www.chicagotribune.com Open in urlscan Pro
2a02:26f0:480:f::213:7edd Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi...
Submission Tags: falconsandbox
Submission: On February 17 via api (February 17th 2023, 12:11:52 pm UTC) from US — Scanned from DE

Summary HTTP 160 Redirects Links 57 Behaviour Indicators

Summary

This website contacted 49 IPs in 3 countries across 34 domains to perform 160 HTTP transactions. The main IP is 2a02:26f0:480:f::213:7edd, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.chicagotribune.com. The Cisco Umbrella rank of the primary domain is 36461.
TLS certificate: Issued by R3 on January 2nd 2023. Valid for: 3 months.

This is the only time www.chicagotribune.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	2a02:26f0:480... 2a02:26f0:480:f::213:7edd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.222.136.4 52.222.136.4	16509 (AMAZON-02) (AMAZON-02)
11	52.222.139.30 52.222.139.30	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:e00... 2a04:4e42:e00::282	54113 (FASTLY) (FASTLY)
2	2606:4700:440... 2606:4700:4400::6812:220a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	23.35.229.64 23.35.229.64	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2600:9000:21c... 2600:9000:21c7:7000:18:1fcd:351:7bc1	16509 (AMAZON-02) (AMAZON-02)
2	52.222.139.91 52.222.139.91	16509 (AMAZON-02) (AMAZON-02)
4	2606:4700::68... 2606:4700::6812:d63b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.222.139.61 52.222.139.61	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	54.205.212.62 54.205.212.62	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:350... 2a02:26f0:3500:586::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2 5	104.80.241.191 104.80.241.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.222.139.18 52.222.139.18	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:220... 2600:9000:2204:c200:3:b7e:8940:93a1	16509 (AMAZON-02) (AMAZON-02)
1	151.101.1.44 151.101.1.44	54113 (FASTLY) (FASTLY)
3	2600:1901:0:d... 2600:1901:0:d733::1	15169 (GOOGLE) (GOOGLE)
1	13.227.219.100 13.227.219.100	16509 (AMAZON-02) (AMAZON-02)
4	35.190.38.143 35.190.38.143	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:200... 2a04:4e42:200::714	54113 (FASTLY) (FASTLY)
6	34.253.85.210 34.253.85.210	16509 (AMAZON-02) (AMAZON-02)
1	13.227.217.72 13.227.217.72	16509 (AMAZON-02) (AMAZON-02)
1	13.227.219.117 13.227.219.117	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	52.222.139.110 52.222.139.110	16509 (AMAZON-02) (AMAZON-02)
1 2	107.178.250.234 107.178.250.234	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	52.222.139.90 52.222.139.90	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:991::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	3.212.58.10 3.212.58.10	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:220... 2600:9000:2204:a000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	63.34.81.234 63.34.81.234	16509 (AMAZON-02) (AMAZON-02)
1	35.166.171.190 35.166.171.190	16509 (AMAZON-02) (AMAZON-02)
6	52.223.1.76 52.223.1.76	16509 (AMAZON-02) (AMAZON-02)
1	52.222.139.54 52.222.139.54	16509 (AMAZON-02) (AMAZON-02)
1 8	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
3	34.235.180.68 34.235.180.68	14618 (AMAZON-AES) (AMAZON-AES)
5	13.227.219.103 13.227.219.103	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:220... 2600:9000:2204:a600:1:a3fa:7cc0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	52.222.139.109 52.222.139.109	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
2	98.98.134.241 98.98.134.241	21859 (ZEN-ECN) (ZEN-ECN)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	() ()
160	49

29 2a02:26f0:480:f::213:7edd (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.chicagotribune.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.136.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-136-4.ams50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.222.139.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-30.ams50.r.cloudfront.net

r610.chicagotribune.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:e00::282 (United States)

ASN54113 (FASTLY, US)

polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:220a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.confiant-integrations.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.229.64 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-229-64.deploy.static.akamaitechnologies.com

s.ntv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:21c7:7000:18:1fcd:351:7bc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.139.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-91.ams50.r.cloudfront.net

assets.zephr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:d63b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.139.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-61.ams50.r.cloudfront.net

tags.remixd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.205.212.62 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-212-62.compute-1.amazonaws.com

tribune.blueconic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:586::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.80.241.191 (Berlin, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-80-241-191.deploy.static.akamaitechnologies.com

www.tribdss.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssor.tribdss.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.139.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-18.ams50.r.cloudfront.net

dynpaywall-api-chicagotribune.ml.sophi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2204:c200:3:b7e:8940:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.osano.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1901:0:d733::1 (Kansas City, United States)

