 GMT
x-content-type-options
nosniff
age
145164
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29216
x-xss-protection
0
last-modified
Tue, 25 Aug 2020 16:52:21 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Jun 2022 14:50:30 GMT
sodar_loader.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/ Frame 4003 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5317781d9e780e3f322cba012aca14f5b55b533c0a125f06271d09b33a9974d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 10:52:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
73045
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4286
x-xss-protection
0
server
cafe
etag
12837953992469573683
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 29 Jun 2021 10:52:29 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame 4003 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
106
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 4003 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:54 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 4003 		0
60 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstnda2hPmroAjy55oioV6kbSF3ajg5MnopvspaVepsxx6qBjnxlGsBs4NdBl9HWBW5HH-4XR_jvKeyCGiOzokvwMZf6dKM5erg3Su3F7nZ70o197RNk3B1k-u0H&sig=Cg0ArKJSzHZ2IagysQsVEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20210610.69001&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
activityi;dc_pre=CO7dtbjMm_ECFdnyuwgd1VENVg;src=9304630;type=homep0;cat=dbs_c0;u22=254264903;u23=22951334;u24=5508578;u25=130770651;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord...
9304630.fls.doubleclick.net/ Frame 4003
Redirect Chain
  • https://9304630.fls.doubleclick.net/activityi;src=9304630;type=homep0;cat=dbs_c0;u22=254264903;u23=22951334;u24=5508578;u25=130770651;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;o...
  • https://9304630.fls.doubleclick.net/activityi;dc_pre=CO7dtbjMm_ECFdnyuwgd1VENVg;src=9304630;type=homep0;cat=dbs_c0;u22=254264903;u23=22951334;u24=5508578;u25=130770651;dc_lat=;dc_rdid=;tag_for_chil...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://9304630.fls.doubleclick.net/activityi;dc_pre=CO7dtbjMm_ECFdnyuwgd1VENVg;src=9304630;type=homep0;cat=dbs_c0;u22=254264903;u23=22951334;u24=5508578;u25=130770651;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2576064953
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date
Wed, 16 Jun 2021 07:09:54 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
location
https://9304630.fls.doubleclick.net/activityi;dc_pre=CO7dtbjMm_ECFdnyuwgd1VENVg;src=9304630;type=homep0;cat=dbs_c0;u22=254264903;u23=22951334;u24=5508578;u25=130770651;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2576064953
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
img;adv=11282244277385;ec=11282246831229;adv.a=9304630;c.a=22951334;s.a=5508578;p.a=254264903;a.a=450641389;cache=2576064953;
ad.atdmt.com/i/ Frame 4003 		43 B
161 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.atdmt.com/i/img;adv=11282244277385;ec=11282246831229;adv.a=9304630;c.a=22951334;s.a=5508578;p.a=254264903;a.a=450641389;cache=2576064953;
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8004:face:b00c:0:8c Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
x-xss-protection
0
pragma
no-cache
x-fb-debug
hB6UJsPMVv58UPMfGpJD01P1UjFVEKHxMv5lFn1UI6C3kjIExhBephzE3fCVSKc6AtyWcz4X1eiK1RWu7UlBRw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
date
Wed, 16 Jun 2021 07:09:55 GMT
vary
Accept-Encoding
report-to
{"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-fb-rlafr
0
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 4003 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77292
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame B467 		6 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
16754cdce3276a2b0a3025a67f5edfd169cfca2e5f4d4a2b3a968677f98b4b8b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4368
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame B069 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77290
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
dv-measurements1425.js
cdn.doubleverify.com/ Frame 3938 		483 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dv-measurements1425.js
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:297::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
094faff6efb2d3db27fe3db9d6b6f5c9bb6788b8c159fb26c62a20e1c8651092

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 16 Jun 2021 07:09:54 GMT
Content-Encoding
gzip
Last-Modified
Thu, 10 Jun 2021 06:18:49 GMT
Server
Microsoft-IIS/10.0
ETag
"80aad779c05dd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=946080900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88494
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 5E9E 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77290
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame B467 		0
60 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssQzDmMMRcsO2fdgZcXY093xw_Fa_YS-9-rsHmH0uEzTbryZnSfEX_zMZLxL_irVmsJKBcDp_PLKDOQDUxfAox1V-Rt8_Lr87JUWNDNHx3BLhm5fQpMHiHfQb9T&sig=Cg0ArKJSzB2ywokjhKjKEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=141&vt=11&dtpt=140&dett=2&cstd=1&cisv=r20210610.19627&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241093901;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:54 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 909E 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77290
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 97D3 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77290
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
dv-measurements1425.js
cdn.doubleverify.com/ Frame 8D18 		483 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dv-measurements1425.js
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:297::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
094faff6efb2d3db27fe3db9d6b6f5c9bb6788b8c159fb26c62a20e1c8651092

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 16 Jun 2021 07:09:55 GMT
Content-Encoding
gzip
Last-Modified
Thu, 10 Jun 2021 06:18:49 GMT
Server
Microsoft-IIS/10.0
ETag
"80aad779c05dd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=946080900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88494
dv-measurements1425.js
cdn.doubleverify.com/ Frame 7EE8 		483 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dv-measurements1425.js
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:297::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
094faff6efb2d3db27fe3db9d6b6f5c9bb6788b8c159fb26c62a20e1c8651092

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 16 Jun 2021 07:09:55 GMT
Content-Encoding
gzip
Last-Modified
Thu, 10 Jun 2021 06:18:49 GMT
Server
Microsoft-IIS/10.0
ETag
"80aad779c05dd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=946080900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88494
8121830598786779631
s0.2mdn.net/simgad/ Frame A716 		162 KB
162 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/8121830598786779631
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
30db4186a767cec3266e71d07af487bbc41b821b0bc7a3dfe7b8ab754ca4d3b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 04:09:54 GMT
x-content-type-options
nosniff
age
97201
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
165519
x-xss-protection
0
last-modified
Sun, 23 Aug 2020 14:59:34 GMT
server
sffe
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 04:09:54 GMT
sodar_loader.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/ Frame A716 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5317781d9e780e3f322cba012aca14f5b55b533c0a125f06271d09b33a9974d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 10:52:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
73046
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4286
x-xss-protection
0
server
cafe
etag
12837953992469573683
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 29 Jun 2021 10:52:29 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame A716 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame A716 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame A716 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstCJFPVXjRg4KoXAcajIdGK8J_eC3DQt-hZlHIn2uygpkVzI9ga8Q5w_JjEfStCwvtg5XTOqPZP5DK-Qgn376dOmKNGLsiakZhQuoTMvfsACJzYKYggZDun_MpH&sig=Cg0ArKJSzJl98Qxiknm3EAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210610.48118&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
activityi;dc_pre=COGavLjMm_ECFaTEuwgdtxoPuQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord...
8121631.fls.doubleclick.net/ Frame A716
Redirect Chain
  • https://8121631.fls.doubleclick.net/activityi;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;o...
  • https://8121631.fls.doubleclick.net/activityi;dc_pre=COGavLjMm_ECFaTEuwgdtxoPuQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_chil...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://8121631.fls.doubleclick.net/activityi;dc_pre=COGavLjMm_ECFaTEuwgdtxoPuQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1685922575?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
location
https://8121631.fls.doubleclick.net/activityi;dc_pre=COGavLjMm_ECFaTEuwgdtxoPuQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1685922575?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
src=8121631;dc_pre=CLX-vLjMm_ECFcLSsgodHbUPKw;type=banki02b;cat=banki0;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1...
adservice.google.com/ddm/fls/z/ Frame A716
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=banki02b;cat=banki0;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=...
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CLX-vLjMm_ECFcLSsgodHbUPKw;type=banki02b;cat=banki0;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatme...
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CLX-vLjMm_ECFcLSsgodHbUPKw;type=banki02b;cat=banki0;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CLX-vLjMm_ECFcLSsgodHbUPKw;type=banki02b;cat=banki0;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1685922575
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CLX-vLjMm_ECFcLSsgodHbUPKw;type=banki02b;cat=banki0;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1685922575
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
src=8121631;dc_pre=CNr_vLjMm_ECFULFsgodR7wNfw;type=;cat=;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1685922575
adservice.google.com/ddm/fls/z/ Frame A716
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=;cat=;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1685922575
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CNr_vLjMm_ECFULFsgodR7wNfw;type=;cat=;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=...
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CNr_vLjMm_ECFULFsgodR7wNfw;type=;cat=;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;...
42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CNr_vLjMm_ECFULFsgodR7wNfw;type=;cat=;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1685922575
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CNr_vLjMm_ECFULFsgodR7wNfw;type=;cat=;u10=241087640;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1685922575
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame A716 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77293
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
8697756729973569842
s0.2mdn.net/simgad/ Frame D4D5 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/8697756729973569842
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
408ec852f872ea7a44cf8e21ad7b3c4108c79c9b46cfba0b96991a2a4cbf3394
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 14 Jun 2021 13:57:22 GMT
x-content-type-options
nosniff
age
148353
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28807
x-xss-protection
0
last-modified
Tue, 25 Aug 2020 16:55:04 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Jun 2022 13:57:22 GMT
sodar_loader.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/ Frame D4D5 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5317781d9e780e3f322cba012aca14f5b55b533c0a125f06271d09b33a9974d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 10:52:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
73046
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4286
x-xss-protection
0
server
cafe
etag
12837953992469573683
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 29 Jun 2021 10:52:29 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame D4D5 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D4D5 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame D4D5 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvB7zG_Nxc54q8WfEhvYA0mOZQPeYaokbLAbXBQjL6W4rlpR-RdEpt7YzwR2GX9GRupAmBgmZQnnfTb00JUn7SuwUYyC7by1qHKamkmiXfBf62VG9CFnDoZIglI&sig=Cg0ArKJSzEDp3GGorShEEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210610.05239&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
img;adv=11282244277385;ec=11282246831229;adv.a=9304630;c.a=22914006;s.a=5508578;p.a=254708604;a.a=450582959;cache=2932534977;
ad.atdmt.com/i/ Frame D4D5 		43 B
183 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.atdmt.com/i/img;adv=11282244277385;ec=11282246831229;adv.a=9304630;c.a=22914006;s.a=5508578;p.a=254708604;a.a=450582959;cache=2932534977;
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8004:face:b00c:0:8c Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
x-xss-protection
0
pragma
no-cache
x-fb-debug
Qb6qUOocHc3MRv49QF8OoQ4uRhewrvSpm5AMBXmtKYLIo6XrSDS33hML0G6jBuBBaeE/uyhy4/94/aIa3aX/eQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
date
Wed, 16 Jun 2021 07:09:55 GMT
vary
Accept-Encoding
report-to
{"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-fb-rlafr
0
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
activityi;dc_pre=CPbfvLjMm_ECFZvuuwgdewwN2Q;src=9304630;type=homep0;cat=dbs_c0;u22=254708604;u23=22914006;u24=5508578;u25=135457059;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord...
9304630.fls.doubleclick.net/ Frame D4D5
Redirect Chain
  • https://9304630.fls.doubleclick.net/activityi;src=9304630;type=homep0;cat=dbs_c0;u22=254708604;u23=22914006;u24=5508578;u25=135457059;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;o...
  • https://9304630.fls.doubleclick.net/activityi;dc_pre=CPbfvLjMm_ECFZvuuwgdewwN2Q;src=9304630;type=homep0;cat=dbs_c0;u22=254708604;u23=22914006;u24=5508578;u25=135457059;dc_lat=;dc_rdid=;tag_for_chil...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://9304630.fls.doubleclick.net/activityi;dc_pre=CPbfvLjMm_ECFZvuuwgdewwN2Q;src=9304630;type=homep0;cat=dbs_c0;u22=254708604;u23=22914006;u24=5508578;u25=135457059;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2932534977
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
location
https://9304630.fls.doubleclick.net/activityi;dc_pre=CPbfvLjMm_ECFZvuuwgdewwN2Q;src=9304630;type=homep0;cat=dbs_c0;u22=254708604;u23=22914006;u24=5508578;u25=135457059;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2932534977
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame D4D5 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77293
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
12782436300802886400
s0.2mdn.net/simgad/ Frame 2817 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/12782436300802886400
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3acdf0c89694b3616239cd56856c2d94966cb1fdd0e0ceadb01c1d5118d170c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 14 Jun 2021 14:50:30 GMT
x-content-type-options
nosniff
age
145165
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116103
x-xss-protection
0
last-modified
Wed, 31 Mar 2021 08:50:55 GMT
server
sffe
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Jun 2022 14:50:30 GMT
sodar_loader.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/ Frame 2817 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5317781d9e780e3f322cba012aca14f5b55b533c0a125f06271d09b33a9974d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 10:52:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
73046
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4286
x-xss-protection
0
server
cafe
etag
12837953992469573683
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 29 Jun 2021 10:52:29 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame 2817 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 2817 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 2817 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvGrBiklAQ37F9HfZYO34Wlz-gzVF64i5D-x3xMWT6xTDs6FZ51MCwe0Hb4pjGjUW-PcWVzyI2e-tdRWq8d9xRKWynP3KbfGT6vGHUOtfmzm93-rudh516cUEII&sig=Cg0ArKJSzBUwlvXsTWFhEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210610.58928&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
src=8121631;dc_pre=CJKVvrjMm_ECFZWNsgod6eUIoQ;type=;cat=;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=432449823
adservice.google.com/ddm/fls/z/ Frame 2817
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=;cat=;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=432449823
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CJKVvrjMm_ECFZWNsgod6eUIoQ;type=;cat=;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=...
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CJKVvrjMm_ECFZWNsgod6eUIoQ;type=;cat=;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;...
42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CJKVvrjMm_ECFZWNsgod6eUIoQ;type=;cat=;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=432449823
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CJKVvrjMm_ECFZWNsgod6eUIoQ;type=;cat=;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=432449823
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
src=8121631;dc_pre=CKKbvrjMm_ECFUTJsgodyD4FHw;type=banki02b;cat=banki0;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=4...
adservice.google.com/ddm/fls/z/ Frame 2817
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=banki02b;cat=banki0;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=...
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CKKbvrjMm_ECFUTJsgodyD4FHw;type=banki02b;cat=banki0;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatme...
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CKKbvrjMm_ECFUTJsgodyD4FHw;type=banki02b;cat=banki0;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CKKbvrjMm_ECFUTJsgodyD4FHw;type=banki02b;cat=banki0;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=432449823
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CKKbvrjMm_ECFUTJsgodyD4FHw;type=banki02b;cat=banki0;u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=432449823
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activityi;dc_pre=CIq3vbjMm_ECFTlc5QodNPMKiQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord...
8121631.fls.doubleclick.net/ Frame 2817
Redirect Chain
  • https://8121631.fls.doubleclick.net/activityi;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;o...
  • https://8121631.fls.doubleclick.net/activityi;dc_pre=CIq3vbjMm_ECFTlc5QodNPMKiQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_chil...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://8121631.fls.doubleclick.net/activityi;dc_pre=CIq3vbjMm_ECFTlc5QodNPMKiQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=432449823?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
location
https://8121631.fls.doubleclick.net/activityi;dc_pre=CIq3vbjMm_ECFTlc5QodNPMKiQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241409811;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=432449823?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 2817 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77293
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
12563870134164372074
s0.2mdn.net/simgad/ Frame 11B4 		80 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/12563870134164372074
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8b5b37c0ccb90b5d6807296f85d9f24d5e88c5c45a5d7706e55075ad6a93acbe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 14 Jun 2021 13:57:22 GMT
x-content-type-options
nosniff
age
148353
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
81959
x-xss-protection
0
last-modified
Sun, 23 Aug 2020 15:01:48 GMT
server
sffe
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Jun 2022 13:57:22 GMT
sodar_loader.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/ Frame 11B4 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5317781d9e780e3f322cba012aca14f5b55b533c0a125f06271d09b33a9974d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 10:52:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
73046
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4286
x-xss-protection
0
server
cafe
etag
12837953992469573683
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 29 Jun 2021 10:52:29 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame 11B4 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 11B4 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 11B4 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuzdOuNlzWY2DGgaU8aZYh1SQ7GZtvga4tszOctdpV-W8kDPcuKUAd4IKnWJWjspN_2Har32we9XSAtVP3X0va-QHL3OPjg4XA54kx1SZvUHO4duzCMYNyjf6hW&sig=Cg0ArKJSzBod4EaoS-3CEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=1&cisv=r20210610.84345&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
activityi;dc_pre=CPz8vbjMm_ECFXDIuwgdaJkNhQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord...
8121631.fls.doubleclick.net/ Frame 11B4
Redirect Chain
  • https://8121631.fls.doubleclick.net/activityi;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;o...
  • https://8121631.fls.doubleclick.net/activityi;dc_pre=CPz8vbjMm_ECFXDIuwgdaJkNhQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_chil...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://8121631.fls.doubleclick.net/activityi;dc_pre=CPz8vbjMm_ECFXDIuwgdaJkNhQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3567141238?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
location
https://8121631.fls.doubleclick.net/activityi;dc_pre=CPz8vbjMm_ECFXDIuwgdaJkNhQ;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3567141238?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
src=8121631;dc_pre=CPHhvrjMm_ECFbhIkQUd9jAGQA;type=banki02b;cat=banki0;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=3...
adservice.google.com/ddm/fls/z/ Frame 11B4
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=banki02b;cat=banki0;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=...
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CPHhvrjMm_ECFbhIkQUd9jAGQA;type=banki02b;cat=banki0;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatme...
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CPHhvrjMm_ECFbhIkQUd9jAGQA;type=banki02b;cat=banki0;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CPHhvrjMm_ECFbhIkQUd9jAGQA;type=banki02b;cat=banki0;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=3567141238
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CPHhvrjMm_ECFbhIkQUd9jAGQA;type=banki02b;cat=banki0;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=3567141238
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
src=8121631;dc_pre=CPTjvrjMm_ECFdT6sgodMVQA7A;type=;cat=;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3567141238
adservice.google.com/ddm/fls/z/ Frame 11B4
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=;cat=;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3567141238
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CPTjvrjMm_ECFdT6sgodMVQA7A;type=;cat=;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=...
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CPTjvrjMm_ECFdT6sgodMVQA7A;type=;cat=;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;...
42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CPTjvrjMm_ECFdT6sgodMVQA7A;type=;cat=;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3567141238
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CPTjvrjMm_ECFdT6sgodMVQA7A;type=;cat=;u10=241087163;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3567141238
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 11B4 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77293
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
createjs-2015.11.26.min.js
code.createjs.com/ Frame 089C 		186 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.createjs.com/createjs-2015.11.26.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Request headers

Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
server
Apache
cache-control
max-age=900
vary
Accept-Encoding
content-type
text/javascript
x-n
S
accept-ranges
bytes
expires
Wed, 16 Jun 2021 07:24:55 GMT
7910807015843130406
s0.2mdn.net/simgad/ Frame C012 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/7910807015843130406
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8f6dc1ae308004d4466e6d14ac1f85076834bb87dc317ab4a6fad95ca375bb4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 06:30:51 GMT
x-content-type-options
nosniff
age
347944
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27838
x-xss-protection
0
last-modified
Wed, 17 Mar 2021 02:56:40 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 06:30:51 GMT
sodar_loader.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/ Frame C012 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5317781d9e780e3f322cba012aca14f5b55b533c0a125f06271d09b33a9974d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 10:52:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
73046
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4286
x-xss-protection
0
server
cafe
etag
12837953992469573683
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 29 Jun 2021 10:52:29 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame C012 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame C012 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame C012 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsubyrH3MYn7a99_3_vFuPHtH0472xu6vC2YhnemgIW_thyH3855xCTzDFGBA4eAP70ENS4yip5GzneLo9dDi6XBmlg2-hR1pBT9YguKiOR17Gb-5G7dMtGjNqD2&sig=Cg0ArKJSzEhmicgBptGnEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210610.86379&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
img;adv=11282244277385;ec=11282246831229;adv.a=9304630;c.a=22953560;s.a=5508578;p.a=250997556;a.a=447134059;cache=51269104;
ad.atdmt.com/i/ Frame C012 		43 B
162 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.atdmt.com/i/img;adv=11282244277385;ec=11282246831229;adv.a=9304630;c.a=22953560;s.a=5508578;p.a=250997556;a.a=447134059;cache=51269104;
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8004:face:b00c:0:8c Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
x-xss-protection
0
pragma
no-cache
x-fb-debug
6bfCSi8ZoupFtxVOScp7Jqf3GF02PrYiSJAuM4kKgO76KKeDqx85n3RNHf70l5+RDOVGXhcClLdlrC+GBtyKEw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
date
Wed, 16 Jun 2021 07:09:55 GMT
vary
Accept-Encoding
report-to
{"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-fb-rlafr
0
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
activityi;dc_pre=CLnLvrjMm_ECFc7Guwgdoa8DMg;src=9304630;type=homep0;cat=dbs_c0;u22=250997556;u23=22953560;u24=5508578;u25=147730717;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord...
9304630.fls.doubleclick.net/ Frame C012
Redirect Chain
  • https://9304630.fls.doubleclick.net/activityi;src=9304630;type=homep0;cat=dbs_c0;u22=250997556;u23=22953560;u24=5508578;u25=147730717;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;o...
  • https://9304630.fls.doubleclick.net/activityi;dc_pre=CLnLvrjMm_ECFc7Guwgdoa8DMg;src=9304630;type=homep0;cat=dbs_c0;u22=250997556;u23=22953560;u24=5508578;u25=147730717;dc_lat=;dc_rdid=;tag_for_chil...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://9304630.fls.doubleclick.net/activityi;dc_pre=CLnLvrjMm_ECFc7Guwgdoa8DMg;src=9304630;type=homep0;cat=dbs_c0;u22=250997556;u23=22953560;u24=5508578;u25=147730717;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=51269104
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
location
https://9304630.fls.doubleclick.net/activityi;dc_pre=CLnLvrjMm_ECFc7Guwgdoa8DMg;src=9304630;type=homep0;cat=dbs_c0;u22=250997556;u23=22953560;u24=5508578;u25=147730717;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=51269104
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame C012 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77293
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame 88E3 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22789712.251200615;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
express_html_inpage_rendering_lib_200_271.js
s0.2mdn.net/879366/ Frame 88E3 		111 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22789712.251200615;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://ad.doubleclick.net
Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 08:33:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81407
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39287
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 18:02:50 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jun 2021 08:33:08 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 88E3 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22789712.251200615;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77293
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
15129081784258707332
s0.2mdn.net/simgad/ Frame 7A66 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/15129081784258707332
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9d74abe083bded572e1d9e4a4805f9098b70529bb12348627442b8fff17b3259
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 14 Jun 2021 14:50:31 GMT
x-content-type-options
nosniff
age
145164
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
74166
x-xss-protection
0
last-modified
Wed, 03 Mar 2021 20:53:06 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Jun 2022 14:50:31 GMT
sodar_loader.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/ Frame 7A66 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5317781d9e780e3f322cba012aca14f5b55b533c0a125f06271d09b33a9974d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 10:52:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
73046
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4286
x-xss-protection
0
server
cafe
etag
12837953992469573683
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 29 Jun 2021 10:52:29 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame 7A66 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 7A66 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 7A66 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsujX0xZ0JjiMFPy_96CB4uEPtsgTkX-aCYD1bMg0s4GxuS4fM0cCHrE5kcAa1vp0quGZulMQBbvdpIv-IpGm8hlW9bmGpYp6L9NTxJhG4yiy_541ockGtMrEw4l&sig=Cg0ArKJSzHa9FljQjXBuEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210610.15751&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
activityi;dc_pre=CLGdv7jMm_ECFUPuuwgd7RgGWw;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord...
8121631.fls.doubleclick.net/ Frame 7A66
Redirect Chain
  • https://8121631.fls.doubleclick.net/activityi;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;o...
  • https://8121631.fls.doubleclick.net/activityi;dc_pre=CLGdv7jMm_ECFUPuuwgd7RgGWw;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_chil...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://8121631.fls.doubleclick.net/activityi;dc_pre=CLGdv7jMm_ECFUPuuwgd7RgGWw;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1493121368?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
location
https://8121631.fls.doubleclick.net/activityi;dc_pre=CLGdv7jMm_ECFUPuuwgd7RgGWw;src=8121631;type=banki000;cat=banki00;u1=[AppID];u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1493121368?%22width=%221%22height=%221%22frameborder=%220%22style=%22display:none
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
src=8121631;dc_pre=COqBwLjMm_ECFZmMsgod5ZUNpA;type=;cat=;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1493121368
adservice.google.com/ddm/fls/z/ Frame 7A66
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=;cat=;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1493121368
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=COqBwLjMm_ECFZmMsgod5ZUNpA;type=;cat=;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=...
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=COqBwLjMm_ECFZmMsgod5ZUNpA;type=;cat=;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;...
42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=COqBwLjMm_ECFZmMsgod5ZUNpA;type=;cat=;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1493121368
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=COqBwLjMm_ECFZmMsgod5ZUNpA;type=;cat=;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1493121368
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
src=8121631;dc_pre=CPKEwLjMm_ECFZ2rsgodTOECMQ;type=banki02b;cat=banki0;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1...
adservice.google.com/ddm/fls/z/ Frame 7A66
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=8121631;type=banki02b;cat=banki0;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=...
  • https://ad.doubleclick.net/ddm/activity/src=8121631;dc_pre=CPKEwLjMm_ECFZ2rsgodTOECMQ;type=banki02b;cat=banki0;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatme...
  • https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CPKEwLjMm_ECFZ2rsgodTOECMQ;type=banki02b;cat=banki0;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CPKEwLjMm_ECFZ2rsgodTOECMQ;type=banki02b;cat=banki0;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1493121368
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/src=8121631;dc_pre=CPKEwLjMm_ECFZ2rsgodTOECMQ;type=banki02b;cat=banki0;u10=241089599;u11=22139487;u12=4566887;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1493121368
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 7A66 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77293
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame 858E 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22643491.245678814;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
express_html_inpage_rendering_lib_200_271.js
s0.2mdn.net/879366/ Frame 858E 		111 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22643491.245678814;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://ad.doubleclick.net
Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 08:33:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81407
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39287
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 18:02:50 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jun 2021 08:33:08 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 858E 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22643491.245678814;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77293
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/cdn-cgi/apps/body/D7NFE007Hri_MGWdsyvz1sK-xHo.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 09 Apr 2021 23:59:54 GMT
server
Golfe2
age
678
date
Wed, 16 Jun 2021 06:58:37 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19569
expires
Wed, 16 Jun 2021 08:58:37 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 4003 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstnda2hPmroAjy55oioV6kbSF3ajg5MnopvspaVepsxx6qBjnxlGsBs4NdBl9HWBW5HH-4XR_jvKeyCGiOzokvwMZf6dKM5erg3Su3F7nZ70o197RNk3B1k-u0H&sig=Cg0ArKJSzHZ2IagysQsVEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=190&vt=11&dtpt=190&dett=2&cstd=0&cisv=r20210610.69001&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22951334.254264903;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
DcmEnabler_01_245.js
s0.2mdn.net/879366/ Frame 6F7E 		28 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/DcmEnabler_01_245.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/8295605/1611580770840/index.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 07:47:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
84161
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10285
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 19:32:53 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jun 2021 07:47:14 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 4003 		5 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
19095f94beeb91713449d53963e37fc10ea6e25ab40fabb6b6b0b3fc9dd89414
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4268
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame FC6F 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77291
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame D4D5 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvB7zG_Nxc54q8WfEhvYA0mOZQPeYaokbLAbXBQjL6W4rlpR-RdEpt7YzwR2GX9GRupAmBgmZQnnfTb00JUn7SuwUYyC7by1qHKamkmiXfBf62VG9CFnDoZIglI&sig=Cg0ArKJSzEDp3GGorShEEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=119&vt=11&dtpt=118&dett=2&cstd=0&cisv=r20210610.05239&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22914006.254708604;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
visit.js
tps.doubleverify.com/ Frame 3938 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&brid=97&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau7%3DJ7%40C%3E%3A%3D6D%5D9%3CTauU2%3F4r92%3A%3Fl9EEADTbpTauTau7%3DJ7%40C%3E%3A%3D6D%5D9%3CTar9EEADTbpTauTau25%5D5%40F3%3D64%3D%3A4%3C%5D%3F6E&srcurlD=0&aUrlD=0&ssl=https:&dfs=266&ddur=27&uid=1623827395173909&jsCallback=dvCallback_1623827395173111&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=250&winw=300&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1425&tgjsver=1425&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2Fad.doubleclick.net%2Fddm%2Fadi%2FN200801.2169905FLYFORMILES%2FB20804340.302946724%3Bsz%3D300x250%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bgdpr%3D%24%257BGDPR%257D%3Bgdpr_consent%3D%24%257BGDPR_CONSENT_755%257D%3F&fcifrms=14&brh=2&dvp_epl=163&noc=16&ctx=19395023&cmp=20804340&sid=3088811&plc=302946724&crt=145162250&btreg=414502669&btadsrv=doubleclick&adsrv=1&advid=8295605&errorURL=https://tps.doubleverify.com/visit.jpg&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=38611439873.78647&dvp_tukv=385554101.9112685&dvp_uuid=24294867106.459427&dvp_strhd=0.29999542236328125&dvpx_strhd=0.29999542236328125&dvp_tuid=422243058395&dvp_vcms=29&dvp_slmsd=236&dvp_vcmsd=265
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.254.244.24 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e7dc3214a170a23841be269cfab935080123129ef6e84c55a404065c1df4c869

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Jun 2021 07:09:55 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
max-age=0
Transfer-Encoding
chunked
Expires
6/15/2021 7:09:55 AM
view
googleads4.g.doubleclick.net/pcs/ Frame C012 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsubyrH3MYn7a99_3_vFuPHtH0472xu6vC2YhnemgIW_thyH3855xCTzDFGBA4eAP70ENS4yip5GzneLo9dDi6XBmlg2-hR1pBT9YguKiOR17Gb-5G7dMtGjNqD2&sig=Cg0ArKJSzEhmicgBptGnEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=137&vt=11&dtpt=136&dett=2&cstd=0&cisv=r20210610.86379&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1087891.2520714FLYFORMILES/B22953560.250997556;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sodar
pagead2.googlesyndication.com/getconfig/ Frame A716 		5 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e6f7ce29c0dbc721935a673601e1e729561dd15930dabe8c9174ebdb516a6ab1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4248
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame A716 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstCJFPVXjRg4KoXAcajIdGK8J_eC3DQt-hZlHIn2uygpkVzI9ga8Q5w_JjEfStCwvtg5XTOqPZP5DK-Qgn376dOmKNGLsiakZhQuoTMvfsACJzYKYggZDun_MpH&sig=Cg0ArKJSzJl98Qxiknm3EAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=181&vt=11&dtpt=180&dett=2&cstd=0&cisv=r20210610.48118&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087640;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame CBBC 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77291
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/getconfig/ Frame D4D5 		5 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a25e777b8f192a4f3ec6190fb1e11be1d1ebc166f9b7d9b1e7d87a32a6424206
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4297
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 2817 		5 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ae1d441f98cda45d740fc41e7dece1ebaa17c376fd6d52cbb0a8ecb1f1e55df3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4260
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 2817 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvGrBiklAQ37F9HfZYO34Wlz-gzVF64i5D-x3xMWT6xTDs6FZ51MCwe0Hb4pjGjUW-PcWVzyI2e-tdRWq8d9xRKWynP3KbfGT6vGHUOtfmzm93-rudh516cUEII&sig=Cg0ArKJSzBUwlvXsTWFhEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=189&vt=11&dtpt=188&dett=2&cstd=0&cisv=r20210610.58928&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241409811;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame F33F 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77291
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/getconfig/ Frame 11B4 		5 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2f1d072dc96a4b04b2d65716a566b412a3329877be4431761878c297604dcd47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4229
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 11B4 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuzdOuNlzWY2DGgaU8aZYh1SQ7GZtvga4tszOctdpV-W8kDPcuKUAd4IKnWJWjspN_2Har32we9XSAtVP3X0va-QHL3OPjg4XA54kx1SZvUHO4duzCMYNyjf6hW&sig=Cg0ArKJSzBod4EaoS-3CEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=186&vt=11&dtpt=185&dett=2&cstd=1&cisv=r20210610.84345&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241087163;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
visit.js
tps.doubleverify.com/ Frame 8D18 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&brid=97&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau7%3DJ7%40C%3E%3A%3D6D%5D9%3CTauU2%3F4r92%3A%3Fl9EEADTbpTauTau7%3DJ7%40C%3E%3A%3D6D%5D9%3CTar9EEADTbpTauTau25%5D5%40F3%3D64%3D%3A4%3C%5D%3F6E&srcurlD=0&aUrlD=0&ssl=https:&dfs=296&ddur=7&uid=1623827395256460&jsCallback=dvCallback_1623827395256158&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=250&winw=300&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1425&tgjsver=1425&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2Fad.doubleclick.net%2Fddm%2Fadi%2FN200801.2169905FLYFORMILES%2FB20804340.302761842%3Bsz%3D300x250%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bgdpr%3D%24%257BGDPR%257D%3Bgdpr_consent%3D%24%257BGDPR_CONSENT_755%257D%3F&fcifrms=14&brh=2&dvp_epl=163&noc=16&ctx=19395023&cmp=20804340&sid=3088811&plc=302761842&crt=148156334&btreg=492081119&btadsrv=doubleclick&adsrv=1&advid=8295605&errorURL=https://tps.doubleverify.com/visit.jpg&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=1475.3706484314873&dvp_tukv=621978888.6470643&dvp_uuid=1505069667854.0461&dvp_strhd=0.1999969482421875&dvpx_strhd=0.1999969482421875&dvp_tuid=1437205068166&dvp_vcms=9&dvp_slmsd=252&dvp_vcmsd=261
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.254.244.24 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
de6a5a840c80fe71f1df6d23d07797e4a4bc1e0c7b59973adca6fbb8dd261e8c

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Jun 2021 07:09:54 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
max-age=0
Transfer-Encoding
chunked
Expires
6/15/2021 7:09:55 AM
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame B61F 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77291
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar
pagead2.googlesyndication.com/getconfig/ Frame C012 		6 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bd29970551527903a13075a6f27bbb8b3740c1e186cfdc7e327646f54afdea34
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4306
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 5DA1 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77291
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
visit.js
tps.doubleverify.com/ Frame 7EE8 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&brid=97&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau7%3DJ7%40C%3E%3A%3D6D%5D9%3CTauU2%3F4r92%3A%3Fl9EEADTbpTauTau7%3DJ7%40C%3E%3A%3D6D%5D9%3CTar9EEADTbpTauTau25%5D5%40F3%3D64%3D%3A4%3C%5D%3F6E&srcurlD=0&aUrlD=0&ssl=https:&dfs=304&ddur=9&uid=1623827395293731&jsCallback=dvCallback_1623827395293824&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=250&winw=300&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1425&tgjsver=1425&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2Fad.doubleclick.net%2Fddm%2Fadi%2FN200801.2169905FLYFORMILES%2FB20804340.302761455%3Bsz%3D300x250%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bgdpr%3D%24%257BGDPR%257D%3Bgdpr_consent%3D%24%257BGDPR_CONSENT_755%257D%3F&fcifrms=14&brh=2&dvp_epl=163&noc=16&ctx=19395023&cmp=20804340&sid=3088811&plc=302761455&crt=145069175&btreg=487289930&btadsrv=doubleclick&adsrv=1&advid=8295605&errorURL=https://tps.doubleverify.com/visit.jpg&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=441653001475.41095&dvp_tukv=9952738.88643185&dvp_uuid=103562392635.32817&dvp_strhd=0.1999969482421875&dvpx_strhd=0.1999969482421875&dvp_tuid=46096559947&dvp_vcms=6&dvp_slmsd=282&dvp_vcmsd=288
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.254.244.24 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4e0df625de5d6ce0e0bc56b7273a9843766654bb26eb733528dc781de38a4dd4

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Jun 2021 07:09:54 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
max-age=0
Transfer-Encoding
chunked
Expires
6/15/2021 7:09:55 AM
sodar
pagead2.googlesyndication.com/getconfig/ Frame 7A66 		6 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
83e2bebeeb8bf33481e2f06969faf1554b1ced803fd0431df9a8c8a82895a418
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4309
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame AE23 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77291
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 7A66 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsujX0xZ0JjiMFPy_96CB4uEPtsgTkX-aCYD1bMg0s4GxuS4fM0cCHrE5kcAa1vp0quGZulMQBbvdpIv-IpGm8hlW9bmGpYp6L9NTxJhG4yiy_541ockGtMrEw4l&sig=Cg0ArKJSzHa9FljQjXBuEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=280&vt=11&dtpt=279&dett=2&cstd=0&cisv=r20210610.15751&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N719576.2520714FLYFORMILES/B22139487.241089599;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame F7D9 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77291
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 23AE 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77291
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 78D4 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77291
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 88E3 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
index.html
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/ Frame F767 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
afab730bef453c494308c5b0170566e919fc71389865225f0e3df7468f99b798
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
s0.2mdn.net
:scheme
https
:path
/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
2196
date
Sat, 12 Jun 2021 14:26:19 GMT
expires
Sun, 12 Jun 2022 14:26:19 GMT
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
319416
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 88E3 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvxUqrXCayeIA478sCX_ddmYaWpWLGbqRq-vNRh5sS7N6F0xXttDqASwM9Fd_qUbJwc362wC1nr0InTLRRgeshLAk9Y123IRUCrdceqs1riaYUnFuNDOoeuAC-Y&sig=Cg0ArKJSzEWRiPjApbouEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=340&cbvp=1&cstd=339&cisv=r20210610.80276&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22789712.251200615;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 858E 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
300x250.html
s0.2mdn.net/sadbundle/3894074470716932096/ Frame DC28 		82 KB
82 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/3894074470716932096/300x250.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e67372022039ed307df3fee836f55f9f087eb0d059b8de8840fb6bf67c809919
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
s0.2mdn.net
:scheme
https
:path
/sadbundle/3894074470716932096/300x250.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
83631
date
Mon, 14 Jun 2021 13:57:23 GMT
expires
Tue, 14 Jun 2022 13:57:23 GMT
last-modified
Thu, 09 Jul 2020 18:41:35 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
148352
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 858E 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvzIz5msWDbhpkuOYr3Ddv_3vIVNftQiT7VMFt6H753Dtq3zhgc5mTbhtFim_DCFbbQ-rlAhZAhzaeYq_cYzhAC9w468dIk41IF2xYbbZboEZx2NcPu9UhWRN1g&sig=Cg0ArKJSzNJZ1_CMGidvEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=352&cbvp=1&cstd=350&cisv=r20210610.07674&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22643491.245678814;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
_02_1.png
s0.2mdn.net/8295605/1616664824199/images/ Frame 089C 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1616664824199/images/_02_1.png?1566468728254
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761842;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ec56913a25cd325a8965f9ebb1a5c48d85a9d1c0b0fe90b4b18a4d243592ceaf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 17:41:58 GMT
x-content-type-options
nosniff
last-modified
Thu, 25 Mar 2021 09:33:44 GMT
server
sffe
age
48477
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11407
x-xss-protection
0
expires
Wed, 16 Jun 2021 17:41:58 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 4019 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvJ2GK2X751WRMpBzjucitPamhAhz2__jBMTMgj3iaugjLons0azSQV1C-YPV_lHh2Y-AKnNUbOlhP-P_2lpbohkJsgjbM_wuDwLPEofhugXduaembkjck4puYf&sig=Cg0ArKJSzFmteNSkDc__EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=694&vt=11&dtpt=647&dett=3&cstd=44&cisv=r20210610.82135&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761842;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1071635745&t=pageview&_s=1&dl=https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank&ul=en-us&de=UTF-8&dt=%E3%80%90livi%20Bank%E5%B0%8F%E6%96%AF%E9%A1%8D%E5%A4%96%E5%84%AA%E6%83%A0%E5%8D%B3%E9%80%81%24300%E3%80%91%E7%B6%93%E5%B0%8F%E6%96%AF%E6%8E%A8%E8%96%A6%E7%A2%BC%E3%80%8Cfly%23200%E3%80%8D%E6%88%90%E5%8A%9F%E9%96%8B%E6%88%B6%E5%8D%B3%E6%9C%89%24300%20(%E5%8C%85%E6%8B%AC%24200%E7%8F%BE%E9%87%91%2B20%2C000%20yuu%E7%A9%8D%E5%88%86%EF%BC%8C%E5%8F%AF%E7%95%B6%24100%E6%96%BCyuu%E5%90%88%E4%BD%9C%E5%A4%A5%E4%BC%B4%E4%BD%BF%E7%94%A8)%20%E7%B6%B2%E8%B3%BC8%25%E7%8F%BE%E9%87%91%E5%9B%9E%E8%B4%88*%20%2B%20%E5%85%B6%E4%BB%96%E6%B6%88%E8%B2%BB1%25%E7%8F%BE%E9%87%91%E5%9B%9E%E8%B4%88%EF%BC%81&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=988417853&gjid=2130649847&cid=948406158.1623827395&tid=UA-37650801-2&_gid=394296882.1623827395&_r=1&_slc=1&z=951809678
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://flyformiles.hk
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame E7AC 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstoT5hZpvJ6u-nBzp6tnskkAprySpR8U4JPmfdL3nKe2JK0sedJii1exnZufHK7F9xueRDHwEncu8MUxygwDGQ82vnXGn9lHZ3_L_K1WbBBQGXBCvrtZcDIdodM&sig=Cg0ArKJSzGxC3QC6ZkKYEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=757&vt=11&dtpt=653&dett=3&cstd=65&cisv=r20210610.91713&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761455;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sodar2.js
tpc.googlesyndication.com/sodar/ Frame B467 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame B069 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4ecfaf1f609b84ae88f09dd275989a41806bb5876f488afe42ba10c644c19c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
87 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-37650801-2&cid=948406158.1623827395&jid=988417853&gjid=2130649847&_gid=394296882.1623827395&_u=IEBAAEAAAAAAAC~&z=314035373
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 16 Jun 2021 07:09:55 GMT
content-type
text/plain
access-control-allow-origin
https://flyformiles.hk
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame 5E9E 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4ecfaf1f609b84ae88f09dd275989a41806bb5876f488afe42ba10c644c19c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame 909E 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4ecfaf1f609b84ae88f09dd275989a41806bb5876f488afe42ba10c644c19c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
_02_2.png
s0.2mdn.net/8295605/1616664824199/images/ Frame 089C 		690 B
715 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1616664824199/images/_02_2.png?1566468728254
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20804340.302761842;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e48d9371eb4556ef8068bd60aac221036e3da882161972e4be622b8186289bf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 17:41:58 GMT
x-content-type-options
nosniff
last-modified
Thu, 25 Mar 2021 09:33:44 GMT
server
sffe
age
48477
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
690
x-xss-protection
0
expires
Wed, 16 Jun 2021 17:41:58 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame 97D3 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4ecfaf1f609b84ae88f09dd275989a41806bb5876f488afe42ba10c644c19c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-37650801-2&cid=948406158.1623827395&jid=988417853&_u=IEBAAEAAAAAAAC~&z=1601064550
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-37650801-2&cid=948406158.1623827395&jid=988417853&_u=IEBAAEAAAAAAAC~&z=1601064550
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame DD15 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
createjs_2019.11.15_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame F767 		236 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
64275
x-xss-protection
0
last-modified
Fri, 15 Nov 2019 19:16:20 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jun 2021 07:09:55 GMT
300250.js
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/ Frame F767 		57 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/300250.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4027daa75fe9d693ea7af14d00772456d42cda3c407f53d35096f05eab9c8ae6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:26:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
319416
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9583
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 14:26:19 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 4003 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
createjs.min.js
code.createjs.com/1.0.0/ Frame DC28 		236 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.createjs.com/1.0.0/createjs.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3894074470716932096/300x250.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
server
Apache
cache-control
max-age=900
vary
Accept-Encoding
content-type
text/javascript
x-n
S
accept-ranges
bytes
expires
Wed, 16 Jun 2021 07:24:55 GMT
0_top_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/0_top_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
654f824e3b2d99ef96e0e3a2816b87cf323abf50429dc560b5a55fd8edf0cd42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2517
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
7_top_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/7_top_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e861e4481a775272191a6a3adae030b9c937233d628ebf7437025be21698a422
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 10:35:22 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:31 GMT
server
sffe
age
74073
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1053
x-xss-protection
0
expires
Wed, 16 Jun 2021 10:35:22 GMT
7_tnc_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/7_tnc_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b73262f215bcff6b47bc16c2c6f59e5d21c8f2d78478a9e0e142131c5b95bbfc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 10:35:22 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
74073
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3914
x-xss-protection
0
expires
Wed, 16 Jun 2021 10:35:22 GMT
7_graphic_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/7_graphic_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
93020b2adc9f3b5d7cf49a29b1fa0aa88067183e33fe444e918f7080e5deb122
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 10:35:22 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
74073
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7750
x-xss-protection
0
expires
Wed, 16 Jun 2021 10:35:22 GMT
7_text3_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/7_text3_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
13fc00e30171230c85fcf6a5d2d5a14825d42d7d00690b8c744fab84dea76c24
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1467
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
7_text2_2_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		856 B
883 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/7_text2_2_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5f85add7a8093bdce4a65c38d6abb2769702e207950388d42db26dc863bfd727
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
856
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
7_text2_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/7_text2_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e64a7ed2c01f45771fabe736bca60c3e0b60803e82c5cae505a1a63b21a68b2d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:33 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2470
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
7_text_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/7_text_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
056fde7c4f7a6b6779f261c22640d19d51ac693fe70f3b9704da5647ef8fbfa7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1789
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
7_cfa_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/7_cfa_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a7e4436d3d39e22d32a70f2c610a4c3609660f17c975765488545f8fbeb85cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2446
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
6_text2_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/6_text2_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3d3a88ff4c0d58d8e69e60e3ad48c2ad13e071f7489806e1f9622aba9000b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1473
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
6_text_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/6_text_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
092ba8579aa5b297ef60c02a4fac5536b831379d71b8c2a6e1617cfb89a5a1b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2090
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
6_human_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/6_human_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:31 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17353
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
5_text3_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/5_text3_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
700a4efdefe524a15c870b0f9e2c6de9fd7a1ff0bebb2c9ad4a6e9d3a69b15d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4848
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
5_text2_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/5_text2_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
35db43d06439df37094a16e304aba1683982b5e7b4727d8432ce28e3e563d3bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3759
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
5_text_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/5_text_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
84d950d4c644b0c22cb503962081c1b9480a6d40f784cf6261060efd6530488a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:33 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4341
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
3_tnc_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		871 B
898 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/3_tnc_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bfb8a1d47abfe934888207c2c88f4b51ebf358533ba6194c3179d8b6eb4f3c7c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:31 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
871
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
3_logos_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/3_logos_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff7136d22bda18e399a439bdbb557fba20491eae93c5f66b1f95ef1b8d24ac55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7199
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
3_text_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/3_text_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ada1904d72637c1109e9561aee305aa5cde78075587b337456b5440644cab991
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2317
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
3_text2_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/3_text2_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff46454e57fe9a6bc884461595d843c9fdd04d0c171761272dc3c0691cc4b513
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3178
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
2_tnc_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/2_tnc_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
29a43336ab6ad1f9d08b7b912cc9234a19220f45eed8ee342bc63a79fc053403
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1488
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
2_human_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/2_human_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dedc58e4bd992589888e4e58a892aa4a5e71bd63f8742090ab0e96af544defa9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8241
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
2_text2_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/2_text2_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7b6782f6e91291fd87e7690e44d4158655eb7fa07b3d6bbb6fec30ee9069937
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1619
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
2_graphic_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/2_graphic_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
30526717ce90296379be42b8a453b891069d7f46d8897c98413fc7824166fd27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:31 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17279
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
2_text_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/2_text_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
da5cc8f6ebbb03ae66046c183263c58782fdf005ed2eefeaedf9773428dea3bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:31 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1643
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
1_text2_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/1_text2_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d32f69094fccda9b5878250e8db0f3bebd9581cc84aa037c501fff10f83ae212
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:31 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2055
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
1_text_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/1_text_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8cab3b2e4cb9b7bedd73593f4f6e0309d08e498714ba8206846ad27728eac1ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:31 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2096
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
1_human_optimized.png
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/1_human_optimized.png
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bc346512963d408968e3c8f1d4c6b952849b0a8ea2ade9b5d02511b2858b7dba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8127
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
9_bg.jpg
s0.2mdn.net/8295605/1611580770840/ Frame 6F7E 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1611580770840/9_bg.jpg
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5519177a58376326afd3b3bfad43f50e2f54eefa97d1eb7b63d436d791a3fbb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1611580770840/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 13:19:32 GMT
server
sffe
age
0
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9460
x-xss-protection
0
expires
Thu, 17 Jun 2021 07:09:55 GMT
_02_3.png
s0.2mdn.net/8295605/1616664824199/images/ Frame 089C 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1616664824199/images/_02_3.png?1566468728254
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
82f1fa76f13561bdc8530b371dd53dbb70120cca82ef8187f984d4d417a2d9aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 17:41:58 GMT
x-content-type-options
nosniff
last-modified
Thu, 25 Mar 2021 09:33:44 GMT
server
sffe
age
48477
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7199
x-xss-protection
0
expires
Wed, 16 Jun 2021 17:41:58 GMT
uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
pagead2.googlesyndication.com/bg/ Frame EEA5 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:29:24 GMT
content-encoding
br
x-content-type-options
nosniff
age
319231
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5821
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 14:29:24 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame FC6F 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame A716 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame D4D5 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 2817 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 11B4 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame C012 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 7A66 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/xfa/sodar_loader.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1622653785071769"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:55 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame CBBC 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame F33F 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame B61F 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame 5DA1 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame AE23 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame F7D9 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame 23AE 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
pagead2.googlesyndication.com/bg/ Frame 5903 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:29:24 GMT
content-encoding
br
x-content-type-options
nosniff
age
319231
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5821
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 14:29:24 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame 78D4 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327270
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
ballc.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ballc.png?1619424422520
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22789712.251200615;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 06:36:16 GMT
x-content-type-options
nosniff
age
347619
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7051
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 06:36:16 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 88E3 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvxUqrXCayeIA478sCX_ddmYaWpWLGbqRq-vNRh5sS7N6F0xXttDqASwM9Fd_qUbJwc362wC1nr0InTLRRgeshLAk9Y123IRUCrdceqs1riaYUnFuNDOoeuAC-Y&sig=Cg0ArKJSzEWRiPjApbouEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=859&vt=11&dtpt=519&dett=3&cstd=339&cisv=r20210610.80276&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22789712.251200615;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