ASN15169 (GOOGLE, US)

smoggysnakes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.219.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-100.ams54.r.cloudfront.net

tribune-chicagotribune.zeustechnology.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.38.143 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 143.38.190.35.bc.googleusercontent.com

pubcast-files.remixd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
player-files.remixd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::714 (United States)

ASN54113 (FASTLY, US)

mab.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.253.85.210 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-85-210.eu-west-1.compute.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.217.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-217-72.ams54.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.219.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-117.ams54.r.cloudfront.net

launchpad-wrapper.privacymanager.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.139.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-110.ams50.r.cloudfront.net

cdn.sophi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.250.234 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 234.250.178.107.bc.googleusercontent.com

js.matheranalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.139.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-90.ams50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:991::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.212.58.10 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-58-10.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2204:a000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.81.234 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-81-234.eu-west-1.compute.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.166.171.190 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-166-171-190.us-west-2.compute.amazonaws.com

authenticate.chicagotribune.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.223.1.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: a8fd921d2017b5f79.awsglobalaccelerator.com

collector2.sophi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.139.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-54.ams50.r.cloudfront.net

launchpad.privacymanager.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:809::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

news.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.235.180.68 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-235-180-68.compute-1.amazonaws.com

www.i.matheranalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.227.219.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-103.ams54.r.cloudfront.net

zephr.chicagotribune.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2204:a600:1:a3fa:7cc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.jwplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.139.109 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-109.ams50.r.cloudfront.net

geo.privacymanager.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 98.98.134.241 (United States)

ASN21859 (ZEN-ECN, US)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (None, )

ASN- ()

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	chicagotribune.com www.chicagotribune.com — Cisco Umbrella Rank: 36461 r610.chicagotribune.com — Cisco Umbrella Rank: 85804 authenticate.chicagotribune.com — Cisco Umbrella Rank: 169871 zephr.chicagotribune.com — Cisco Umbrella Rank: 95415	1 MB
19	gstatic.com fonts.gstatic.com www.gstatic.com	667 KB
19	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 news.google.com — Cisco Umbrella Rank: 5813 play.google.com — Cisco Umbrella Rank: 21	92 KB
8	sophi.io dynpaywall-api-chicagotribune.ml.sophi.io — Cisco Umbrella Rank: 150519 cdn.sophi.io — Cisco Umbrella Rank: 18387 collector2.sophi.io — Cisco Umbrella Rank: 24208	44 KB
6	postrelease.com jadserve.postrelease.com — Cisco Umbrella Rank: 1022	4 KB
6	remixd.com tags.remixd.com — Cisco Umbrella Rank: 19569 pubcast-files.remixd.com — Cisco Umbrella Rank: 20363 player-files.remixd.com — Cisco Umbrella Rank: 19742	82 KB
5	matheranalytics.com 1 redirects js.matheranalytics.com — Cisco Umbrella Rank: 10305 www.i.matheranalytics.com — Cisco Umbrella Rank: 10141	44 KB
5	tribdss.com 2 redirects www.tribdss.com — Cisco Umbrella Rank: 47002 ssor.tribdss.com — Cisco Umbrella Rank: 48106	39 KB
4	privacymanager.io launchpad-wrapper.privacymanager.io — Cisco Umbrella Rank: 6387 launchpad.privacymanager.io — Cisco Umbrella Rank: 5415 geo.privacymanager.io — Cisco Umbrella Rank: 1630	11 KB
4	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 3409 onesignal.com — Cisco Umbrella Rank: 1343	82 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	2 KB
3	smoggysnakes.com smoggysnakes.com — Cisco Umbrella Rank: 64631	22 KB
3	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1441 mab.chartbeat.com — Cisco Umbrella Rank: 2212	25 KB
2	sitescout.com pixel.sitescout.com — Cisco Umbrella Rank: 3568	191 B
2	chartbeat.net ping.chartbeat.net — Cisco Umbrella Rank: 1204	401 B
2	parsely.com cdn.parsely.com — Cisco Umbrella Rank: 2558 p1.parsely.com — Cisco Umbrella Rank: 1932	21 KB
2	osano.com cmp.osano.com — Cisco Umbrella Rank: 5810	95 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1258 c.go-mpulse.net — Cisco Umbrella Rank: 625	50 KB
2	zephr.com assets.zephr.com — Cisco Umbrella Rank: 35434	16 KB
2	confiant-integrations.net cdn.confiant-integrations.net — Cisco Umbrella Rank: 1375	98 KB
2	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 285	57 KB
1	facebook.com www.facebook.com	185 B
1	google.de www.google.de — Cisco Umbrella Rank: 6232	455 B
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 41	2 KB
1	jwplayer.com cdn.jwplayer.com — Cisco Umbrella Rank: 2542	41 KB
1	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 571	484 B
1	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 147	190 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	20 KB
1	zeustechnology.com tribune-chicagotribune.zeustechnology.com — Cisco Umbrella Rank: 97106	58 KB
1	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 900	107 KB
1	blueconic.net tribune.blueconic.net — Cisco Umbrella Rank: 55642	697 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50	94 KB
1	ntv.io s.ntv.io — Cisco Umbrella Rank: 3362	155 KB
1	polyfill.io polyfill.io — Cisco Umbrella Rank: 1370	634 B
160	34