_40000_miles.png
s0.2mdn.net/8295605/1616664824199/images/ Frame 089C 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1616664824199/images/_40000_miles.png?1566468728254
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 17:41:59 GMT
x-content-type-options
nosniff
last-modified
Thu, 25 Mar 2021 09:33:44 GMT
server
sffe
age
48476
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24074
x-xss-protection
0
expires
Wed, 16 Jun 2021 17:41:59 GMT
300x250_atlas_P_.png
s0.2mdn.net/sadbundle/3894074470716932096/images/ Frame DC28 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3894074470716932096/images/300x250_atlas_P_.png?1575814982931
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22643491.245678814;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/3894074470716932096/300x250.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 14 Jun 2021 17:41:17 GMT
x-content-type-options
nosniff
age
134918
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43363
x-xss-protection
0
last-modified
Thu, 09 Jul 2020 18:41:35 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Jun 2022 17:41:17 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 858E 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvzIz5msWDbhpkuOYr3Ddv_3vIVNftQiT7VMFt6H753Dtq3zhgc5mTbhtFim_DCFbbQ-rlAhZAhzaeYq_cYzhAC9w468dIk41IF2xYbbZboEZx2NcPu9UhWRN1g&sig=Cg0ArKJSzNJZ1_CMGidvEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=881&vt=11&dtpt=529&dett=3&cstd=350&cisv=r20210610.07674&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1025300.2520714FLYFORMILES/B22643491.245678814;sz=300x250;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:55 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
wp-emoji-release.min.js
flyformiles.hk/wp-includes/js/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flyformiles.hk/wp-includes/js/wp-emoji-release.min.js?ver=5.6.2
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.21.30.184 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:path
/wp-includes/js/wp-emoji-release.min.js?ver=5.6.2
pragma
no-cache
cookie
_ga=GA1.2.948406158.1623827395; _gid=GA1.2.394296882.1623827395; _gat=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
flyformiles.hk
referer
https://flyformiles.hk/26781/livi-bank
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://flyformiles.hk/26781/livi-bank
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:56 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 07 Mar 2021 07:21:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=L9aLUhZce5Ip8UMPnkO2776uTTRw6c%2BYo0OJz3SdZPP4JMLRsuEKZIDyKhwGySGsszQWPOmAnJNAmR1Z%2Fj%2FuGPedwOkQqTQiGx64Ec01Y8VX%2BFxeW9gAIW2C9ek%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
66023728fdddf15e-ARN
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id
0ab540cd970000f15e72ba0000000001
uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
pagead2.googlesyndication.com/bg/ Frame 053F 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:29:24 GMT
content-encoding
br
x-content-type-options
nosniff
age
319232
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5821
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 14:29:24 GMT
uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
pagead2.googlesyndication.com/bg/ Frame 0959 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:29:24 GMT
content-encoding
br
x-content-type-options
nosniff
age
319232
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5821
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 14:29:24 GMT
uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
pagead2.googlesyndication.com/bg/ Frame 9AFA 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:29:24 GMT
content-encoding
br
x-content-type-options
nosniff
age
319232
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5821
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 14:29:24 GMT
uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
pagead2.googlesyndication.com/bg/ Frame C566 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:29:24 GMT
content-encoding
br
x-content-type-options
nosniff
age
319232
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5821
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 14:29:24 GMT
uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
pagead2.googlesyndication.com/bg/ Frame C073 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:29:24 GMT
content-encoding
br
x-content-type-options
nosniff
age
319232
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5821
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 14:29:24 GMT
uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
pagead2.googlesyndication.com/bg/ Frame D5AA 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:29:24 GMT
content-encoding
br
x-content-type-options
nosniff
age
319232
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5821
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 14:29:24 GMT
uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
pagead2.googlesyndication.com/bg/ Frame B789 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/uMPtKrmwZjN0D4XGQ6GkF9bB4gZfUorgjwuHC4YUqhk.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:29:24 GMT
content-encoding
br
x-content-type-options
nosniff
age
319232
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5821
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 14:29:24 GMT
pro_a.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/pro_a.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:26:21 GMT
x-content-type-options
nosniff
age
319415
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11732
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 14:26:21 GMT
am_card.png
s0.2mdn.net/8295605/1616664824199/images/ Frame 089C 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1616664824199/images/am_card.png?1566468728254
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 17:41:59 GMT
x-content-type-options
nosniff
last-modified
Thu, 25 Mar 2021 09:33:44 GMT
server
sffe
age
48477
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21871
x-xss-protection
0
expires
Wed, 16 Jun 2021 17:41:59 GMT
300x250_atlas_NP_.jpg
s0.2mdn.net/sadbundle/3894074470716932096/images/ Frame DC28 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3894074470716932096/images/300x250_atlas_NP_.jpg?1575814982931
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/3894074470716932096/300x250.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 14 Jun 2021 13:57:26 GMT
x-content-type-options
nosniff
age
148350
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13962
x-xss-protection
0
last-modified
Thu, 09 Jul 2020 18:41:35 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Jun 2022 13:57:26 GMT
bg_p.jpg
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/bg_p.jpg?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 06:36:16 GMT
x-content-type-options
nosniff
age
347620
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14146
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 06:36:16 GMT
bg.jpg
s0.2mdn.net/8295605/1616664824199/images/ Frame 089C 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1616664824199/images/bg.jpg?1566468728254
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 16:52:57 GMT
x-content-type-options
nosniff
last-modified
Thu, 25 Mar 2021 09:33:44 GMT
server
sffe
age
51419
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7271
x-xss-protection
0
expires
Wed, 16 Jun 2021 16:52:57 GMT
footer.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/footer.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:42:43 GMT
x-content-type-options
nosniff
age
343633
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6960
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 07:42:43 GMT
circle.png
s0.2mdn.net/8295605/1616664824199/images/ Frame 089C 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1616664824199/images/circle.png?1566468728254
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 05:38:41 GMT
x-content-type-options
nosniff
last-modified
Thu, 25 Mar 2021 09:33:44 GMT
server
sffe
age
5475
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20630
x-xss-protection
0
expires
Thu, 17 Jun 2021 05:38:41 GMT
t4.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/t4.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 06:36:17 GMT
x-content-type-options
nosniff
age
347619
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5628
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 06:36:17 GMT
light2.png
s0.2mdn.net/8295605/1616664824199/images/ Frame 089C 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1616664824199/images/light2.png?1566468728254
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 16:52:58 GMT
x-content-type-options
nosniff
last-modified
Thu, 25 Mar 2021 09:33:44 GMT
server
sffe
age
51418
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9882
x-xss-protection
0
expires
Wed, 16 Jun 2021 16:52:58 GMT
ballb.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ballb.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 09:58:35 GMT
x-content-type-options
nosniff
age
335482
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5352
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 09:58:35 GMT
_stage.png
s0.2mdn.net/8295605/1616664824199/images/ Frame 089C 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1616664824199/images/_stage.png?1566468728254
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 16:52:58 GMT
x-content-type-options
nosniff
last-modified
Thu, 25 Mar 2021 09:33:44 GMT
server
sffe
age
51419
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2358
x-xss-protection
0
expires
Wed, 16 Jun 2021 16:52:58 GMT
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 06:12:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3462
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5437
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Jun 2022 06:12:15 GMT
fbevents.js
connect.facebook.net/en_US/ 		94 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
24517
x-xss-protection
0
pragma
public
x-fb-debug
a1Z3TpbvReyaLhB3QgYq41OyDjxpk/4z1iNrCHndFCeePeH9qruruF+NCKRv3tzBnQL3APCJtESt2LuNsJx0qw==
x-fb-trip-id
686109401
x-frame-options
DENY
date
Wed, 16 Jun 2021 07:09:57 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
gtm.js
www.googletagmanager.com/ 		75 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PRJ4N4D
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:57 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30185
x-xss-protection
0
last-modified
Wed, 16 Jun 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 16 Jun 2021 07:09:57 GMT
impl_v75.js
www.googletagservices.com/dcm/ 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/impl_v75.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 13 Jun 2021 08:25:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
254642
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15538
x-xss-protection
0
last-modified
Fri, 04 Jun 2021 19:52:24 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 13 Jun 2022 08:25:55 GMT
t3.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/t3.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 09:58:36 GMT
x-content-type-options
nosniff
age
335481
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5481
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 09:58:36 GMT
stage_light.png
s0.2mdn.net/8295605/1616664824199/images/ Frame 089C 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1616664824199/images/stage_light.png?1566468728254
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1616664824199/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 17:42:00 GMT
x-content-type-options
nosniff
last-modified
Thu, 25 Mar 2021 09:33:44 GMT
server
sffe
age
48477
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3013
x-xss-protection
0
expires
Wed, 16 Jun 2021 17:42:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 909E 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BabwbwqPJYMGrKNKKrASCzLTAAwAAAAA4AeAEAg&bg=!p6SlpODNAAY2kFOVNpA7ACkAdvg8Wpy19Elczd8LFeIAL-Dva-60dJrJaoQJ3MW9Za3qupv9BiEuGAIAAARHUgAAAPZoAQeZApI3pEQDq_lo11TTNDGjkCUHkuB2K-iQonArnIskq7hIodndCjObZJfgThflnpN709-QHWdBV9-ngDWo-KcVcr9Paq0_emwidDVDtgL4UK_XDjQMRsRGyRJKNagKFW4DXU9cdhcSocW4rr653PxJLmyEHkkwctdmq-3nxfC9WX8t6rGhdYY2eQR9Kpp7I73g8LatKSzb-JHxuOpEand3JVyxII6y5-E2QcohlNYt95IqI7-ZKpirG79-5NKsrpTCFoHIBSL1OpbxmHyzroCyTpdUCEdif7WnZDsDX5m4MZt9aXXGM9-r0VEQRTqNlei5kgUjQl8AB_ahW6yu_0qysllFFxu19PtxskpMk8-cYG425Yg31SBCR0kYlTOtLbTLUkFe7h5ppYU4rmtNV5FzpCn4svzKwUWrtsmYHNocNSL6t4E0bSvTWPd97EgcqkoQY2fJwtnteZHNsTRJ3E0Yt8Jl3jPx8USUcGF6O2S8N91fuasKuMLRhCelxaUY_K6BO4jKH5BNJj5QENNuC4hSS7Qz-W2gVFwbDGLxnDsayBOPFKmZOqCGg4nhO8LhI1kZR-g4nLFcD25ZFuOi4Y_6h1lo33P__xBuz5E5MUkeW8lr1oex6Ur3yAs__24IuPiEp2PFASx1h0LzSFnxotm2NkLGtzDbuZJDYqgB9ItejIIj5k2TK0ekgtDRO6xDnwWLlWxH9rAvK4xMWZPym7lJa43L65uhIJt3hK4hU0MJW5n7Snn2e_T9qfppgrCFMObKnBFCzaPhSwSzwLPfrDM5Ah7QwcqRXDPKkOnj0wzGHYcQyWhNC0-ZB3tH8VOdCJL8fNCxFmtonnfWJoLEvbuktp6TbajbGmDuQ3-UHz3VdbDgBY61
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 97D3 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BmKbUwqPJYKCnKMqO7_UP7LmGqAkAAAAAOAHgBAI&bg=!XV6lXhrNAAY2kFOVNpA7ACkAdvg8Wu-r8Yn4xW-JZBLaO7h6fZzankRTDd9yngkHZFIluo2l1Q5JuQIAAARAUgAAAPZoAQcKAAxtjtwgaaQ5QZ76rIyZAo84ghxjfQ5UqkBmcXPfBvec-aydRTuiDK0vV7VQYCUQkvcB_jANqSIhk19hveoH3yewULsbtujlI1Vl1u6r5_ROPn6-sPZFo4tLUJ2pe3HzgC-GLU_Xkvg-MY2VOIqeXBD0zTOEXrd9TW2GkbFTuUREkvD8jL8DGkJPw7wFPrDFIwLikkTC6U2d7Il_zz8331pKZAffbiowa-EeKkvx2-mP1lTeyLMB0i7y0UU1LsEyRrHzVPSxyv70JPQ2oRhI-b4miN9leIKUHD8pOb6MVxAgWf9C39DvgkcBrTDQ-WQJvuvRPi59EyzB6gsFeSTZqV0WQhKJLzFJXARlamcm5HajV4OexOh1furlUyVQKKUF_4iMMVecpsy5IQ8LNah-6ManhjxaXef5NmaHAu6ateQ9KLDuPwLRgk8_fHiAMrlhajNfZDvW1L55rE8dnAtdBeQjql_VkiblPYwfv4sYzGgyASh0B6NurYQjTn4KDRNbJMOcyy_tVJOisQGG8jw7xhRhOqL3nK8uJe4LBqq0P5MSHeHP8YLeVb2IdJVHswBgyFc_WRn7J2BMJExa1Injg3vj987kh6834OYsWzUygevZWxIa7MbsdQkpri-aM9z3wVJI0EMCBtnp3Ak16vYaVPX5WKG6G2Ls-1lA4JYGGQ34w1zaWC8P-0HJH9dqhdsO3go5MXmx2BcOPyKxRCwl9rFaGO-xKEhr9x9Zt_oljmc15Omni06gfip0gqR3fOi7kI-5AgHgsa_Fn6qS3ZQ_29weW6nbtE-ymAJV-td-Zwi0wzi7o8gaoeAOLfmVsm2oZ5Zae-PbNfB4RLEEIy7yZNE-LUJ3o8UPhawiYuCY_vOC_kBijouRBTsLNZn1uO-J
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
identity.js
connect.facebook.net/signals/plugins/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/plugins/identity.js?v=2.9.41
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
4673
x-xss-protection
0
pragma
public
x-fb-debug
UwWF9cHAdwk89L/lIjP5abV+Z0GiOByODZVsiv+XtOl6dbebiD6YP/4ZjdNiWTdUQ9r2yWNz7Zf6NRVbUK/88Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 16 Jun 2021 07:09:57 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
1588642631433580
connect.facebook.net/signals/config/ 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1588642631433580?v=2.9.41&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
qhHAZqLD/YFtGz9TJg33pObM5+N5H0o3W6TYq4NMiqAvrB48hjnfOeCRO5On/XeFth0GwCk2bPVEIJsStamIwA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 16 Jun 2021 07:09:57 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B069 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJMVYwqPJYMOgKI3I7_UP85G12AIAAAAAOAHgBAI&bg=!KyilKGzNAAY2kFOVNpA7ACkAdvg8Wrdd8K-PeNaP1oYSNkpVgfXc_oMP033tM3G2C9NX6J4OsEIdqwIAAATrUgAAASFoAQcKALP2vhltdobeiVzyxDagiiXJMJ8rpex9Z1mg3gxRiMi_bTJOr0VcznlAGDX17oAcEWESrNItS6dTWnaGYZTBLtgt6B72ip85XFGl5tGDqlOyaAaCArexZSyDhAdJfe43CvTIHDwLvnCfll6o9WntwQjKDTD9FHCgmzZqwriD6VzBTHwweD2QfOe83f10bYvs0QyeDVU0zN3GS-kkdmW_g3O9GyCPadILR8tT324rA33jGIEXe5kCkanIYmtnMOcs0bOlGYUydXr8sN_8YAEl6kBluxx2JV4qCzlo7LN6ouwXe6An-zPOLbkw-OTqzMRJpYgOFFO-vbTrnLf820PyLd3EhzSM2p1EmZF-_AL7ItoI2E_Dlk0qnfHzQAo002VTKZt7sztDV5Pzp5uO6aa06uZRL1yF2pYdIFp1sUeZKEY-cG9wlbnRYE_bQ_XmX28a8ohpJD1qiinF6tuMuq6cp-7k6Hr6Kl2-8a-VmmCWbBQatKFG4iwHHhNKaBRz10_2nOhFGjXLO3UTIS7NC3x51LWw40xhQJ7CMk3vBf0fCFcTtECDpsv4sH_qefMwPjSy-99mho5XN37aLCB26HPkDISGiFL9I1ix0EZqQuIMvX_ng8CtsRSDWG4qpVsmXIx4959R8_iuskGQQNiJAQdclK7yFoEijCQOHJ8naAAQs2YUzRh3Rc0PATXbKEzpip8kBLJlIZqSkGfuafe-E7ivOgYeVbuKq-WI-R_q01RAosmybYCyEWBZ2-Ip55xKECshTe3iB0LGO2DAze5YfwVpUZJ3K0vzJ9HFCWjDpOR6ovnw1opJZ9ikyOYpOX22HSAKdqjL8e0niz8_3vbiHxvnqXauz-k4l5k35UacoidFd9a0KNp_01-vQd19IlMfvzn0Vp5FpsrTunn5g_sw5DHEFqvZ_bj4WGyvnOAXAodkQleyvj7iAjQLZgipxZAfYqKldV_ye2aC3NOC06n2vHx_X6ca35q4b_L9JMWWt0DcO6DiOktHhZ5taEWpVqeD77jjJDj3bjo7Fx1WB3EJXdFa3cKNOA4aM1AE06o010d4qq7DjPzEFrXfCZTrboilwroY70znf5NfqqvFnQ1s9qVe0GJGSEquXb-3gg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5E9E 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B842ZwqPJYKmiKLS5lQeV5YyACQAAAAA4AeAEAg&bg=!4-Cl4KTNAAY2kFOVNpA7ACkAdvg8WkX38jE2MzDLglYTldUDd8e2NxuJWjaLIXT1HsNzX1M6iTMFwAIAAATYUgAAASFoAQcKAEgNmJcZdknEKjS6vzvYDQhf-u8kIBwggomLaa3JsLhzP-C4pZj4ULDc3lfklHmmT2rNovCCKtBVysHLn98rF5Y-9p8ytWEvzEyZApJX4bIOc1Nd1Qcbl-E2IEKGsmURkcWPDBpAbo8LpgPtSUzvq-34Y18PUHiVutA0FQ7dUuTYpHKRHFMLsWC7UKxOXwWJ7MNdmbFoVbHs2z_DFugGi1oObfhZmhfgIdjvlNUo0PKM70WEA4-8e7Z7gq2ygmFtZyGsfsbhthCwiichEbBO22gZla_bxvFVQFvJsnF3WZhkC2DayPzbBiA_2gqNVO5ZS1Ox1vPX1fmC8Wy0XcG3puVnyIl2CZbxQ373dZy4ickMniJR8WhJjMLVKQW2wYwuvebs-TFUSoT4D6_7DgFPBqfzAObJKPOOtRQfot_KZD_cq7N0vmZdyLIXsEzNcgWiVNgW6l5kMpLx0RtrsbnPNYGDv3fqHvxNnjgrOwmvY76m2wRpPOKoMe9y-5PmCnSrusI0Q-TKzYK61CwfcLOluO9fduYs48uaNB5oUvYdpiKkP4_5BoCo5UZcXrpMGOp_JJzVRQLF5WpgPW7h6Hu2vadcC9w7ApnrkxFc_-PvbVwI6gPJbHP5ym09NvE8nueWdxqF_qg1f8FYMftvJXlk4xhbZlHMoLek6oThk5xir6JdusC5BCSXZEHo3GXDLMWtjMFuT8W687Wqa5HLRTKI2lGD4cyiQNkpZrkqmuuKhYpBBXmhA4haNlFWo7Wd_Inlxv1k3p2yT7mXQIc2qsVE9LLDyMCmbJoR4N1nhFMMu2WhhPgkl3NkXNTFxNbzJkY0UdJ7OlAqyEd8y_sTda9B6FOpr29jiz7pEjUTwXYYSQb6C8cNY4PVIeP-ktL6jmxq4I9nHjbRKfRhNeQOynjxPz0cmmScwOAixcB6rosJOEx-zZZ2B1sto5M4eAHHwYH0kLKsUiooynm8bweQY9j-
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ 		3 KB
571 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i&display=swap
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 16 Jun 2021 06:29:35 GMT
server
ESF
date
Wed, 16 Jun 2021 07:09:57 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 16 Jun 2021 07:09:57 GMT
cta.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/cta.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 09:58:36 GMT
x-content-type-options
nosniff
age
335481
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1885
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 09:58:36 GMT
B25554442.301288128;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=702412196;ord=ar63kv;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2F...
ad.doubleclick.net/ddm/adi/N1300847.3528642SIUC/ Frame 527D 		37 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N1300847.3528642SIUC/B25554442.301288128;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=702412196;ord=ar63kv;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=348;prcl=s
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v75.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N1300847.3528642SIUC/B25554442.301288128;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=702412196;ord=ar63kv;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=348;prcl=s
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmlHg5IBiAW--ymlEGlmCW0_3sB3U0abFbZcBJkiD8jarEOf4344WawkHKahPg
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:57 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
18969
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
dcmads.js
www.googletagservices.com/dcm/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/dcmads.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 06:29:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2430
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3796
x-xss-protection
0
last-modified
Mon, 07 Jun 2021 18:22:56 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Wed, 16 Jun 2021 07:29:27 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame FC6F 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3p74wqPJYJquKKTH3gPH0p2YBAAAAAA4AeAEAg&bg=!39yl3JjNAAY2kFOVNpA7ACkAdvg8Wr5DBbjPYBPgg_Vp1pLn_tfYVUIFnXvLjhMfcV6_drQE4zddcwIAAARPUgAAAQpoAQcKAHNADWqI3-OvmhFExbq2m9KZQ0q14ciEptxRL0Zh1fFQQeSW9AohMhuccHrH6dQn-2XkgTKk6MBG3O8dOSCsj1pJSj1uzXq8sXV2Rzm2q7tEtg-yBwEEjUOlQY32oY4ik1Ey1UPCYRpFaksdKPszeBDS4HGEmQKWU96C70Yyi2W9fHKmw4cLmLtsWEvGAyrNIwM5qArtgIWu28Wzo09TsgsEPk2G6XMTpaEluliY7znLSQ52kH9C3a6T0rE92SI8XzpkFVMjjWoHmG-SSnl1c6oTFlILnvgjDbnt0sCfKdWxG9Aei0VUeyLeer7iiXPPXuNT2gzJgWPYhiMDAsKs1rszCuzCkpIX_qVuGWjukYD7LEfQv3Z795k4DmPxtstmK-OmnygI7UmytW8zVUBk-_SrbmAnnyt6CEhW965G-LzjoSrqmLtYQBeF0lqxgFJkqIe1dnyhRLAZON7BDMe-hbt9bkLYx2oa2XofRU1EWzKSQ7vI-Hyz56o6xYyCc6hwOQgpUuwt9GEn597dVcIt6FnZQ1_W55eaFcMcL2NHQOv1EPahh1ViI61tKVnlxR020YbANf7o9JQSwIyLGo2bSSOgGXz0sosQe6k_vn-0r5Tf_PsGKm5ibWGGxILuFtWd-vDXyZumbCTMgEak0yWweKqA2jLCUTswkho8sR7K2AtF1wBijLU3Jo78Q2IYqt2xV1KMZ0NKfxPHGjoeBRUNiVVTTonNpXcc4Aos4cYWVaDXAh04UPguq7QWLx-my2Z0w0CiR3ZfdYSOfikGV3Pax1vu3O3vTKqwJXqQ61JxZgMVWqr2MvJZXbZHkIQiWf_-Ma3mHFXuopvGlHKAtP9rol6D96qPWngskJY7HTImkEcc2ZQqw9o60PW970I1qlWIKMuu34cdMiIuYOJv1b_Cl7TjMScVSa-lS4z1GwV_kmQa4Y09CbJRAkcOGdtxR3bd7nG9chC1BaWy7_Saofwz6CYkUOqZ_APvHMm4cXafLsskrTY2DzooJoPIHw_qRAJ6D2-ZjcDxI0TwWlvrZpY
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://flyformiles.hk
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 05:40:22 GMT
x-content-type-options
nosniff
age
350975
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23484
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:10:46 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 05:40:22 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://flyformiles.hk
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 04:46:04 GMT
x-content-type-options
nosniff
age
354233
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22992
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:12:12 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 04:46:04 GMT
S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v17/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-q.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i&display=swap
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://flyformiles.hk
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:03:53 GMT
x-content-type-options
nosniff
age
345964
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24440
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:12:06 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 07:03:53 GMT
S6u_w4BMUTPHjxsI5wq_Gwft.woff2
fonts.gstatic.com/s/lato/v17/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI5wq_Gwft.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i&display=swap
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://flyformiles.hk
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 09:24:17 GMT
x-content-type-options
nosniff
age
337540
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24428
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 18:10:34 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 09:24:17 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame CBBC 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BiOgwwqPJYJGuKKWKjuwP_tGrsAIAAAAAOAHgBAI&bg=!PzylPHjNAAY2kFOVNpA7ACkAdvg8WpFGX6A6fCHFgLBLsi7YK66s_nvsEX51kS_yYLK_hqo-uqsLtQIAAARwUgAAAL1oAQeZAoxrrVdV0k2C7tfUVq63C6x_3WeUDpdtGDIZnXulSeBDt3iGBhGdW80L_xmSwfxyww_W0pyYbGO1IMSvjrgx5qkmBoXV0VODR2buykyrNHKrOciqELuZC3FIBDsifPjh26EwEWtHdcUyYEf0vByXU6hWWPxb6HgZa4hnYiHuEZJxZjS-pNtRT0Cmr7Dd70QNMRh-MPdLxkLD9ndJYpA6moVMfhIvWYinECBkcJ8-jx6DwplP0TSwuTCSSLIV12d4yWDy9ry1t9Okfxp0enuvXLQnL1a4XwsMDxi4fmiqV53XNvy7HXDR68SAMRoq_TG8Bli9TBvnwbB0wiYhY0OnR-BuW2iExQXWvoOrrxZdy2oMO-UbnNapFSILSDXS_v9K-XbjO8SKrPN3f5T16es2jFpgMUGXfnqc-75ajSAZex7vtpXa-sn14_NQU5YMa8dTLPboFvmS-ZB0b42ulPzpgefo1SCbrOOp9e3pe2s66kP9nNpD84_uKPKulkb7fSDwYKE3knyb-Qb3azXdyDJ7gOZHr1Ms7fiRGtxUIejRzG3A-0EnkwhtdsFNZszmrnj9vwyR3R3GmXNQqIbiSUkv8Hivsg5RD6fDFiYzkZXtWz4Q5OBx0X781Dct7rxIBTPufpDQCANvv7sjKTx7b8Z5u8LQAV0WDq7wh-JunizwwXnrCluJGTeNBUWihJlqXFt5n8wNPKLTp-c6R8WmMLwVdZkzYel5fw135peVhvRoYXYp4L4Db-aFgtoRmAA6fZpmEeZzG9TqPFOC7NeyfE14k3TT8nn5vX8tfcwBihadO65hpiMW-nOZ6H0wzTKaDZDno5agskLiWf2HrAhTtwxh3E8TcPncSyeI32lLxm8a
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
event.png
tps20222.doubleverify.com/ Frame 3938 		67 B
446 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tps20222.doubleverify.com/event.png?impid=1228f5a1c72248908496f17727c2219b&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=176&eoid=5&msrjs=1425&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1623827397799440
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.254.244.17 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Wed, 16 Jun 2021 07:09:57 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
https://ad.doubleclick.net
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Content-Length
98
Expires
6/15/2021 7:09:57 AM
event.png
tps20224.doubleverify.com/ Frame 8D18 		67 B
446 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tps20224.doubleverify.com/event.png?impid=483377ff500f43a3b5f710e07a2ba17e&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=161&eoid=5&msrjs=1425&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1623827397860308
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Wed, 16 Jun 2021 07:09:57 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
https://ad.doubleclick.net
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Content-Length
98
Expires
6/15/2021 7:09:57 AM
event.png
tps20235.doubleverify.com/ Frame 7EE8 		67 B
446 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tps20235.doubleverify.com/event.png?impid=4c122c3f63804ae7b743c838b15fd8ac&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&vdur=142&eoid=5&msrjs=1425&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1623827397861258
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.254.244.17 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Wed, 16 Jun 2021 07:09:57 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
https://ad.doubleclick.net
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Content-Length
98
Expires
6/15/2021 7:09:58 AM
bar2.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/bar2.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 06:36:18 GMT
x-content-type-options
nosniff
age
347619
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2905
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 06:36:18 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame AE23 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bs2jfwqPJYOGGLcXI3gPzlIfICQAAAAA4AeAEAg&bg=!r6ylrOjNAAY2kFOVNpA7ACkAdvg8WmRXOttDv9YkmiJ0Xy1MAx9w7LARw3HuqF7urB9aabs7bHCaXQIAAASYUgAAAPtoAQcKAM1JI1i4Z0wqykOy64Z4Lz8JZwDdPGZmTm1fWwUYIYAvUkcMlqpUPg1P01s5Zspgdb0G6UfA5XrbnaJyPVmLBnDgtPckhMeRmLflJaZJz2GALYGaXOPYdhX3J7xbg7YeRf3MQyafj5O2xBdizzrbeWhnYwLsCfN-parUjan-yS4h5bGMeQra5z1CSoxkI4E7UAtBKFu_aoADJrqsWVhbZtNrGfvXXpa57Z9Le_a0Xi1Tzyb3wC5eFqvOX0Y6Kd1MY9NVzlaMmWpozb0gEABomQKmDTrd9wO9Yt6JTef3ZdYcl4Vsh2Bd5NwNkNxLdpDlhJRpyVGK0K6pcQhdDreHbkMyWQ7D_fdYAO7mUMiRUFs_4058okPiwcbgLL0KJN1J3nMGEYiE3Pj2i7nSyqdrUYEcN4BxSev18amv5UJWgbHyD1Nkch9XAy6FObJkg9BYK_BK94UTLa_6eLM7ydVWHxiBDvlp4u1M8RRgb-5yRNODdElbFsmEuZl5pxnxtynMnDsk1y9Yhpa48bog3zAKuUe8PLt7O3f5I1N7-sVrLOS-t01uG4bxI1dHzxTiDnXqZGOvzH4xYLFWRirlGTBFX30U4aftnsJJEr4alx740ijAX4WGscuv-lhnfyW3TpGH9Hwm9qMdxWuJT0-SkqtmgxNoZYoGZUWXL9Gm09V_GwrlWu5LGTocAvuYSMxVVAJzmYoAVbWytvZMS4Mf4mA-V0K5u77O_63ma7pO4pw7ZnpBORb4dXi53vj_0kVGwTauVOj_udPHj9DeNyNfZS1BH5kVWdEZFeVf628OVM5giyfeBlPi-LbYDlAqY8ggWjYK4RWhlU41RkbI1jHJWhTjVJuh-qvqSAUM8mf_zTU0ohQzWMNIuzhbhwMeJWDObbLQXL7Kdse7Iz32qTa3Q8MXdYD9NpU6nHFGp_2dJgm_ha2g79SL-bNWz932SMNQY5Exwj3wMT8UX7MfQ9yM7CgLX8V2F8kZKrX0SjVWq2OInic_e91MjfzejuV7EWLKW4sYsSvU-aRG39EKs0ZKkUzaApnlK8wzPmZErxwgU3CuN_rde3qT7KmGKkuobJiryJZ7sS3sNvfhOPCnqZOVqWiB3s9fh6WSlNZ2GF1O7xNwEd3-IlzWFynpSb8GKz_PqVdDkK_HjBTkfckPJUA-6T_C7pvNhgmCAuxE
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame F7D9 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BpfxKwqPJYJuOLYKtgAfC_rLoDwAAAAA4AeAEAg&bg=!p6SlpODNAAY2kFOVNpA7ACkAdvg8WhJ1amuOhydo_Z1kxMNUaP_3rIRkZOxr4Dvi8-pMfOQtXlgl0AIAAASRUgAAAPtoAQcKAOshdbt0cSZWnbhu4VdHH1yaLDs-T04YLIHMlftVaEUULP7nNCqSzbuzrrjcoPVOItgnqb7wMCPO0PfzdXOWolywCj5x6tFbbnFrhsmJxsRYr7O84AOKhy2r_P0bBaaJ2lBzujRBUCHAMcLIWQXALikftyR210gJp8Q28A8cvzvVmo3Z7Rd53gGGhWIOm5j85lxfkqbChINRrOAype7vYJ-i8fdzhjZ9yjh0Zz4bt9Wo6YibndhTjGo2_c7fOi6PlrX593sH6DxuEa3EZTbR1-YoLTc59dsKCgmRsbwPRBr7Yyu2kNYUhaXCGEovmQKGEGdmQPcI4XJVUqNUX6e-OepNdt1PM8xC5B6-KYrZfBqdQgLhcku-QE_Wbe2hnLMGNkRy_xqmEPbgNn6YM6ASfzlkdEgajT-oFIoJGra2AFlOcgJ43ANZH2BCYgUEvqV0hQvZbwemu054fsfUAiWneLOM2zlg8_VFE0qBlP68Xahq6MXPXwHAmxrrXKMuMhoqomRNMxD5yC4sT1mgIya5r9bHRgXD7dWLi1fKuqdgfnSOo2AQ-QWS_xPW3LVd0FXZpptKQHln5mq9SYZyUGYWsRvCxetjuGXHHHAWRBzZkmjLH1gJ2mHGST_bI-i8_H1gMWRk26g2dVzDfft-yDhKGbNAlD0KSMG6y54EMwqoKFb29_rzTUJSm29zkqjBsRsDSxOXssXPVqeNZcFvvMXSj5XuDBYVJXqmwYtpGe3AftUxeo5AEgHoIo3uMLO-fCwbjFaNUY_Fx3yEUge7sorohiczTdVOlTtHjsTt95cXU2kWOhjPVnwO-s_vLUyxbiN2viinWByTekywRghDt4dwfuFeQRX5qwnb_g9H_6yVlMcI7cYvTSHFtqK58p-a4SJskqTfjS9JYgtLwRYSFPvb_54nO5hl1N3LbPXj2Kor5rD2WTgqpj2J1dSUq_kmu82RhhhtHK48fSAMJPfF1IXuBIxB0gZ66PxIzX8y2VEeT6Hwt3-okdfSWxsOuGOn-8jHK_jsbnQb3MbPf1tLA4WLSp3MlPRT6gNEdMpB5GQAGDqzZ5NIX80MnT-9kD_egxlOGdZOW6vG9G775STu9YfMLbdFyKrlF8NbiolRYpdTw-mpeDpOyTj_-Vu4dEnMcD-SzvsiT6UFoEq6iw0bBDVfJ2FW-Xa2Iw
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
212 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1588642631433580&ev=PageView&dl=https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank&rl=&if=false&ts=1623827397924&sw=1600&sh=1200&v=2.9.41&r=stable&a=wordpress-5.6.2-3.0.5&ec=0&o=28&fbp=fb.1.1623827397922.1648969717&it=1623827397568&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:57 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 16 Jun 2021 07:09:57 GMT
impl_v75.js
www.googletagservices.com/dcm/ 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/impl_v75.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 13 Jun 2021 08:25:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
254642
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15538
x-xss-protection
0
last-modified
Fri, 04 Jun 2021 19:52:24 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 13 Jun 2022 08:25:55 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 23AE 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BbxMNwqPJYNubLc7J7_UP-8GB8AkAAAAAOAHgBAI&bg=!Z2SlZCDNAAY2kFOVNpA7ACkAdvg8WrXiYHg1hnIGqEQ5mrBDdLTo1b37XWLR0a5xSEJUdT1DTrE8xgIAAATyUgAAAN9oAQcKAHxKqgUZy32UxeN98h1oJE8Qjzgx_PFnUKcZkiib5Llp6Xavc2govBQXpQ6yy8kesrTo1k2_xqrAjJM1rzrnfcCXCvWOTuae-hFgCDJ1fFvhH6j6QcCOnIgL7qYZFxDKGWxxgZOM0yldFlUMxVjBi8djfv3k39DnDwWV69DcmQKYaRkW2s0pUMt0WUfByGhK33aiNireYWOI_Wz796003-SlFmQHQibDHUt4XyRU0eM9yw0zNBBs7D1iiVImnK_RSncw61R_VIzcSyvMrvJb1KfdVkT1B_hgYcLLuUr9f99Jo89g0jsTnCraBtJe0mgyOEvXmTFzNCXxPdZiHVBJnlrrUnrSpjMVC1bWhiDxR3havvangzKLrReiIwm4h4OetaLnKKiKGUrBt2IBWf61mZTLz-8bNhGQh836w06px4jRSxMaVnP_RH3ey9Vv3jHgi0nDBk2Ds5X5ZHub1v3OUpr3X3tt5ASszfZHNK5PPYi1gWi01ZqjPHLbg_AfJ0CO-pu7a38PzbKrEKER_GmWYQjhUBI4KTLB7gpFKtPQY7sbFltE8s-5m1wwuZcALq6GlsDlz042XfSnUftFeX9v0dpxSqZQsCFZrX_HpIy0HJIp5y-cDV1198bRbOm6Rw9veOA6YrNbKghVysCQZpS-5eKctL--FqZ_5B9NFbgwmQxskEAqxStQlq1p0iJ_WORnS7z4z0dbBSYLyX9FuRoVR68LjNtNN7wsmTYFGt265iGgH2jN44CcRnCbrMc6z7MAnE_ScYeA7J6_JWvanfrfT3k9ksHK0rNI_MtMixAzEFYL6oOd5fo_TA_ojgK3dm884VTIA4qLMhC_Oom9tFicZS9Rve_nH__ZgD6K20XIFlo2ztfQIxJXmZctKhzo9UQYG4PiLIJ-tSKSN2gi-ZemGFDDmTg9MEl7IRjNEkpJMxK6uPOjGWPvoLyHyYNaNxevtfp1UpKdp3LThYFakZfHDqin8asE_G46zKn2hYlKDMHP_e-1rQ1fzkh9aX8TsD7lnH3hofJe0trmdDFhwTg2SzOBBpzTXyYmPw
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame F33F 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1Ry6wqPJYM2xKOqux_AP3sqBsAUAAAAAOAHgBAI&bg=!ycqlyo7NAAY2kFOVNpA7ACkAdvg8WnyBaaOGzS6K6DXqZcFYHyIs824DrPmor6wWr8AeoNdwkK6P7AIAAAVvUgAAAN1oAQcKAE3RfoDawFFFjQhuE0Wv-wlPpkKgDQu0djCIcN0iVV-1CZPM5R53ngFOmcqr4gkilvdax_a4_dh_nZhgN9K6k6KJcApqik_PGITQMIkLcpkClH-B1ul45Z-BXAXYQLXwOixwF_C7glG5G4YfdW4S7OerqBrSBrsWGcphAVOgn7kc4xdCB64Ht_U-3nSkhVMaSQ9X4L1or8sd9XPBuw9DuNG8GWT3TLMjioFw8cvNwex3JZbM0gUuap9PuQ-n2XSwjTZ-tHVQPFLZv1q8tB_qCNWS0b5fnfSO2FZ15VHIK2RwV5BzHiIN4rsNFVC3-5CNGGd5CIh9wSRH5njQrkkFJGVDK-8rTstoeU5olesm_ehb0BaiAY5pSqKt1Ckk7l9VDukClABa8InrZBuvHLJM6yc3u5UL1wF6G-aLR3iVyFY6O7BeKnYgaP_R_cbk6IqZlHfkIAx-zXINXss0yz1ZmyHpkHsKBNlANrF2rbHBWY5DJH6BRycSWBXN2Qk_rpy44MHFCzgNqtaGcxAgZ3lTDzRCEBHs7A3qTQgJTNyjtNDBeBwWnB2HJnK4Cv7D3T7A22B_xNTGcvjBo_eHX8pJK8NmIG4zUyMk51mJczKvOKHlNZNJxI2wgqs6lyq4BbXshaNltYsTb0jgfVwLZbfaowA2AxpULHkv1gkPmtzKTgPLLW9OupHS61rCCdWqaCMV-fI4-qbZNP4OSM3FYhZkmdTnbrxrBUPSNM44nybOWQ9EgprPIBVsxwy9FtXP8fYUf9DsYcl0mwdaAv9ih7QlG5nlwMn27y8bDyUIUG7cilmXgcbJFUs8C2OU406_6V3PFmdnkSKvH65k1IchWE6bq_uggjUjVv4K2JzMeT00DorAmpEeup-_FYCe03pRWnOBRTrpqFhcNcfUVjg982bXsFU72FvvYrPkOD_l93GxKk6BK0u8STqcUU9s8MumGNUwCIAXkXZf1pH7n7z5H7Es_QA7UzARaA
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B61F 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B_8zAwqPJYPeDLYHO3gPK75LACAAAAAA4AeAEAg&bg=!pKelp-PNAAY2kFOVNpA7ACkAdvg8Wr0_wEh2nYt4bWfISbNKi8qFrJDO0sw7g2tV-1liFGyOajlsngIAAAVmUgAAAOZoAQcKAObMPOnnPYkSgoax0omhG7l6BCppj1pmhmitl9k2d9KZWBclEtzppV8BM3HE6_ma2nNvEumWl758PywNke8yvuBV5TCfQL6FGx3KyWMp_AqPQrHvJSFVQce3obwP_jg1ewD2Usa9cIjHKWkf_ZMqgZFS7nFRoVDZaLjCLBeckBrUNuo8xDw4AjAvoyBVSu4Px05PxdQm5Er08suOeqDR1A9oJk97zjXcTsIzuB0tLMqu7HvFpm85RyS6g9XwUZK7dqnhlHBxy5sba6prUzHsY50PnMV2CS9XL50gY7BNrRZBgyfzX0Pc0JkCmHuvuKZvTtw0jV7FY9_0XCe5hb1iJ4DJ6e49B8cbo54nxQM_RGqTRVAuu-RgSXf4mwxsQsQflvzIMWmEGMWvz8--tFKuOLGoFN_Au5PKFHEfuZIqvz5svYlT9TFfB7SPRWsHkQHXsLgZfken2ofux8KqKvjNm0wxRvgOwG11KpONLflbN_IWCCY8lE0EXbkrOqAzlkKTYTZEgHCh1tCINfZ0AKnK8C27pXjmvGwHgJCdC4n_Nd9-WExKa6s6uCjNiOcbhUIgqlVsBy8hIS9-cMGuEYibQ7amo5OLxtVBKazA3XIeUcU0c733wI3PlU-xtZxJZ51XrwReUBdt7z6mTkKUwQKU4_p7cO7II7dXaHEYOuCD_89cUOXmlv__l5FuGLBvN4Cdwp7A5Aqtwdd0v1oAa7LeS1fMHubeUEcaLIIzWz1yevaiggwJaLauyCFShlmDs7yUoodT9aDuo5rtuR_LurqbwGrajDgfaIXhTJkcr9jVx3MAcOPJG-JsHtbv8gUGONSBQsi-PHGU20R-2UQUDBBECj6F2AIlEEpTjzxdlhcsgt7FCXlZgCSY_E6uwfj3Y8wsWYVNr63IjrR7Th2xe-gUXPTyNay6DwMo9GJ01oeKkADH4oyqYDmGDU7FEJjf7uOPywk2U_KHQAmjemhClntp362dAUxg8q1_uBnZumHcKsZk_xJF6cL3M2HqkoT-TXpVxGkW1Ri2ffcGPEomPO9s84XrV-305ZSoX6yjZcCW4Ni0Utc7aCqGEgPkWIGnJkVByCLcZjWdBWvRNTCccGwenIOVFefcyKMpHbV6enZ2fy9jj3qhru6UiBdp7YEX-674zjRLuBAOtf55kqmW8HQEs_byZaLaR_sbFk_-lHwkibIwLSI
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5DA1 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B6ZURwqPJYL-aLZLA3gPz6rWABAAAAAA4AeAEAg&bg=!pKelp-PNAAY2kFOVNpA7ACkAdvg8WkeKOlWYHFKC7EtU-wXEOQMQOYgkSN7bhpIycEHbl1CXSxcODwIAAAVaUgAAAOdoAQcKAEeABcHLyKBWwwh_dEOPgKb597TENndgxIXwEkVZl3AK6ld6QIEE0YOcDrW2Iz7ime3TpdlvR1e0kOuDDqOMMVkodmdzz1bWCJkCi5FQ8riQPZuVvL_urRElBKABWDkMwPEbYn2hBi_xRh0pkl9X_cjCbB6IL8HYCKNpN1JLpAgDxWSLXl9uuf-4q-FjmDyZQfPpyjwdvwOS2g5-2VQykZTzVeWE9d9vHsEhvHTYQWKBA_nqUzSLLGjd9kmZT2hp5l-L1mx3qWDvH1MqopyU9FBQyUsZ-an43_FVhUlGhfYvyvXI1nvO6IrDQo72TNGNMwD3_V9XWDgYdzVXta-ldfttfmw7fj5nyOtOYcpmEOeV6h_ecAt6Pjs6FondchT9_7OZC5DlIJafb-EOuWnn1nl1ymD4fpyOrnmuQkA6zmaxakxTc4tTX4b4srlTIWu8aiYsk8OitIWw_4rwmPrfBLnYf9NBCURHDNAaJvuRTGYUDdBBSeytyqTHUTr-Ww3xfY-95O9BjrGwDm3vWtegGoXGIZsdEQ6Zaut5vepN9e20MCiLXfUxQaXjywaf-0VM2lBlbI4BiCrfDUbAXGUlFKP8_nqIOvMNALBCjf6xyK6gqXP5uCQb8rAO6X1Df_32bu3OK84zRDh92pr41eXMRtfY5qn8uhXlvXQDcNn4XirHPwJAxoXO95Og2TPV138-NgVnZFqQ1Fzknfvl4gpOU2UGLUAfpqljiAo3Ig2P2OqKG8pvkSY3wCw7eFUqhS7PkZaXv-wt9vyfc_I-lCcXRMq_nY8ASw09RSZv7cze1eN6-tvYjTc7KLG90vqD4QTrYxgvzB-xviqEusns0Ca6K_43njzZ2ii72NmK4itCz3KVfYVDuehf936VR7nK0eb77BL3RebawKrFIBvZHopzHY-QpuG6ozEsD7r91jHCu7WhDY5fyzP04sbM16jNLlSXGyTYAnn6Sg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
balla.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/balla.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 06:36:19 GMT
x-content-type-options
nosniff
age
347618
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3773
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 06:36:19 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame 527D 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1300847.3528642SIUC/B25554442.301288128;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=702412196;ord=ar63kv;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=348;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
109
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
express_html_inpage_rendering_lib_200_271.js
s0.2mdn.net/879366/ Frame 527D 		111 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1300847.3528642SIUC/B25554442.301288128;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=702412196;ord=ar63kv;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=348;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://ad.doubleclick.net
Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 08:33:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81409
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39287
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 18:02:50 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jun 2021 08:33:08 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 527D 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1300847.3528642SIUC/B25554442.301288128;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=702412196;ord=ar63kv;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=348;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77295
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 78D4 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BONWowqPJYJ-SLdPC7_UP0t2t8AkAAAAAOAHgBAI&bg=!n5ylnNjNAAY2kFOVNpA7ACkAdvg8WhspzrSLDLFfjAAhiDX9QvrLx6Aj718YqVVIhTVNvfRljBSF6gIAAAVFUgAAAI9oAQcKABu-A6GSAua7X-oX5xWDIKOgEK3-1J7lLPlUCVqZApASp6vTSC4xbdqr8Kmt9xjiGNahSz_hGExhTtwVzMCRMOYS-wJfJLHal0uiDVUN3u6X2JJyPHbNuPvFtMrc3ls-u9afvEhJ01Wdr8mb4ZKjauMX3gy2ORReMNlXYHEJHS40q_kAvhxhd_tDz9QKPLY6PP-KvUPAYm23KZyz27Z3zEIkDSYtpUEu4MkYL8CyxKbPG4grkVcanVyg0RAqojBalJgIfg1KKXcaOjrZqmeGJ9VujKReCAxuj9U-0rSRbs50C1bJAR-iTnQqI5EffUlMeiFRfQ-nhx5VU-56IOeTi-UqkdnXJJkSfiRFYofwDqEbOq70CfDY352Gso-7NBHQ1CufgzlEEIY28yOvbWrIpyH3qW8VyNuxqGTjmeeMXv8GYCuYQq8JctyFOcCD1tLcMwTaICP9SzMJC9HCmgCpZy4EV5IpbHdy8XYWWOjZEAV0EfVL1z36AFI3RrzQzZ3aLpa-eo5dhADzmm3VDdUg0QTw2Rzr5WlA7lQ-lBN7CP-16WygHyAsE4GNj5MNsrFB4wbhTVXpaoPirxAzd2EBtsc5GJZl_SGdM8z_rv00F4AdP2uo3f48MtPQ0WA5ZS_NWsmA-n5LnQ4UE_u4PpHrlU6DQ3w3UGzwxvzkUK7SKRrvOYz41RZhQWqKMkCQ6o8MLwvDmbmSSNYOoGF2iwVJAcP4GhneZB9IZq3tMQ7OuPFWCds7Ccn_vR6LKhM-Fw6AuYcm_83YSXPw5yl66WNTwVzaiDQKpVckN6XAgxxPIJ663LH2lfj_mPsvSpRyWul1FKEX3DhTe_Hg5_5QlEIGwO2oEb33taUzIDnz7EB0-UpmerBYlvRcSrT0WdMScXSYrV-IKigzD174qCJMw4n5AQ
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:57 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pro_b.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/pro_b.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:26:24 GMT
x-content-type-options
nosniff
age
319413
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7312
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 14:26:24 GMT
B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2...
ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/ Frame B782 		37 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v75.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.185.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ad.doubleclick.net
:scheme
https
:path
/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmlHg5IBiAW--ymlEGlmCW0_3sB3U0abFbZcBJkiD8jarEOf4344WawkHKahPg
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 16 Jun 2021 07:09:57 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
server
cafe
content-length
18745
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
machine.jpg
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/machine.jpg?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 09:58:37 GMT
x-content-type-options
nosniff
age
335480
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16606
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 09:58:37 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame E60B 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77293
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 527D 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:57 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:57 GMT
index.html
s0.2mdn.net/sadbundle/3048254225462688419/ Frame 0A4A 		75 KB
75 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/3048254225462688419/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
s0.2mdn.net
:scheme
https
:path
/sadbundle/3048254225462688419/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
76799
date
Mon, 14 Jun 2021 17:41:21 GMT
expires
Tue, 14 Jun 2022 17:41:21 GMT
last-modified
Sun, 18 Apr 2021 05:31:22 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
134916
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 527D 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst40EgVKMMRoJ7wc5500F-muMXpRfhx0Wd04ic-eQaozur5z68CK5TUTzAm7X-qXUfOf4pJ4eJrpMqKRFC_C0ODf4O8VE6joEnlBFwGxUWUMm--8312RqfL-249NhIJdvxfM7eViAbPTc9mZg&sig=Cg0ArKJSzFS4fSrZBJZmEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=29&cbvp=1&cstd=27&cisv=r20210610.79356&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1300847.3528642SIUC/B25554442.301288128;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=702412196;ord=ar63kv;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=348;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:58 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
bar.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/bar.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 06:36:20 GMT
x-content-type-options
nosniff
age
347617
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2896
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 06:36:20 GMT
1f525.svg
s.w.org/images/core/emoji/13.0.1/svg/ 		822 B
696 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/13.0.1/svg/1f525.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT arn 1
date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Oct 2020 16:13:32 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f60d.svg
s.w.org/images/core/emoji/13.0.1/svg/ 		941 B
564 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/13.0.1/svg/1f60d.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT arn 1
date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Oct 2020 16:13:30 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f606.svg
s.w.org/images/core/emoji/13.0.1/svg/ 		1 KB
674 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/13.0.1/svg/1f606.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT arn 1
date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Oct 2020 16:13:31 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f633.svg
s.w.org/images/core/emoji/13.0.1/svg/ 		959 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/13.0.1/svg/1f633.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT arn 1
date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Oct 2020 16:13:31 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f600.svg
s.w.org/images/core/emoji/13.0.1/svg/ 		450 B
489 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/13.0.1/svg/1f600.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT arn 1
date
Wed, 16 Jun 2021 07:09:58 GMT
x-content-type-options
nosniff
last-modified
Tue, 20 Oct 2020 16:13:31 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=315360000
accept-ranges
bytes
content-length
450
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f647-1f3fb-200d-2642-fe0f.svg
s.w.org/images/core/emoji/13.0.1/svg/ 		2 KB
887 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/13.0.1/svg/1f647-1f3fb-200d-2642-fe0f.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT arn 1
date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Oct 2020 16:13:32 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f609.svg
s.w.org/images/core/emoji/13.0.1/svg/ 		1 KB
677 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/13.0.1/svg/1f609.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT arn 1
date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Oct 2020 16:13:31 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f62d.svg
s.w.org/images/core/emoji/13.0.1/svg/ 		1 KB
663 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/13.0.1/svg/1f62d.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT arn 1
date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Oct 2020 16:13:32 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
1f642.svg
s.w.org/images/core/emoji/13.0.1/svg/ 		525 B
347 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/13.0.1/svg/1f642.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://flyformiles.hk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT arn 1
date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 20 Oct 2020 16:13:31 GMT
server
nginx
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
page.php
www.facebook.com/plugins/ Frame C498 		106 KB
27 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://flyformiles.hk/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://flyformiles.hk/