	Domain	Requested by
29	www.chicagotribune.com	www.chicagotribune.com
11	www.gstatic.com	www.google.com www.gstatic.com news.google.com
11	r610.chicagotribune.com	www.chicagotribune.com r610.chicagotribune.com cmp.osano.com
8	news.google.com	1 redirects cmp.osano.com news.google.com www.chicagotribune.com www.gstatic.com
8	fonts.gstatic.com	fonts.googleapis.com www.google.com
7	play.google.com	www.gstatic.com
6	collector2.sophi.io	cdn.sophi.io
6	jadserve.postrelease.com	s.ntv.io www.chicagotribune.com
5	zephr.chicagotribune.com	assets.zephr.com
4	www.tribdss.com	2 redirects www.chicagotribune.com
4	www.google.com	www.chicagotribune.com cmp.osano.com www.google.com
4	fonts.googleapis.com	www.chicagotribune.com client
3	player-files.remixd.com	www.chicagotribune.com
3	www.i.matheranalytics.com	www.chicagotribune.com
3	smoggysnakes.com	www.chicagotribune.com smoggysnakes.com
2	pixel.sitescout.com	www.chicagotribune.com
2	onesignal.com	cmp.osano.com
2	geo.privacymanager.io	launchpad.privacymanager.io
2	ping.chartbeat.net	www.chicagotribune.com
2	js.matheranalytics.com	1 redirects www.chicagotribune.com
2	cmp.osano.com	www.chicagotribune.com cmp.osano.com
2	tags.remixd.com	www.chicagotribune.com tags.remixd.com
2	cdn.onesignal.com	www.chicagotribune.com cdn.onesignal.com
2	assets.zephr.com	www.chicagotribune.com
2	static.chartbeat.com	www.chicagotribune.com
2	cdn.confiant-integrations.net	www.chicagotribune.com cdn.confiant-integrations.net
2	c.amazon-adsystem.com	www.chicagotribune.com c.amazon-adsystem.com
1	www.facebook.com
1	www.google.de
1	googleads.g.doubleclick.net	cmp.osano.com
1	cdn.jwplayer.com	tags.remixd.com
1	launchpad.privacymanager.io	cmp.osano.com
1	authenticate.chicagotribune.com	cmp.osano.com
1	p1.parsely.com	www.chicagotribune.com
1	static.adsafeprotected.com	www.chicagotribune.com
1	c.go-mpulse.net	s.go-mpulse.net
1	sb.scorecardresearch.com	www.chicagotribune.com
1	cdn.sophi.io	www.chicagotribune.com
1	www.google-analytics.com	www.googletagmanager.com
1	launchpad-wrapper.privacymanager.io	www.googletagmanager.com
1	cdn.parsely.com	www.googletagmanager.com
1	mab.chartbeat.com	static.chartbeat.com
1	pubcast-files.remixd.com	tags.remixd.com
1	tribune-chicagotribune.zeustechnology.com	www.chicagotribune.com
1	cdn.taboola.com	www.chicagotribune.com
1	dynpaywall-api-chicagotribune.ml.sophi.io	www.chicagotribune.com
1	ssor.tribdss.com	www.chicagotribune.com
1	s.go-mpulse.net	www.chicagotribune.com
1	tribune.blueconic.net	r610.chicagotribune.com
1	www.googletagmanager.com	www.chicagotribune.com
1	s.ntv.io	www.chicagotribune.com
1	polyfill.io	www.chicagotribune.com
160	52

This site contains links to these domains. Also see Links.