Response headers

vary
Accept-Encoding
content-encoding
br
x-fb-rlafr
0
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
report-to
{"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
xIqSGccWft7XZcytJ9aCZyakAvJIuDmPgZjeKKQpAQi1LbgiakFFACH8VZAdKVEPLcmJVQLkLB32z/M5TFs/xA==
date
Wed, 16 Jun 2021 07:09:58 GMT
priority
u=3,i
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
logo.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/logo.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 09:58:38 GMT
x-content-type-options
nosniff
age
335480
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2928
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 09:58:38 GMT
DcmEnabler_01_245.js
s0.2mdn.net/879366/ Frame 0A4A 		28 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/DcmEnabler_01_245.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3048254225462688419/index.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/3048254225462688419/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 07:47:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
84164
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10285
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 19:32:53 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jun 2021 07:47:14 GMT
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame E60B 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327273
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
ball.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ball.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 07:42:45 GMT
x-content-type-options
nosniff
age
343633
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16719
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 07:42:45 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/ Frame B782 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20210610/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:08:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
110
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3124
x-xss-protection
0
server
cafe
etag
4537136162986801320
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 07:08:08 GMT
express_html_inpage_rendering_lib_200_271.js
s0.2mdn.net/879366/ Frame B782 		111 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://ad.doubleclick.net
Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 08:33:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81410
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39287
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 18:02:50 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jun 2021 08:33:08 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame B782 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 15 Jun 2021 09:41:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
77296
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jun 2022 09:41:42 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 527D 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst40EgVKMMRoJ7wc5500F-muMXpRfhx0Wd04ic-eQaozur5z68CK5TUTzAm7X-qXUfOf4pJ4eJrpMqKRFC_C0ODf4O8VE6joEnlBFwGxUWUMm--8312RqfL-249NhIJdvxfM7eViAbPTc9mZg&sig=Cg0ArKJSzFS4fSrZBJZmEAE&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=124&vt=11&dtpt=95&dett=3&cstd=27&cisv=r20210610.79356&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1300847.3528642SIUC/B25554442.301288128;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=702412196;ord=ar63kv;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=348;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:58 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
t5.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/t5.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 06:36:21 GMT
x-content-type-options
nosniff
age
347617
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5439
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 06:36:21 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 07CF 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/Enqz_20U.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
8395
date
Tue, 15 Jun 2021 09:41:44 GMT
expires
Wed, 15 Jun 2022 09:41:44 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
77294
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Bar.png
s0.2mdn.net/sadbundle/3048254225462688419/ Frame 0A4A 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3048254225462688419/Bar.png
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/3048254225462688419/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 14 Jun 2021 14:50:37 GMT
x-content-type-options
nosniff
age
145161
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13891
x-xss-protection
0
last-modified
Sun, 18 Apr 2021 05:31:22 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Jun 2022 14:50:37 GMT
1.jpg
s0.2mdn.net/sadbundle/3048254225462688419/ Frame 0A4A 		115 KB
115 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3048254225462688419/1.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/3048254225462688419/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 14 Jun 2021 13:57:31 GMT
x-content-type-options
nosniff
age
148347
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
117276
x-xss-protection
0
last-modified
Sun, 18 Apr 2021 05:31:22 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Jun 2022 13:57:31 GMT
2.jpg
s0.2mdn.net/sadbundle/3048254225462688419/ Frame 0A4A 		149 KB
149 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3048254225462688419/2.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/3048254225462688419/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 15:30:52 GMT
x-content-type-options
nosniff
age
315546
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
152333
x-xss-protection
0
last-modified
Sun, 18 Apr 2021 05:31:22 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 15:30:52 GMT
3.jpg
s0.2mdn.net/sadbundle/3048254225462688419/ Frame 0A4A 		85 KB
85 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3048254225462688419/3.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/3048254225462688419/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 14 Jun 2021 13:57:31 GMT
x-content-type-options
nosniff
age
148347
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
87456
x-xss-protection
0
last-modified
Sun, 18 Apr 2021 05:31:22 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Jun 2022 13:57:31 GMT
dvtp_src.js
cdn.doubleverify.com/ Frame B782 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvtp_src.js?ctx=19395023&cmp=20771662&sid=3088811&plc=215475196&num=&adid=&advid=8295605&adsrv=1&btreg=498943909&btadsrv=doubleclick&crt=152631935&crtname=&chnl=&unit=&pid=&uid=&tagtype=&dvtagver=6.1.src
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:297::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 16 Jun 2021 07:09:58 GMT
Content-Encoding
gzip
Last-Modified
Tue, 15 Jun 2021 15:24:16 GMT
Server
Microsoft-IIS/10.0
ETag
"050b880fa61d71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3122
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B782 		122 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
gzip
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server
sffe
etag
"1623410775224219"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
x-content-type-options
nosniff
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38028
x-xss-protection
0
expires
Wed, 16 Jun 2021 07:09:58 GMT
300x250_html5.html
s0.2mdn.net/8295605/1623497534626/ Frame 5AD7 		131 KB
131 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/8295605/1623497534626/300x250_html5.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
s0.2mdn.net
:scheme
https
:path
/8295605/1623497534626/300x250_html5.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ad.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ad.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
133993
date
Tue, 15 Jun 2021 14:21:10 GMT
expires
Wed, 16 Jun 2021 14:21:10 GMT
last-modified
Sat, 12 Jun 2021 11:32:14 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
age
60528
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame B782 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst1atM1dDYxH6lwTpfb6mh3o4LRU-3sILUKBqlC7H2unZgHMz6ueBFaKbqst69it_tmLxulyAMKBbZlCcBAvLplGIpajedtsF6HEe4qVCYDjwF0zv4oUV8f2Iwtf9HHZy-ijUPTQ3fRryZsiJr9lcSeQ6RiLuHIVkLGGlA&sig=Cg0ArKJSzNmYNX0aUlwdEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=43&cbvp=1&cstd=41&cisv=r20210610.00293&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:58 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
img;adv=11197228156288;ec=11197228156756;adv.a=8295605;c.a=20771662;s.a=3088811;p.a=215475196;a.a=498943909;cache=2032240668;
ad.atdmt.com/i/ Frame B782 		43 B
184 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.atdmt.com/i/img;adv=11197228156288;ec=11197228156756;adv.a=8295605;c.a=20771662;s.a=3088811;p.a=215475196;a.a=498943909;cache=2032240668;
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8004:face:b00c:0:8c Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
x-xss-protection
0
pragma
no-cache
x-fb-debug
cPLmvAyER0a4+bonJ9rFDQMKiN2jv/a97hMeL2Wl6dEDpwqj32EGE6hakRCGwPTHJKcBBJsN1tF2OZN361Jxig==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-frame-options
DENY
date
Wed, 16 Jun 2021 07:09:58 GMT
vary
Accept-Encoding
report-to
{"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-fb-rlafr
0
cross-origin-opener-policy-report-only
same-origin-allow-popups;report-to="coop_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
card.png
s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/ Frame F767 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/images/card.png?1619424422520
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/5819148025005180590/OnePlus_April_2021_300x250/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 14:26:26 GMT
x-content-type-options
nosniff
age
319412
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7028
x-xss-protection
0
last-modified
Thu, 29 Apr 2021 04:31:12 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 Jun 2022 14:26:26 GMT
dv-measurements1425.js
cdn.doubleverify.com/ Frame 5F84 		483 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dv-measurements1425.js
Requested by
Host: flyformiles.hk
URL: https://flyformiles.hk/26781/livi-bank
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:297::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 16 Jun 2021 07:09:58 GMT
Content-Encoding
gzip
Last-Modified
Thu, 10 Jun 2021 06:18:49 GMT
Server
Microsoft-IIS/10.0
ETag
"80aad779c05dd71:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=946080900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
88494
createjs.min.js
code.createjs.com/1.0.0/ Frame 5AD7 		236 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.createjs.com/1.0.0/createjs.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/8295605/1623497534626/300x250_html5.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
gzip
server
Apache
cache-control
max-age=900
vary
Accept-Encoding
content-type
text/javascript
x-n
S
accept-ranges
bytes
expires
Wed, 16 Jun 2021 07:24:58 GMT
ycAE5xxyu8a.css
static.xx.fbcdn.net/rsrc.php/v3/yX/l/1,cross/ Frame C498 		17 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yX/l/1,cross/ycAE5xxyu8a.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
ovRbU6xtomqMoMo3yo5pAQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
4592
x-fb-rlafr
0
x-fb-debug
x+x9WS9J/O2TwSteCg768t5SWNDXybXBYQ1ZAXsmOIBiyZy9dPlMIpAPsQZJXKT32RDgj9zGpZKmTrd+VlZwUw==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
text/css; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 15 Jun 2022 20:24:55 GMT
ggzcJLJkhSr.css
static.xx.fbcdn.net/rsrc.php/v3/yg/l/1,cross/ Frame C498 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yg/l/1,cross/ggzcJLJkhSr.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
nTSZf089ckVz6+BpGrIE4Q==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1102
x-fb-rlafr
0
x-fb-debug
fcOe3e6fkC4eBSH4MxAcX5BFO86oaJTZJQFQkK//8+nLwPHzLK9J0/nQ8YxUp3Pi55bL2Ax4LUjDNDT3UhAoog==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
text/css; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Thu, 09 Jun 2022 17:44:03 GMT
rE55S7ybx7R.css
static.xx.fbcdn.net/rsrc.php/v3/yn/l/1,cross/ Frame C498 		15 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yn/l/1,cross/rE55S7ybx7R.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
e4rTdIaHqtGoiHIjjNnioA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
2019
x-fb-rlafr
0
x-fb-debug
ueZZjv2nhu7UQyWGtVQDe/T99LeD8+bMP3xhXerMhmDlYObs8Yy156zq6pUoCEnWNk6xA7iLJCdZLeV5fRucKQ==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
text/css; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 15 Jun 2022 20:44:50 GMT
CHf12nt8IQt.css
static.xx.fbcdn.net/rsrc.php/v3/y6/l/1,cross/ Frame C498 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y6/l/1,cross/CHf12nt8IQt.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
tzqbtlGZzVGV8G8ARjJd8A==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
5822
x-fb-rlafr
0
x-fb-debug
3CarSp4zviAMt7OC+56eYfvKS6Zi++WBmOqtqtI47V7BG3vh56KPer5j+EwDKCioh76H8DvZ+vpShXX7jIE6rA==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
text/css; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Wed, 15 Jun 2022 06:24:25 GMT
1l3VpI6Kyeu.js
static.xx.fbcdn.net/rsrc.php/v3/yk/r/ Frame C498 		296 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yk/r/1l3VpI6Kyeu.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
qWrCEeNeyCM+JjGUco+zuA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
82069
x-fb-rlafr
0
x-fb-debug
f4mrMuPNra67eGbQ507eypzVZq8ro8qlamnALLKzCA1m7r3IzT+XkmQWGAgYSxwoW4C/wW3F2b5FubiTq9lA7Q==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Wed, 15 Jun 2022 04:14:55 GMT
Lx7jzWY0qxk.js
static.xx.fbcdn.net/rsrc.php/v3/yw/r/ Frame C498 		65 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/Lx7jzWY0qxk.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
sfUNZHGSBE4v4R7TNFZVyQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
20210
x-fb-rlafr
0
x-fb-debug
E02rA1Mg49jfQ57GaEdabzh45T1lrm0GKlIfKiCqVqdxzAzELrkF1fjJ7g7+vytxaVl400TARFsWqiCLxVm25Q==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 15 Jun 2022 04:52:51 GMT
7WdMbQuAXd1.js
static.xx.fbcdn.net/rsrc.php/v3ixBN4/yv/l/my_MM/ Frame C498 		127 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3ixBN4/yv/l/my_MM/7WdMbQuAXd1.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
FaBZFjiYxevkydzktmEG7A==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
36178
x-fb-rlafr
0
x-fb-debug
AP07/oIau9mXQTfF9+uf9Co6g6FJfetu0g+J49KxXMfNf+hGW0FhHeck1KUftfP42/ySQlCz09KPMyDbo7gs2Q==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 16 Jun 2022 00:03:51 GMT
IEOQM8FL8ot.js
static.xx.fbcdn.net/rsrc.php/v3/yr/r/ Frame C498 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/IEOQM8FL8ot.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
mrvV7Xg6Liq29ANLrbPdkw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1630
x-fb-rlafr
0
x-fb-debug
OdKsDzsNhr9sjZ/JbXj0gS7XVoMbhsXKM0SCQeWKtb75+F9PSOddU43A7GPij9eebBYBv4OL6ArptG+oyZphMQ==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Wed, 15 Jun 2022 04:07:44 GMT
t1DMBVMAZo8.js
static.xx.fbcdn.net/rsrc.php/v3iVi34/yH/l/my_MM/ Frame C498 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iVi34/yH/l/my_MM/t1DMBVMAZo8.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
MsjZIhSBrpQTr2Ot4xQmzA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
5024
x-fb-rlafr
0
x-fb-debug
76aCWtnXAFgeDcPwpZVc9QFTnjaQkCyEtSONpKJQPyqimeRHpBeAIDWQKUech8A5LJBEjZB8jJNj1vjhorTXvQ==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Wed, 15 Jun 2022 06:21:17 GMT
ykbSkxJ8VJE.js
static.xx.fbcdn.net/rsrc.php/v3/yA/r/ Frame C498 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yA/r/ykbSkxJ8VJE.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
8u6hsl3sOAhh3qFnVy4qyw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
3219
x-fb-rlafr
0
x-fb-debug
zycXdolz/hJ2iJKFyEwMPb7fJ9zSHb/Sai3jWdcHQcnvA91tRPB+z5jaPeoOEw5pjZmqUnD4snNseFvxyngXKA==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 15 Jun 2022 06:08:45 GMT
qyDuHHA7qkt.js
static.xx.fbcdn.net/rsrc.php/v3/y5/r/ Frame C498 		153 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/qyDuHHA7qkt.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
JHNpQS3QtOcwLJFq9oFK3A==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
46170
x-fb-rlafr
0
x-fb-debug
/X3njAGKLpJloondLGcOR57D6kdh3iP1TPEqSrYqwWBNEX/fnCdvUbLR7nrrnbE1csVoBXJgYkoDsQuAqn65bA==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Wed, 15 Jun 2022 00:01:25 GMT
bh99Lijek2D.js
static.xx.fbcdn.net/rsrc.php/v3/yq/r/ Frame C498 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yq/r/bh99Lijek2D.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
5Zt2OKQrmIjBhfDupuJpzA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
2263
x-fb-rlafr
0
x-fb-debug
xCvCmwBfa7QIC2xZnuoUZBO6BeshUqDMFYtrOgUqzs5CpTM6pE3hCj4ustudC0cKE0TzAOYVPEbiq3n6bVdtMg==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Wed, 15 Jun 2022 19:34:00 GMT
5ni1g6pX9M0.js
static.xx.fbcdn.net/rsrc.php/v3ihk04/y2/l/my_MM/ Frame C498 		449 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3ihk04/y2/l/my_MM/5ni1g6pX9M0.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
PnsNVKbJVY6OOX1XDzGyQw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
105096
x-fb-rlafr
0
x-fb-debug
lLy/Fv/bEepF9kAgq3oKS7EaNCG8VBY58VC9wosYOZ+I8If+tuNBf4m3qITnMkOdwnitOVW1g3mhSHNWtVx1Kw==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 15 Jun 2022 06:51:28 GMT
LRo67jlaRgY.js
static.xx.fbcdn.net/rsrc.php/v3/yl/r/ Frame C498 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yl/r/LRo67jlaRgY.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
/49V/V76X87agOuBQG4NzA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
6073
x-fb-rlafr
0
x-fb-debug
QVAQmVCP3Mx0hR7K9S//MXdunaRvOS2fQH/6e4awkt7XsnOfeKq2jahL5v+rYaZs+9+utPVISNgTMiohg0aw2Q==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Wed, 15 Jun 2022 07:30:48 GMT
d__2zwz9HAa.js
static.xx.fbcdn.net/rsrc.php/v3/yo/r/ Frame C498 		100 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/d__2zwz9HAa.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
rzgGV/sULh4bwV2HO4iWhw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
28014
x-fb-rlafr
0
x-fb-debug
yqunBrKFPCgfj0zuTwGKCcwwt7+XJSdpyCZsXH42yXqm++xNOfYk0b5slZRPfw5zWyd8tR6IFf6ER5glx5wMiw==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Wed, 15 Jun 2022 05:30:42 GMT
kKoGDisRqSK.js
static.xx.fbcdn.net/rsrc.php/v3/yR/r/ Frame C498 		359 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yR/r/kKoGDisRqSK.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
SjDlqfNZ4PmDMjTAidzUAQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
82438
x-fb-rlafr
0
x-fb-debug
CEu//3Ph4VTNOKX5odGAvOY3WG1S3BFCKEorg4cyasUdSpokc8YZk126WNffoTdbLqlUPUiJGHOcVAYgD8v8QA==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Wed, 15 Jun 2022 19:34:00 GMT
CtijzZNmS0Q.js
static.xx.fbcdn.net/rsrc.php/v3/y6/r/ Frame C498 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/CtijzZNmS0Q.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
cSpHVjqeAfOLwCRV4gyoVA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1688
x-fb-rlafr
0
x-fb-debug
XqoLe3WKyG4fyHDiYVh/9cuTWRZph1+EFssMpH8MWLuWF/3HYhxU+P3KVdfJv35sHPT6/Ftjx+Q+E6QL8bEwPg==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Tue, 14 Jun 2022 23:43:46 GMT
VSDCzq-Ic8I.js
static.xx.fbcdn.net/rsrc.php/v3iVUm4/yQ/l/my_MM/ Frame C498 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iVUm4/yQ/l/my_MM/VSDCzq-Ic8I.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
+CZVVh6A1okPDHXL6mx5yw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1025
x-fb-rlafr
0
x-fb-debug
KRGpODezfj36fAv77RDi6eoj7Kvn7ohCSKgjGFdsHFiWSyGlX13lTasHILLDOsZ/+J1xniK5ozBtzPuxa1YZNA==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 16 Jun 2022 00:35:23 GMT
Uf-73aw922e.js
static.xx.fbcdn.net/rsrc.php/v3/yl/r/ Frame C498 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yl/r/Uf-73aw922e.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
O1i5c8VfmwReAn1Xg3t6xQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
5738
x-fb-rlafr
0
x-fb-debug
KloU75b+yFmBaRdXeuuOS8ABtUgR06a4trIdFPg4IURh1dkjotqH+uqzi7eNCixrsfRT9gh/69ran+lojUl48g==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 15 Jun 2022 06:03:57 GMT
JNHW1aQLTTB.js
static.xx.fbcdn.net/rsrc.php/v3/yf/r/ Frame C498 		2 KB
998 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yf/r/JNHW1aQLTTB.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
agNC6E6e+E6Zesw/5kQcYA==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
806
x-fb-rlafr
0
x-fb-debug
alePXbTxtR26xRZnCTNZULArLtHcZfZRqcaOkKuBC5yFBNGgnROv0E2BPnNgMDivSOvKH9uNxbBWNuYtmVJACQ==
x-fb-trip-id
2050670934
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Thu, 09 Jun 2022 18:30:51 GMT
150784882_1638103803060079_3622227533167936516_n.jpg
scontent.xx.fbcdn.net/v/t1.6435-0/s350x350/ Frame C498 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scontent.xx.fbcdn.net/v/t1.6435-0/s350x350/150784882_1638103803060079_3622227533167936516_n.jpg?_nc_cat=102&ccb=1-3&_nc_sid=dd9801&_nc_ohc=yLn0ixAbYAwAX_PSZHf&_nc_ht=scontent.xx&tp=7&oh=a5d86963ea2ddfa68160ef4dac40c43b&oe=60CE384C
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haystack-needlechecksum
732487074
date
Wed, 16 Jun 2021 07:09:58 GMT
x-fb-trip-id
686109401
last-modified
Wed, 03 Mar 2021 05:12:30 GMT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-FB-CEC-Video-Limit
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
1475603423
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
14497
155162465_1638103799726746_3652662926103450103_n.jpg
scontent.xx.fbcdn.net/v/t1.6435-1/cp0/p50x50/ Frame C498 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scontent.xx.fbcdn.net/v/t1.6435-1/cp0/p50x50/155162465_1638103799726746_3652662926103450103_n.jpg?_nc_cat=1&ccb=1-3&_nc_sid=dbb9e7&_nc_ohc=IC5h8f3O2c4AX_3eIDx&_nc_ht=scontent.xx&tp=27&oh=d197249160a61e9de0976133fff37525&oe=60CE4885
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-haystack-needlechecksum
1126805443
date
Wed, 16 Jun 2021 07:09:58 GMT
x-fb-trip-id
686109401
last-modified
Wed, 03 Mar 2021 05:12:30 GMT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-FB-CEC-Video-Limit
cache-control
max-age=1209600, no-transform
cross-origin-resource-policy
cross-origin
x-needle-checksum
1962250073
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1798
9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
pagead2.googlesyndication.com/bg/ Frame 07CF 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/9Oz68fYJuErojwndJ1mJpBgGu1h29Iiv5CuhDGRMGcI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 12 Jun 2021 12:15:25 GMT
content-encoding
br
x-content-type-options
nosniff
age
327273
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5758
x-xss-protection
0
last-modified
Tue, 08 Jun 2021 13:38:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 12 Jun 2022 12:15:25 GMT
visit.js
tps.doubleverify.com/ Frame 5F84 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&brid=97&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau7%3DJ7%40C%3E%3A%3D6D%5D9%3CTauU2%3F4r92%3A%3Fl9EEADTbpTauTau7%3DJ7%40C%3E%3A%3D6D%5D9%3CTar9EEADTbpTauTau25%5D5%40F3%3D64%3D%3A4%3C%5D%3F6E&srcurlD=0&aUrlD=0&ssl=https:&dfs=152&ddur=8&uid=1623827398297938&jsCallback=dvCallback_1623827398297673&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=250&winw=300&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1425&tgjsver=1425&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2Fad.doubleclick.net%2Fddm%2Fadi%2FN200801.2169905FLYFORMILES%2FB20771662.215475196%3Bdc_ver%3D75.217%3Bsz%3D300x250%3Bu_sd%3D1%3Bnel%3D1%3Bdc_adk%3D1908802799%3Bord%3Dnuwgk7%3Buach%3D%255B%2522%2522%252C%2522%2522%252C%2522%2522%252C%2522%2522%252C%2522%2522%252C%255B%255D%255D%3Bdc_rfl%3D0%2Chttps%253A%252F%252Fflyformiles.hk%252F26781%252Flivi-bank%240%3Bxdt%3D0%3Bcrlt%3D.*N24Sf91y%3Bsttr%3D21%3Bprcl%3Ds&fcifrms=16&brh=2&dvp_epl=163&noc=16&ctx=19395023&cmp=20771662&sid=3088811&plc=215475196&crt=152631935&btreg=498943909&btadsrv=doubleclick&adsrv=1&advid=8295605&errorURL=https://tps.doubleverify.com/visit.jpg&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=73181933417.04803&dvp_tukv=12529546418.14671&dvp_uuid=4849949.7041274775&dvp_strhd=0.20000457763671875&dvpx_strhd=0.20000457763671875&dvp_tuid=610698791120&dvp_vcms=6&dvp_slmsd=97&dvp_vcmsd=103
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.254.244.24 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 16 Jun 2021 07:09:58 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
max-age=0
Transfer-Encoding
chunked
Expires
6/15/2021 7:09:58 AM
couple.png
s0.2mdn.net/8295605/1623497534626/images/ Frame 5AD7 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1623497534626/images/couple.png?1623213545030
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1623497534626/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 02:31:46 GMT
x-content-type-options
nosniff
last-modified
Sat, 12 Jun 2021 11:32:14 GMT
server
sffe
age
16692
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15151
x-xss-protection
0
expires
Thu, 17 Jun 2021 02:31:46 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame B782 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst1atM1dDYxH6lwTpfb6mh3o4LRU-3sILUKBqlC7H2unZgHMz6ueBFaKbqst69it_tmLxulyAMKBbZlCcBAvLplGIpajedtsF6HEe4qVCYDjwF0zv4oUV8f2Iwtf9HHZy-ijUPTQ3fRryZsiJr9lcSeQ6RiLuHIVkLGGlA&sig=Cg0ArKJSzNmYNX0aUlwdEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=243&vt=11&dtpt=200&dett=3&cstd=41&cisv=r20210610.00293&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Wed, 16 Jun 2021 07:09:58 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
heading.png
s0.2mdn.net/8295605/1623497534626/images/ Frame 5AD7 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1623497534626/images/heading.png?1623213545031
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1623497534626/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 02:31:46 GMT
x-content-type-options
nosniff
last-modified
Sat, 12 Jun 2021 11:32:14 GMT
server
sffe
age
16692
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2422
x-xss-protection
0
expires
Thu, 17 Jun 2021 02:31:46 GMT
lady1.png
s0.2mdn.net/8295605/1623497534626/images/ Frame 5AD7 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1623497534626/images/lady1.png?1623213545031
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1623497534626/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 02:31:46 GMT
x-content-type-options
nosniff
last-modified
Sat, 12 Jun 2021 11:32:14 GMT
server
sffe
age
16692
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18752
x-xss-protection
0
expires
Thu, 17 Jun 2021 02:31:46 GMT
lady3.png
s0.2mdn.net/8295605/1623497534626/images/ Frame 5AD7 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1623497534626/images/lady3.png?1623213545031
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N200801.2169905FLYFORMILES/B20771662.215475196;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=1908802799;ord=nuwgk7;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fflyformiles.hk%2F26781%2Flivi-bank$0;xdt=0;crlt=.*N24Sf91y;sttr=21;prcl=s
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1623497534626/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 02:31:47 GMT
x-content-type-options
nosniff
last-modified
Sat, 12 Jun 2021 11:32:14 GMT
server
sffe
age
16691
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12121
x-xss-protection
0
expires
Thu, 17 Jun 2021 02:31:47 GMT
man2.png
s0.2mdn.net/8295605/1623497534626/images/ Frame 5AD7 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/8295605/1623497534626/images/man2.png?1623213545031
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/8295605/1623497534626/300x250_html5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 02:31:47 GMT
x-content-type-options
nosniff
last-modified
Sat, 12 Jun 2021 11:32:14 GMT
server
sffe
age
16691
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13475
x-xss-protection
0
expires
Thu, 17 Jun 2021 02:31:47 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E60B 		0
21 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BtE92xaPJYP_4Kt-V9u8P-9eDuAoAAAAAOAHgBAI&bg=!Dg2lDUnNAAY2kFOVNpA7ACkAdvg8WpsWnsybo8SPrU03rWKt8hYqXCFfyJJ-DCc8eLKOg_gYwTa3lQIAAAEYUgAAABFoAQcKAPV-qzYmiCNIw-8bwKPRoa2sPULcZ-p8-uPx3EZedN7PotMUukYE8ocDQ_NvV8TIswEv_N6LXnR2ZYpjcqwhatqqNEoQ4CIPRMlW9rf8s0N8zvF7zr_Xr_uQSeMwrCps2FKPPBbLCEeglcVXYfPCKm96i2gKoR9tpQ0eAjpK22ZMNOrCstA2MZIFASkeDZaK9y67FcAB1lnjbKZHjdR7Oh4biUGEOfayu1vEU3EO2vSc3pq9Sqx0-_RwvYxPvklQwWhbWGZ68VvSo7tDmE27BaOcF4MT7Omqikz56rXErKwEJg2gT5icns-QUQV7Ynuf3WwOHjuE1JkCpIjVO0l_hNBK6EDdNEUzeJ-UNaMqYFeZxGYrxSD1NhjTC-qePAZwvRiIDKPaUktjmKMNWtn5DRTnwadvJpLwzFBJprJ3vXnMzHe6UCPkWPH3x4xe5vg8E6gqLvJwB6S3f5myQtFVbNe-OKIrDAtMgf9byJfJJvUMhBLaZSMBQCsiOB7-XFKPZtB707lhmmNpP8ryeZflKdX3CV6m__sdT06Pc05cqDojJF0-1jF7HAshQ3lt7SE7zCSZP74R_XQbibNTaMSlEjvINs3bJkQdq_EBGGNuN6s2GTkQjj58IOPfn5EwQZBBf8qYxAOvBhxZqYzNj07tGvELwMiCBPsuvjjGWR_lEbcRaCyb5Z55GHuxsltjsg6JM9lkSOFdK4c3ChNuWvLdkREhe8Derkoj84UxkFMv21fbf-4bjZJHIJheOKwUR5QZS-9RS_8-bvUZhYX0nwyQ5TZtMqzEsZ7vAnm8jNvbhL8qDhh7bQn-FOvh5fgwj_gI8gTpa9p6x9cXvRMb9YOZi8uVSLmP4Wqr42f_0Fn5UIqc404nQUiSkBgMjPUJy0-rSpZ0uZGz9MY6TlRI-WqptTGxVE33j5JifV9EJt1Gi_h5r3t7Hpm607SQxc5ZDg02w_Ldxa5Ora3iO2FQjVc1VXCMn13NklPKltjPoKmfoaprWyZ1pikLzHD0huDXkOqlzXRoINVYeFnvcwbDTxCLyWh0oT-XQmptsRkAr4kIBHVQuOkBMrdhInNJsGsdSJKWDgtys6613tD5uFPWCQtDsd5CqSXpbiOtaEa-O3Z4xkUFP3_jR2IAuD6Vz-Empj9tCpLPdogkxP1pCULbdbTZiksSd1wb7OzS7zB6De_V0ZjzCzmtzM__HjKShhsXKMErglAOHAh2jFgEgnCnpsc
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:58 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
qGoWo6gBwwP.png
static.xx.fbcdn.net/rsrc.php/v3/yy/r/ Frame C498 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yy/r/qGoWo6gBwwP.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yn/l/1,cross/rE55S7ybx7R.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yn/l/1,cross/rE55S7ybx7R.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug
LWQXfe1R4Fcb8sy2xy7iCeja5H5ZG9CJvaBWe3NjEil1MYqEttLMaUnhanTTvcbVAw38vxInZkL1wX+SgwpMxw==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
iN31dShDArRt9ZikrDb13w==
date
Wed, 16 Jun 2021 07:09:58 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
content-length
2616
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
x-fb-rlafr
0
expires
Fri, 10 Jun 2022 00:25:12 GMT
ApcBOUT5FoS.png
static.xx.fbcdn.net/rsrc.php/v3/y_/r/ Frame C498 		573 B
624 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/ApcBOUT5FoS.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yX/l/1,cross/ycAE5xxyu8a.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yX/l/1,cross/ycAE5xxyu8a.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug
FsvwSwVMmXwkTE5MLho9t2f/fD32frMa/rt3jWLRpgUQXSNEAuP9E1Bf0zd7hPes+pynghlk1CaaE9fLb2c6WA==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
Y/eW3MWFNJnkcpEqoXzG3Q==
date
Wed, 16 Jun 2021 07:09:58 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
priority
u=3,i
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
573
x-fb-rlafr
0
expires
Sat, 11 Jun 2022 23:34:55 GMT
/
www.facebook.com/pages/call_to_action/fetch_dialog_data/ Frame C498 		921 B
562 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/pages/call_to_action/fetch_dialog_data/?id=1665402090330250&surface=pagePlugin&unit_type=VIEWER
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3ixBN4/yv/l/my_MM/7WdMbQuAXd1.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