Domain
join.chicagotribune.com
membership.chicagotribune.com
myaccount.chicagotribune.com
www.tribpub.com
digitaledition.chicagotribune.com
digitaledition.aurorabeaconnews.chicagotribune.com
digitaledition.elgincouriernews.chicagotribune.com
digitaledition.dailysouthtown.chicagotribune.com
digitaledition.newssunonline.chicagotribune.com
digitaledition.napersun.chicagotribune.com
digitaledition.post-trib.chicagotribune.com
digitaledition.napervillemagazine.chicagotribune.com
placeanad.chicagotribune.com
store.chicagotribune.com
www.tkqlhce.com
fun.chicagotribune.com
www.legacy.com
www.publicnoticeillinois.com
www.facebook.com
twitter.com
www.nydailynews.com
www.orlandosentinel.com
www.mcall.com
www.dailypress.com
www.studio1847.io
www.baltimoresun.com
www.sun-sentinel.com
www.courant.com
www.pilotonline.com
careers.tribpub.com
www.chicagotribunemediagroup.com
mylocal.chicagotribune.com
my.datasubject.com

Subject Issuer	Validity	Valid
tronc.web.arc-cdn.net R3	`2023-01-02` - `2023-04-02`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
r610.chicagotribune.com Amazon RSA 2048 M02	`2023-01-24` - `2024-02-23`	a year	crt.sh
polyfill.io GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-10` - `2024-01-11`	a year	crt.sh
*.confiant-integrations.net GTS CA 1P5	`2023-01-27` - `2023-04-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.ntv.io DigiCert TLS RSA SHA256 2020 CA1	`2022-10-24` - `2023-10-26`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2022-05-06` - `2023-06-03`	a year	crt.sh
assets.zephr.com Amazon	`2022-04-28` - `2023-05-27`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-03` - `2023-06-02`	a year	crt.sh
*.remixd.com Amazon RSA 2048 M02	`2023-02-09` - `2024-03-09`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.blueconic.net Amazon	`2022-07-08` - `2023-08-06`	a year	crt.sh
akstat.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-15` - `2023-04-19`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
www.trbimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-05-27` - `2023-05-30`	a year	crt.sh
dynpaywall-api-chicagotribune.ml.sophi.io Amazon	`2022-05-30` - `2023-06-28`	a year	crt.sh
cmp.osano.com Amazon	`2022-09-02` - `2023-09-30`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
smoggysnakes.com R3	`2023-01-26` - `2023-04-26`	3 months	crt.sh
*.zeustechnology.com Amazon	`2022-04-15` - `2023-05-14`	a year	crt.sh
pubcast-files.remixd.com GTS CA 1D4	`2023-01-28` - `2023-04-28`	3 months	crt.sh
*.postrelease.com Amazon RSA 2048 M01	`2023-02-09` - `2024-02-16`	a year	crt.sh
*.parsely.com Amazon	`2022-06-05` - `2023-07-04`	a year	crt.sh
*.privacymanager.io Amazon	`2022-08-26` - `2023-09-24`	a year	crt.sh
cdn.sophi.io Amazon	`2022-10-18` - `2023-11-15`	a year	crt.sh
*.scorecardresearch.com Amazon	`2022-12-30` - `2024-01-28`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2022-12-19` - `2023-12-30`	a year	crt.sh
static.adsafeprotected.com Amazon	`2022-08-06` - `2023-09-04`	a year	crt.sh
authenticate.baltimoresun.com Amazon RSA 2048 M01	`2023-02-07` - `2023-10-09`	8 months	crt.sh
*.sophi.io Amazon	`2022-05-11` - `2023-06-09`	a year	crt.sh
*.news.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
www.i.matheranalytics.com Amazon	`2022-12-14` - `2024-01-13`	a year	crt.sh
zephr.sun-sentinel.com Amazon	`2023-01-07` - `2024-02-05`	a year	crt.sh
jwplayer.com Amazon	`2022-11-27` - `2023-12-25`	a year	crt.sh
player-files.remixd.com GTS CA 1D4	`2023-02-07` - `2023-05-08`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-26` - `2023-02-24`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Frame ID: 60CBA5530CF68A9A09753A9049DA90AF
Requests: 121 HTTP requests in this frame

Frame: https://cmp.osano.com/
Frame ID: EF2188925F1C745093E7D730036F4B2D
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q&co=aHR0cHM6Ly93d3cuY2hpY2Fnb3RyaWJ1bmUuY29tOjQ0Mw..&hl=de&v=O4xzMiFqEvA4YhWjk5t8Xuas&size=invisible&cb=6x1t0tlv9uci
Frame ID: B7E8AB367F588FA0BF6E7B675D80E2CA
Requests: 7 HTTP requests in this frame

Frame: https://cdn.jwplayer.com/libraries/FUtg69tL.js
Frame ID: D8B05468634E4D91010F42C68DFA3BF6
Requests: 7 HTTP requests in this frame

Frame: https://news.google.com/swg/ui/v1/serviceiframe?_=465732&publicationId=chicagotribune.com
Frame ID: 6F4E4082A2E91142C954B027BFA89E7A
Requests: 14 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync
Frame ID: 3A63300B872857BB2E2865B673B01653
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Lansing woman’s MJG Movement honors daughter lost to suicide while spreading kindness, generosity – Chicago Tribune

Detected technologies

Prototype (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

chartbeat\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

160
Requests

96 %
HTTPS

46 %
IPv6

34
Domains

52
Subdomains

49
IPs

3
Countries

3280 kB
Transfer

10174 kB
Size

29
Cookies

57 Outgoing links

These are links going to different origins than the main page.

URL: http://join.chicagotribune.com/#nt=primarynavbar
Title: Subscribe here(Opens in new window)

Search URL Search Domain Scan URL

URL: http://membership.chicagotribune.com/#nt=primarynavbar
Title: Subscriber Services(Opens in new window)

Search URL Search Domain Scan URL

URL: https://membership.chicagotribune.com/manage/dashboard/#nt=secondarynavbar
Title: Manage Subscription(Opens in new window)

Search URL Search Domain Scan URL

URL: https://myaccount.chicagotribune.com/300/autopaymanage#nt=secondarynavbar
Title: EZ Pay(Opens in new window)

Search URL Search Domain Scan URL

URL: https://myaccount.chicagotribune.com/300/temporarystop#nt=secondarynavbar
Title: Vacation Stop(Opens in new window)

Search URL Search Domain Scan URL

URL: https://myaccount.chicagotribune.com/300/complaint#nt=secondarynavbar
Title: Delivery Issue(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.tribpub.com/subscriber-terms-and-conditions/#nt=secondarynavbar
Title: Subscriber Terms(Opens in new window)

Search URL Search Domain Scan URL

URL: http://membership.chicagotribune.com/faq#nt=secondarynavbar
Title: FAQ(Opens in new window)

Search URL Search Domain Scan URL

URL: http://digitaledition.chicagotribune.com/#nt=primarynavbar
Title: eNewspaper(Opens in new window)

Search URL Search Domain Scan URL

URL: http://digitaledition.chicagotribune.com/#nt=secondarynavbar
Title: Chicago Tribune(Opens in new window)

Search URL Search Domain Scan URL

URL: http://digitaledition.chicagotribune.com/eveningedition#nt=secondarynavbar
Title: Evening Edition(Opens in new window)

Search URL Search Domain Scan URL

URL: http://digitaledition.aurorabeaconnews.chicagotribune.com/#nt=secondarynavbar
Title: The Beacon-News(Opens in new window)

Search URL Search Domain Scan URL

URL: http://digitaledition.elgincouriernews.chicagotribune.com/#nt=secondarynavbar
Title: The Courier-News(Opens in new window)

Search URL Search Domain Scan URL

URL: http://digitaledition.dailysouthtown.chicagotribune.com/#nt=secondarynavbar
Title: Daily Southtown(Opens in new window)

Search URL Search Domain Scan URL

URL: http://digitaledition.newssunonline.chicagotribune.com/#nt=secondarynavbar
Title: Lake County News-Sun(Opens in new window)

Search URL Search Domain Scan URL

URL: http://digitaledition.napersun.chicagotribune.com/#nt=secondarynavbar
Title: Naperville Sun(Opens in new window)

Search URL Search Domain Scan URL

URL: http://digitaledition.post-trib.chicagotribune.com/#nt=secondarynavbar
Title: Post-Tribune(Opens in new window)

Search URL Search Domain Scan URL

URL: https://digitaledition.napervillemagazine.chicagotribune.com/#nt=secondarynavbar
Title: Naperville Magazine(Opens in new window)

Search URL Search Domain Scan URL

URL: http://placeanad.chicagotribune.com/#nt=primarynavbar
Title: Advertise with Us(Opens in new window)

Search URL Search Domain Scan URL

URL: https://store.chicagotribune.com/store/?utm_campaign=evergreen&utm_medium=referral&utm_source=navigation&utm_content=&utm_term=#nt=secondarynavbar
Title: Chicago Tribune Store(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.tkqlhce.com/click-8479616-11570746?url=https%3A%2F%2Fchicagotribune.newspapers.com%2F%3Fxid%3D2301%26utm_campaign%3Devergreen%26utm_medium%3Dreferral%26utm_source%3Dnavigation%26utm_content%3D%26utm_term%3DChicago%20Tribune#nt=secondarynavbar
Title: Tribune Archives(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.tribpub.com/privacy-policy/#notice_opt_out#nt=secondarynavbar
Title: Do not sell my info(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.tribpub.com/privacy-policy/#nt=secondarynavbar
Title: Privacy policy(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.tribpub.com/central-terms-of-service/#nt=secondarynavbar
Title: Terms of service(Opens in new window)