X-FB-LSD
5MozGjYVNr2Kf-oBl0JhGL
Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
x-content-type-options
nosniff
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
1pAg2W1kaMalIMVvKaJbNqYP1rh/rEtq54OjG9gF+onBwXpt7PG/ytlackNI+KWw7UZK19l1/xmIU3b/74i78A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 16 Jun 2021 07:09:58 GMT
vary
Origin, Accept-Encoding
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
DrxPITcS0x4.js
static.xx.fbcdn.net/rsrc.php/v3/yw/r/ Frame C498 		278 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/DrxPITcS0x4.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yk/r/1l3VpI6Kyeu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
jjFzgLE9DJ9bzNq6tjHxkQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
59318
x-fb-rlafr
0
x-fb-debug
y4HPJGlWFUq+miJOKqXf5Z5Qh4G5uHPHfEjPqxtNPhCsR3brbgULDRnmNEjYAG1b6zT08VWvrhXTXQOoYljlQw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 15 Jun 2022 19:34:01 GMT
cAEvN19HjM2.js
static.xx.fbcdn.net/rsrc.php/v3/yB/r/ Frame C498 		885 B
431 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/cAEvN19HjM2.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yk/r/1l3VpI6Kyeu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
lRXvpxxdUT7QUnYyGQ+l6g==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
378
x-fb-rlafr
0
x-fb-debug
lZPy1hhmYfzctpmx155NxZfj/q1ti0aY5EhsestvfeFXmjOYGaHDee/AQfplel7Jx5RQOZa/4wTcGob68MQytA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Wed, 15 Jun 2022 03:49:25 GMT
VV8MzQl0KXv.png
static.xx.fbcdn.net/rsrc.php/v3/yh/r/ Frame C498 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/VV8MzQl0KXv.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yn/l/1,cross/rE55S7ybx7R.css?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yn/l/1,cross/rE55S7ybx7R.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fb-debug
reVehk9hbpBcIFS8guNbig0lWQAq5e3sxKF6fH91Ufl9oz4YAxXDpNAJeku0sCekGZ2CKHv1LIjFCf9JEbzwDw==
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
MvSE8DfWipbGf+d7/AYtUg==
date
Wed, 16 Jun 2021 07:09:58 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
content-length
12129
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
x-fb-rlafr
0
expires
Mon, 13 Jun 2022 10:22:51 GMT
SjqtseFzqGq.js
static.xx.fbcdn.net/rsrc.php/v3iY7g4/yV/l/my_MM/ Frame C498 		2 MB
266 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iY7g4/yV/l/my_MM/SjqtseFzqGq.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yk/r/1l3VpI6Kyeu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://www.facebook.com
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 16 Jun 2021 07:09:58 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
Ao6LKurTx3X/igfZsDwzVQ==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
272608
x-fb-rlafr
0
x-fb-debug
+rkgKg73QgFO6DJY1aMEmXLc+2xihUNolAVYLNC+btC08DHKdUF3EAiV2XSvYtQtiiHmMOAj8XOp6NHMv0K0sA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Thu, 16 Jun 2022 03:59:20 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 07CF 		0
21 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BAB14xaPJYKfNPNvO7_UPiNW-yAcAAAAAOAHgBAI&bg=!BAelB0PNAAY2kFOVNpA7ACkAdvg8WoEOvxWdm_lmW80DREmWQ45-tNveTf7PJMQGMBqhF28mCn-AoAIAAAEgUgAAAAxoAQeZAolWdy6LC6NNqKntlg1NOIbT63CeuSjn-H2sHxu5kkrLY2jjkE4RFaaEOpn_ER_JMFTsxF1pc0y_rF355ABuvQQnwT1z_JQv3nW1cuQkVpT8GM1RT82WwQiLDQsxjCQ-GGaeRO5PfqHDroCJSwRHsKBBW950qExBlL3kC5CPqmHYMJ13Q-0Ekdm5pErxq--SFudEWWmq3Ni1Od-gvaDEatwKF-fyR7wAQ_hiNrgPpofjW49WrXGlZExUqoqsB4dcLimrjLK7pn-qCnjnpIWhDnxjwGA3L2Jl0I9lOIG_573VNYmhQI01vk4mn5Ukau7NKJ1SKSiAfWpZRxm4HxpFuAwSOSWGkOaQqCLENEMDRQcXWiK-AWioDBTe-zjf0U2o8UumzP-5ZL4Vd3pxrFDoEGqAa7IXlMDAGXa0TX4Mp9JR8Y_oyXQZ3Q6V61od-nleMcio9AnjHXbLZYAHxbTwBGjC16zx-y23gFtSyK-UYrhQZDljtLXwzlj1PRbgWvc4SSfGMT7ezCpU52bZQyrtRPckHcaSa4ol2o7DT170R0kCwcVyHj6ea7djC7ls2mi_P9hHe_WLEddaz-oCOwvrpdNew011eJadlP1sQgrzhq27bvL-evjgdKJhMo3i1FqVBJ9K_ChIxlxv0PZczwt7yWrkqZm-E-BZqXjU4G7Wnp3yM7vzcEYDazm5GuAIcWCLCVGpMtBKRB5yn1zZqJeUhwN62cocS7wrdjqpPTQY1oca8xsOVl92jFoiAvJtiD5BEBExDu-24VvzYTemYi5jjTeHz7RXMaCxyVAUEQ4vbFq6eypLpgjpKUWj8UmFanbSKWzOkx4zgis0_Jrp8S6qkrgJWrKjODiCQ3x6
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 16 Jun 2021 07:09:58 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
event.png
tps20222.doubleverify.com/ Frame 3938 		67 B
446 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tps20222.doubleverify.com/event.png?impid=1228f5a1c72248908496f17727c2219b&gdpr=&gdpr_consent=&msrcanlm=458&msrcannum=4&eoid=7&ismms=37&isumms=37&isvelg=1&nvr=2&elmtp=6&isbxdms=2713&b0=2845&adhgt=250&adwdth=300&norwdth=300&norhgt=250&engisel=1&dvp_vsosnmr=1&lftb=2845&sftb=2845&msrdp=3&naral=192&vct=512&vphgt=1200&vpwdth=1600&chgt=250&cwdth=300&invcs=false&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=36&dvp_dpr=1&cbust=1623827398679551
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.254.244.17 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Wed, 16 Jun 2021 07:09:58 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
https://ad.doubleclick.net
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Content-Length
98
Expires
6/15/2021 7:09:58 AM
event.png
tps20224.doubleverify.com/ Frame 8D18 		67 B
446 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tps20224.doubleverify.com/event.png?impid=483377ff500f43a3b5f710e07a2ba17e&gdpr=&gdpr_consent=&msrcanlm=906&msrcannum=3&eoid=7&ismms=12&isumms=12&isvelg=1&nvr=2&elmtp=1&isbxdms=2540&b0=2667&adhgt=250&adwdth=300&norwdth=300&norhgt=250&engisel=1&dvp_vsosnmr=1&lftb=2667&sftb=2667&msrdp=2&naral=642&vct=512&vphgt=1200&vpwdth=1600&chgt=250&cwdth=300&invcs=false&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=11&dvp_dpr=1&cbust=1623827398686686
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.254.244.12 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Wed, 16 Jun 2021 07:09:57 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
https://ad.doubleclick.net
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Content-Length
98
Expires
6/15/2021 7:09:58 AM
/
www.facebook.com/login/ Frame C498 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252FFlyForMiles%252F%26tabs%26width%3D340%26height%3D130%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yk/r/1l3VpI6Kyeu.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fhref%3Dhttps%253A%252F%252Fwww.facebook.com%252FFlyForMiles%252F%26tabs%26width%3D340%26height%3D130%26small_header%3Dfalse%26adapt_container_width%3Dtrue%26hide_cover%3Dfalse%26show_facepile%3Dtrue%26appId
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FFlyForMiles%2F&tabs&width=340&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