Search URL Search Domain Scan URL

URL: https://placeanad.chicagotribune.com/whos-who#nt=secondarynavbar
Title: Who's who(Opens in new window)

Search URL Search Domain Scan URL

URL: https://fun.chicagotribune.com/#nt=secondarynavbar
Title: Fun & Games(Opens in new window)

Search URL Search Domain Scan URL

URL: http://membership.chicagotribune.com/newsletters#nt=secondarynavbar
Title: Daywatch Briefing(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.legacy.com/obituaries/chicagotribune#nt=secondarynavbar
Title: Death Notice Listings(Opens in new window)

Search URL Search Domain Scan URL

URL: http://placeanad.chicagotribune.com/death-notices#nt=secondarynavbar
Title: Place a notice(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.publicnoticeillinois.com/#nt=primarynavbar
Title: Public Notices(Opens in new window)

Search URL Search Domain Scan URL

URL: https://fun.chicagotribune.com/#nt=primarynavbar
Title: Puzzles and Games(Opens in new window)

Search URL Search Domain Scan URL

URL: https://fun.chicagotribune.com/game/tca-la-times-daily-crossword#nt=secondarynavbar
Title: Daily Crossword(Opens in new window)

Search URL Search Domain Scan URL

URL: https://fun.chicagotribune.com/game/tca-jumble-daily#nt=secondarynavbar
Title: Daily Jumble(Opens in new window)

Search URL Search Domain Scan URL

URL: https://fun.chicagotribune.com/game/daily-solitaire#nt=secondarynavbar
Title: Daily Solitaire(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.facebook.com/chicagotribune

Search URL Search Domain Scan URL

URL: https://twitter.com/chicagotribune

Search URL Search Domain Scan URL

URL: https://www.nydailynews.com/
Title: New York Daily News

Search URL Search Domain Scan URL

URL: https://www.orlandosentinel.com/
Title: Orlando Sentinel

Search URL Search Domain Scan URL

URL: https://www.mcall.com/
Title: The Morning Call of Pa.

Search URL Search Domain Scan URL

URL: https://www.dailypress.com/
Title: Daily Press of Va.

Search URL Search Domain Scan URL

URL: https://www.studio1847.io/
Title: Studio 1847

Search URL Search Domain Scan URL

URL: https://www.baltimoresun.com/
Title: The Baltimore Sun

Search URL Search Domain Scan URL

URL: https://www.sun-sentinel.com/
Title: Sun Sentinel of Fla.

Search URL Search Domain Scan URL

URL: https://www.courant.com/
Title: Hartford Courant

Search URL Search Domain Scan URL

URL: https://www.pilotonline.com/
Title: The Virginian-Pilot

Search URL Search Domain Scan URL

URL: https://careers.tribpub.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.tribpub.com/central-terms-of-service/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.chicagotribunemediagroup.com/
Title: Media kit

Search URL Search Domain Scan URL

URL: https://www.tribpub.com/privacy-policy#Your_California_Rights
Title: California Notice at Collection

Search URL Search Domain Scan URL

URL: https://www.tribpub.com/privacy-policy#Notice_of_Financial_Incentive
Title: Notice of Financial Incentive

Search URL Search Domain Scan URL

URL: https://www.tribpub.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.tkqlhce.com/click-8479616-11570746?url=https%3A%2F%2Fchicagotribune.newspapers.com%3Fxid%3D2301%26utm_campaign%3Devergreen%26utm_medium%3Dreferral%26utm_source%3Dnavigation%26utm_content%3D%26utm_term%3DChicago%20Tribune
Title: Archives

Search URL Search Domain Scan URL

URL: https://mylocal.chicagotribune.com/
Title: Local print ads

Search URL Search Domain Scan URL

URL: https://store.chicagotribune.com/?utm_campaign=evergreen&utm_medium=referral&utm_source=footer&utm_content=&utm_term=
Title: Chicago Tribune Store

Search URL Search Domain Scan URL

URL: https://my.datasubject.com/16A1AnRt2Fn8i1unj/23233
Title: Do Not Sell/Share My Personal Information

Search URL Search Domain Scan URL

URL: https://www.tribpub.com/cookie-policy/
Title: Cookie Policy

Search URL Search Domain Scan URL

URL: https://membership.chicagotribune.com/checkout/MTRDigital2/81032?g2i_or_o=MD&g2i_or_p=Modal_T&g2i_or_os=CTPA23&int=ct_digitaladshouse_pres-day-23_acquisition-subscriber_arc_button_modal
Title: Save Now

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://www.tribdss.com/meter/chiarc.min.js HTTP 302
https://www.tribdss.com/meter/chiarc.min.js?disabled=international

Request Chain 56

https://js.matheranalytics.com/s/ma89701/197837611/fusion/ml.js?cb=1617 HTTP 301
https://js.matheranalytics.com/static/ltm/ma89701/fusion/9/ml.br.js

Request Chain 79

https://www.tribdss.com/meter/assets/chiarc-reaction-1q2w3-1580939748189956228.min.js HTTP 302
https://www.tribdss.com/meter/assets/chiarc-reaction-1q2w3-1580939748189956228.min.js?disabled=international

Request Chain 105

https://news.google.com/swg/_/ui/v1/serviceiframe?_=465732&publicationId=chicagotribune.com HTTP 301
https://news.google.com/swg/ui/v1/serviceiframe?_=465732&publicationId=chicagotribune.com

160 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html Show response
www.chicagotribune.com/suburbs/daily-southtown/ 290 KB
73 KB 1263ms
1020ms Document
text/html 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

1e15b61e1a5597f67b6c9cff40991726d8534373967b36098c0b46ff3176e269

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

akamai-true-ttl: -1
cache-control: private, max-age=60
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=utf-8
date: Fri, 17 Feb 2023 12:11:43 GMT
etag: W/"474de-wDH/8CApJr0Ynkjf8nwfnnHd4Dc"
expires: Fri, 17 Feb 2023 12:12:43 GMT
last-modified: Fri, 17 Feb 2023 12:11:43 GMT
server: openresty
server-timing: cdn-cache; desc=REVALIDATE edge; dur=400 origin; dur=571 ak_p; desc="465732_34831773_25838573_96933_6067_39_0";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 71196 0 pmb=mRUM,2
x-arc-pb-request-id: ff4190e8-46f7-4222-9849-5c7cf35578e3
x-arc-request-id: 0.9d7d1302.1676635902.18a43ed

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 219 KB
54 KB 151ms
46ms Script
application/javascript 52.222.136.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.136.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-136-4.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0ea92c04c03d7da0e4608664dfb06b8bcf85ac91e2f58a8b984620247f447cca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 11:26:32 GMT
content-encoding: gzip
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront), 1.1 b2bc712713f500af8be071fa65fa924c.cloudfront.net (CloudFront)
last-modified: Wed, 15 Feb 2023 21:28:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1, AMS50-C1
age: 2713
x-amz-server-side-encryption: AES256
etag: W/"0b8b1ce84f37b3852d15570cccfe1752"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: zOa3MsV2ibw9Gyxqh3x-0-EkNp45el-_LejKTJ0NWjv_6pP6E-hvJA==

GET
H2 200 script.js Show response
r610.chicagotribune.com/ 136 KB
41 KB 280ms
61ms Script
text/javascript 52.222.139.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r610.chicagotribune.com/script.js

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-30.ams50.r.cloudfront.net

Software

- /

Resource Hash

f2111f9442898f8a4588f57de8f9d742b7e756f4c810e2093a95c063d647e940

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:04:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: AMS50-C1
age: 441
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 41487
x-xss-protection: 1; mode=block
last-modified: Fri, 17 Feb 2023 12:04:20 GMT
server: -
etag: 9667b891fc70e078266e0f2577ec1087
content-type: text/javascript; charset=utf-8
cache-control: public, no-cache="Set-Cookie", max-age=600
x-robots-tag: noindex, nofollow
x-amz-cf-id: Ka2tGRx6Azy6e5HlUbqWzI869-2QOkw_ttqGrophRquJM0wtJuP7KQ==
expires: Fri, 17 Feb 2023 12:14:23 GMT

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ 101 B
634 B 540ms
177ms Script
text/javascript 2a04:4e42:e00::282
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?features=IntersectionObserver%2CElement.prototype.prepend%2CElement.prototype.remove%2CArray.prototype.find%2CArray.prototype.includes