Response headers

vary
Accept-Encoding
content-encoding
br
x-fb-rlafr
0
cross-origin-opener-policy
unsafe-none
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy
default-src facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com data: blob: 'self';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
huPG7iCjN7SzleygtAKEwrcoeTTk3mR7lvSAfL7XW8QRQhcJjxWGjscZrX6bKBW/dADl8g+BCECcpevBGsF1Vw==
date
Wed, 16 Jun 2021 07:09:58 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
event.png
tps20235.doubleverify.com/ Frame 7EE8 		67 B
446 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tps20235.doubleverify.com/event.png?impid=4c122c3f63804ae7b743c838b15fd8ac&gdpr=&gdpr_consent=&msrcanlm=906&msrcannum=3&eoid=7&ismms=8&isumms=8&isvelg=1&nvr=2&elmtp=1&isbxdms=2573&b0=2686&adhgt=250&adwdth=300&norwdth=300&norhgt=250&engisel=1&dvp_vsosnmr=1&lftb=2686&sftb=2686&msrdp=2&naral=642&vct=512&vphgt=1200&vpwdth=1600&chgt=250&cwdth=300&invcs=false&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=8&dvp_dpr=1&cbust=1623827398717123
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.254.244.17 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Wed, 16 Jun 2021 07:09:58 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
https://ad.doubleclick.net
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Content-Length
98
Expires
6/15/2021 7:09:58 AM
event.png
tps20225.doubleverify.com/ Frame 5F84 		67 B
446 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tps20225.doubleverify.com/event.png?impid=caee1565a0fd41b58e95fca72cdf6b34&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_ealrgx=1&dvp_ealmp=1&dvp_ealslr=1&vdur=61&eoid=5&msrjs=1425&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1623827400389957
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.254.244.17 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Wed, 16 Jun 2021 07:10:00 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
https://ad.doubleclick.net
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Content-Length
98
Expires
6/15/2021 7:10:00 AM
event.png
tps20225.doubleverify.com/ Frame 5F84 		67 B
446 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tps20225.doubleverify.com/event.png?impid=caee1565a0fd41b58e95fca72cdf6b34&gdpr=&gdpr_consent=&msrcanlm=906&msrcannum=3&eoid=7&ismms=9&isumms=9&isvelg=1&nvr=2&elmtp=1&isbxdms=2109&b0=2227&adhgt=250&adwdth=300&norwdth=300&norhgt=250&engisel=1&dvp_vsosnmr=1&lftb=2227&sftb=2227&msrdp=2&naral=642&vct=512&vphgt=1200&vpwdth=1600&chgt=250&cwdth=300&invcs=false&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&engalms=8&dvp_dpr=1&cbust=1623827401388914
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
213.254.244.17 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash

Request headers

Referer
https://ad.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Wed, 16 Jun 2021 07:10:01 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
https://ad.doubleclick.net
Cache-Control
max-age=0
Access-Control-Allow-Credentials
true
Content-Length
98
Expires
6/15/2021 7:10:01 AM

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: IDE
Value: AHWqTUmlHg5IBiAW--ymlEGlmCW0_3sB3U0abFbZcBJkiD8jarEOf4344WawkHKahPg
.flyformiles.hk/ Name: _gat
Value: 1
.flyformiles.hk/ Name: _gid
Value: GA1.2.394296882.1623827395
.flyformiles.hk/ Name: _fbp
Value: fb.1.1623827397922.1648969717
.flyformiles.hk/ Name: _ga
Value: GA1.2.948406158.1623827395

4 Console Messages

Source Level URL
Text
console-api log URL: https://flyformiles.hk/cdn-cgi/apps/body/D7NFE007Hri_MGWdsyvz1sK-xHo.js(Line 6)
Message:
CF-GA: Please update to pro in order to get more features.
console-api log URL: https://flyformiles.hk/cdn-cgi/apps/body/D7NFE007Hri_MGWdsyvz1sK-xHo.js(Line 8)
Message:
CF-GA: flyformiles.hk is using UA-37650801-2
console-api log URL: https://flyformiles.hk/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 3.3.2
console-api error URL: https://static.xx.fbcdn.net/rsrc.php/v3/yk/r/1l3VpI6Kyeu.js?_nc_x=Ij3Wp8lg5Kz(Line 57)
Message:
ErrorUtils caught an error: Minified invariant #11797; Params: 113 [Caught in: Module "VisibilityListener"] Subsequent non-fatal errors won't be logged; see https://fburl.com/debugjs.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8121631.fls.doubleclick.net
9304630.fls.doubleclick.net
ad.atdmt.com
ad.doubleclick.net
adservice.google.com
ajax.cloudflare.com
ajax.googleapis.com
cdn.doubleverify.com
code.createjs.com
connect.facebook.net
flyformiles.hk
fonts.googleapis.com
fonts.gstatic.com
googleads4.g.doubleclick.net
pagead2.googlesyndication.com
s.w.org
s0.2mdn.net
scontent.xx.fbcdn.net
static.xx.fbcdn.net
stats.g.doubleclick.net
tpc.googlesyndication.com
tps.doubleverify.com
tps20222.doubleverify.com
tps20224.doubleverify.com
tps20225.doubleverify.com
tps20235.doubleverify.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
104.21.30.184
142.250.185.134
142.250.186.66
192.0.77.48
213.254.244.12
213.254.244.17
213.254.244.24
2606:4700::6810:a723
2a00:1450:4001:808::2004
2a00:1450:4001:812::2002
2a00:1450:4001:813::2008
2a00:1450:4001:813::200a
2a00:1450:4001:827::2006
2a00:1450:4001:828::2001
2a00:1450:4001:829::2002
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2003
2a00:1450:4001:831::200e
2a00:1450:400c:c08::9c
2a02:26f0:6c00:297::4469
2a02:26f0:6c00::210:ba1a
2a03:2880:f01c:8004:face:b00c:0:8c
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
01f16ba5385a2b555d59212f0f988fe2b510735005cb497ef938c05b1df9106b
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
056fde7c4f7a6b6779f261c22640d19d51ac693fe70f3b9704da5647ef8fbfa7
0764e40c476a1164764274671bea4c13651e343596f384f38b59346f02224e32
082dd517fd04cfeea4c344eb3ef52bf1eeee411c98b3d73095087e886bdee6e3
092ba8579aa5b297ef60c02a4fac5536b831379d71b8c2a6e1617cfb89a5a1b1
094faff6efb2d3db27fe3db9d6b6f5c9bb6788b8c159fb26c62a20e1c8651092
0a1bc48803e545da4f2f63651d13aae3f03393f73f63870bf94839a4df6ac07d
0abb0d42eb78e164ab150bde5a8c203670c362bfab3507f34fc64ba3d6eb2f4e
0ca7188912ef3473bb7943356daf3909fb28acf076110495dd4eff399334fe70
0fab439ad5cc1869bc68fd4c1b261e5fcbe18117c29695681629e167ce10274a
11f2e1310d99fe9757ee215cae5ca598743eed9ab45c269341833c019a7a1546
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12b6742262933edb939e8114acaa11f2d100a1da507b1fd56ea3fca9fb3a5f10
13fc00e30171230c85fcf6a5d2d5a14825d42d7d00690b8c744fab84dea76c24
16754cdce3276a2b0a3025a67f5edfd169cfca2e5f4d4a2b3a968677f98b4b8b
17eaae1e75435de951939d14755b4d2c3e6001a11b563b7dc6e7623f34688926
18b9f3950a53904a49494427f77731b5f9889dceae1da765cc1134734abaac7b
18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb
19095f94beeb91713449d53963e37fc10ea6e25ab40fabb6b6b0b3fc9dd89414
22af5d3bf749542c2d95975186991b7b8c1e0766449c3fdeab55d57eb0d1ffdc
2574d0f27ffba09f0692ccb215ca0d6a70edb1aae006422dd87124daafe73f00
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
29a43336ab6ad1f9d08b7b912cc9234a19220f45eed8ee342bc63a79fc053403
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c25b306180da2f6f6b81559094e47294fbfdccaa20afde02a30d05340898848
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2cb7ae6d2e129a344bb8f3edd5cd733bc68963ef33efb605a6f6b328ae95c9c3
2eb708721a5d60b71acdd0e5be67a6385e14b86a961ed00c77a8ce936c90301f
2f1d072dc96a4b04b2d65716a566b412a3329877be4431761878c297604dcd47
30526717ce90296379be42b8a453b891069d7f46d8897c98413fc7824166fd27
30db4186a767cec3266e71d07af487bbc41b821b0bc7a3dfe7b8ab754ca4d3b0
328eea8bdd4e8ed2624f645e6a5fcf4d9730531c8680e110b95782bd4186a0e8
34b6e9936a2f024eef4f545bf4a1e717141704b00a75167fc7080fc6789e3881
35db43d06439df37094a16e304aba1683982b5e7b4727d8432ce28e3e563d3bd
3acdf0c89694b3616239cd56856c2d94966cb1fdd0e0ceadb01c1d5118d170c6
3c4792bbb953b72f673cf87a337e3bc3b37c3a860df24afa5f0167041e8e2159
4027daa75fe9d693ea7af14d00772456d42cda3c407f53d35096f05eab9c8ae6
408ec852f872ea7a44cf8e21ad7b3c4108c79c9b46cfba0b96991a2a4cbf3394
4267a142b848bdb572f99058f3ec484445096d7d2b36c85cb6c05725e0316d01
446a0351c2c9ba4b47e0e8dfac02e1e3179b5eb9b6c848c2b096c962df7e83b6
4cbc4d45480053fdaacb8b61331ed2c2117a92b380edde10a1baa4f5d9553eb2
4e0df625de5d6ce0e0bc56b7273a9843766654bb26eb733528dc781de38a4dd4
4e838bcf0aa8213cbde6f573516e98de3e328f4cdfd64f9840bb9ce062ca2bfa
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5317781d9e780e3f322cba012aca14f5b55b533c0a125f06271d09b33a9974d3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5519177a58376326afd3b3bfad43f50e2f54eefa97d1eb7b63d436d791a3fbb4
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
584e5dc88a5650ab2971244bc07c490a5c815c1577db97c3cdefd83fa6b59f91
5a7e4436d3d39e22d32a70f2c610a4c3609660f17c975765488545f8fbeb85cb
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5be7f1c5aafff9458c12362747e1ad99ea6b891b82995622e2f448427ece1480
5d60d99522c9c278a427179ed1a605b6f6e228425f05807dbe40f4d7a2e7ade3
5f85add7a8093bdce4a65c38d6abb2769702e207950388d42db26dc863bfd727
5f9f2f2dc796a153b64d0377e37a973a3dd99bd5701218fe8f6d2dc2d0d51143
5fc964c79af23756bfe5330837b86e51d87a0d1e5d1a672f7c4fd58dab268e40
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
630c7acec1d256baef486579502fecdc2186bdb46526ccf16747fc883ceb1fc6
638caa40d39dec20d95e4119187482e3c5939616252d96ded196b05c2e1cfc27
654f824e3b2d99ef96e0e3a2816b87cf323abf50429dc560b5a55fd8edf0cd42
65b978e80fdf031da25da84fd0f3e56d5d3282a2c3c07d1436e8cf1bfce4c449
6e86a52a9858206302e32036d89907e3ac87762055e7f9c6364aec33221b3e41
6f45c1b5512658541c9ad41a7f69f834261f08abb8f1153ff3570ac230d7a26d
700a4efdefe524a15c870b0f9e2c6de9fd7a1ff0bebb2c9ad4a6e9d3a69b15d8
70a5b0b12138d72265e36399b36ce4590a9df3bd22ee73c201d269b109a8177a
723f4b2c519a0d266fb3bf4d8e1a980eb1c3332b80786584eb8e9763576403c0
76ba2b14a8d25e6d5af09b300cf33c6ee77dfb1ddad67533b857f771d23ab6cd
7fd6685c64b8fc149daad29346247b5c8119e2ed193b0055389a91587a3ecc9c
7fd94e8ff8e24c98e30552008be27fccb40b2a721360fb623b0a2120780bfc8f
80504e05cca74721295131958dab58ebc0f94cdbcfbb10569149243a0cace741
82f1fa76f13561bdc8530b371dd53dbb70120cca82ef8187f984d4d417a2d9aa
83e2bebeeb8bf33481e2f06969faf1554b1ced803fd0431df9a8c8a82895a418
84d950d4c644b0c22cb503962081c1b9480a6d40f784cf6261060efd6530488a
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87b1742a27c3dded57320174685dd14ad7f2a4c13c3e64173811f9ae8f8bdfb1
8a8efa475e1a3f6126c98ffdf77ad7a27254e27fb31f1656117da5101d7fb663
8b5b37c0ccb90b5d6807296f85d9f24d5e88c5c45a5d7706e55075ad6a93acbe
8bec30587c8cba5bee5b2eef246ac0757c255ef63e6667296b89fd98a7d41fce
8cab3b2e4cb9b7bedd73593f4f6e0309d08e498714ba8206846ad27728eac1ed
8f6dc1ae308004d4466e6d14ac1f85076834bb87dc317ab4a6fad95ca375bb4f
93020b2adc9f3b5d7cf49a29b1fa0aa88067183e33fe444e918f7080e5deb122
939f88a524b63a4deff0c05148b3eff7a90c31dd352544712d297a08b028585d
9654d0fa4c77e7236c7fd5183b55600a76091fae4bfd8c62418c5c5802bf4843
965c0aadffa6db29f567ccc7e588eeb5fe2e40488ffd0545a7a102a89a6b99e7
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
98bbaf19814e65ef8f6cc17b355b9f09cad3d9bda9b7726453dce11ef81815af
9d74abe083bded572e1d9e4a4805f9098b70529bb12348627442b8fff17b3259
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
a19529e542e1f688a45a02f83c9fdc7947551f114fd2fd85d704010bb88bb8e4
a25e777b8f192a4f3ec6190fb1e11be1d1ebc166f9b7d9b1e7d87a32a6424206
a67e521fc8b5a136206d23ab0bf47b3b1a049f7cdcdf2d4a4b560445d95caf70
a87c83cca8e0c358884b3ca6798993ef045e1f6337808cc624314869b54389df
ab21fef3ac4ee12ebb305942f85de99b290b8a24654c69060e54673d5f3a11f2
ab2dd49f6a66249e00dbda0aa2a37a457d8644c983e0330353edb97dcd4b580e
ada1904d72637c1109e9561aee305aa5cde78075587b337456b5440644cab991
ae1d441f98cda45d740fc41e7dece1ebaa17c376fd6d52cbb0a8ecb1f1e55df3
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afab730bef453c494308c5b0170566e919fc71389865225f0e3df7468f99b798
b73262f215bcff6b47bc16c2c6f59e5d21c8f2d78478a9e0e142131c5b95bbfc
b86c6b2dfc3b7af774f38ccd62686c2d58efb31eae54f44eb9afae3ac18ebf7a
b88fca268e1352a0922f301c6b88f0499606c01faa8d0718de11a8153a5edc3a
bc346512963d408968e3c8f1d4c6b952849b0a8ea2ade9b5d02511b2858b7dba
bd29970551527903a13075a6f27bbb8b3740c1e186cfdc7e327646f54afdea34
bfb8a1d47abfe934888207c2c88f4b51ebf358533ba6194c3179d8b6eb4f3c7c
c42774c3c87cca02e46e4352f8c2e1a70ed1e257849a9b270c86cdab4357ec28
cbe23090c2328bdb543b98f8cf4dba715589dd0b9c8f537e3af26704e2e24a3c
cc576aedac7134fa043a59aa6660c0dc8cc5de5c6b12eb24324bd9c7722f1676
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
ce47d8ee0469b5e3553adb0c3c6f94c74de59ea0f3999d0c400bf1ba97707aff
cec854fb5d5a2345b2d6dc28fa06ffe5595c1d22dbace6d87d6be3963ada2ac3
d32f69094fccda9b5878250e8db0f3bebd9581cc84aa037c501fff10f83ae212
d7b6782f6e91291fd87e7690e44d4158655eb7fa07b3d6bbb6fec30ee9069937
da5cc8f6ebbb03ae66046c183263c58782fdf005ed2eefeaedf9773428dea3bc
de6a5a840c80fe71f1df6d23d07797e4a4bc1e0c7b59973adca6fbb8dd261e8c
dedc58e4bd992589888e4e58a892aa4a5e71bd63f8742090ab0e96af544defa9
e12a094d95d98c11c429b77830fc10283e5034a30389923f2f9ebeccff44d1fa
e3ab2105d35e3fbd7dee31a3d0fe56a6534683cc888ff8aa7d633150a34c34e9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48d9371eb4556ef8068bd60aac221036e3da882161972e4be622b8186289bf9
e4ff082cb1e77243205c2f83bba479fe0dea29580744419a3a8e0015fdefc5b7
e64a7ed2c01f45771fabe736bca60c3e0b60803e82c5cae505a1a63b21a68b2d
e67372022039ed307df3fee836f55f9f087eb0d059b8de8840fb6bf67c809919
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
e6f7ce29c0dbc721935a673601e1e729561dd15930dabe8c9174ebdb516a6ab1
e73a362a6e1e4b71261f8b36050b1ff136ecfde72d78f52f45ec1fad660a3a06
e7dc3214a170a23841be269cfab935080123129ef6e84c55a404065c1df4c869
e861e4481a775272191a6a3adae030b9c937233d628ebf7437025be21698a422
ec56913a25cd325a8965f9ebb1a5c48d85a9d1c0b0fe90b4b18a4d243592ceaf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f02750118adf5a67b613c6ce1a9c781c452da3998c3d2ec1bc87e205cc174b45
f038645d6320c363cf4dab7df079c187f71e961d68834e7c565efb27166e5eab
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f4ecfaf1f609b84ae88f09dd275989a41806bb5876f488afe42ba10c644c19c2
f7c1022dbae2ac5b2997f6e92f1f25907b053736a52aa40753fb44fcf4760370
f915a5e3dec1835dea44dccc51557870cd4b30b9351f44399930ed4bd26d8387
fe6cdd6708f445b8c824d895ac0738a2c6692923879f5cff00abb26489d2ea43
fe6e14d412c58f9751a770ea60e74c9153e653fae9dfcc92721137eedfac1a6c
fe9ad9796d39e706fe661ddf90151c0ebc03251164354d55f1ee95ca06878b40
ff3d3a88ff4c0d58d8e69e60e3ad48c2ad13e071f7489806e1f9622aba9000b4
ff46454e57fe9a6bc884461595d843c9fdd04d0c171761272dc3c0691cc4b513
ff7136d22bda18e399a439bdbb557fba20491eae93c5f66b1f95ef1b8d24ac55