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:e00::282 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Fri, 17 Feb 2023 12:11:44 GMT
age: 1878018
detected-user-agent: Chrome Mobile/110.0.0
server-timing: HIT, fastly;desc="Edge time";dur=0, HIT, fastly;desc="Edge time";dur=1
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 94
referrer-policy: origin-when-cross-origin
last-modified: Thu, 26 Jan 2023 18:23:56 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
normalized-user-agent: chrome/110.0.0
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 config.js Show response
cdn.confiant-integrations.net/lN3nDI7DXG9pAWAqmfHN769SKz8/gpt_and_prebid/ 134 KB
31 KB 136ms
50ms Script
text/javascript 2606:4700:4400::6812:220a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/lN3nDI7DXG9pAWAqmfHN769SKz8/gpt_and_prebid/config.js
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f05669a6893e6bdf7171b1e46486771d706e05d311017054b796c9c7320589c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 17 Feb 2023 11:14:22 GMT
server: cloudflare
x-amz-request-id: A65HY536S1XEXP34
age: 128
etag: W/"e59ad91657e2ac16cf9e0f19ead0e4ee"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=900, stale-while-revalidate=3600
cf-ray: 79ae6d60abc33a92-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: vnReBfsPfMQRcBdpyOgttpmc1erLlyW4MqtTSUgshoMVtUhk8juJ1BBsKHhbryNuFVyC9MrSc8s=

GET
H2 200 react.js Show response
www.chicagotribune.com/pf/dist/engine/ 335 KB
95 KB 45ms
45ms Script
application/javascript 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chicagotribune.com/pf/dist/engine/react.js?d=114

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

0a0f424ca6d673141f840c622be3e808880680e08699650dd8a0f2fdfac0a69e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-amz-request-id: WC1FB2WGD4HMKH0V
x-amz-server-side-encryption: AES256
x-arc-request-id: 0.9d7d1302.1676635904.18a7e27
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465732_34831773_25853479_15_5072_40_0";dur=1
content-length: 96809
x-amz-id-2: 7EqsCypUhQgTm8C6Jqq3anuohvrKoKJVJ6uruHVljH/x0+IEmqqUeG09ilvKuwqRRozANYUbKvY=
last-modified: Thu, 16 Feb 2023 13:46:09 GMT
server: openresty
etag: W/"b39177549fb4ab0a0fc83ad69a292d20"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
expires: Sat, 17 Feb 2024 12:11:44 GMT

GET
H2 200 default.js Show response
www.chicagotribune.com/pf/dist/components/combinations/ 778 KB
204 KB 45ms
44ms Script
application/javascript 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chicagotribune.com/pf/dist/components/combinations/default.js?d=114

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

81f83a9290ea76b08222294b7d5b43285ee9070834f43ae9540e40659beee898

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-amz-request-id: CK4142G8JYV0BM9K
x-amz-server-side-encryption: AES256
x-arc-request-id: 0.9d7d1302.1676635904.18a8138
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465732_34831773_25854264_15_4706_38_0";dur=1
content-length: 207530
x-amz-id-2: etCYk3sHTa+tX3ZK1OlHFvAHn9AFcIeWT4zYHQKF3SfcAnyREeCYTjt46jhD1lHk1ig1WT8a6Iw=
last-modified: Thu, 16 Feb 2023 13:46:09 GMT
server: openresty
etag: W/"9d1cdfdec95f17d67fc4ec5b2c092bae"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
expires: Sat, 17 Feb 2024 12:11:44 GMT

GET
H2 200 default.css
www.chicagotribune.com/pf/dist/components/output-types/ 34 KB
5 KB 92ms
91ms Stylesheet
text/css 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chicagotribune.com/pf/dist/components/output-types/default.css?d=114

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

75e658b80c8d440849fcb3dd4462b319b289f8de2fec0972b45fc88e3ec73d61

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000, 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-amz-request-id: WC17SFQ12TGNFN0V
x-amz-server-side-encryption: AES256
x-arc-request-id: 0.9d7d1302.1676635904.18a71fa
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465732_34831773_25850362_63_5217_39_0";dur=1
content-length: 4622
x-amz-id-2: 9kVuhhBWWsUcI2OOhqodBAP/8K+giVneezLcocFZLciTG1eVacNpQAHqz5SyO1uvvFVz5S1mZjaPjCqFOAr92YWAc9rkiUL9+vBXzmN0PoE=
last-modified: Thu, 16 Feb 2023 13:46:09 GMT
server: openresty
etag: W/"ec252ef55c98a2bd2a4c2fcc61a47198"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
expires: Sat, 17 Feb 2024 12:11:44 GMT

GET
H2 200 default.css
www.chicagotribune.com/pf/dist/components/combinations/ 64 KB
11 KB 94ms
93ms Stylesheet
text/css 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chicagotribune.com/pf/dist/components/combinations/default.css?d=114

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

337287fc5427369dced36028a2d0959f06d434b030c4c3f0b88223b648300425

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-amz-request-id: CK4FGX2MNVS7KWFS
x-amz-server-side-encryption: AES256
x-arc-request-id: 0.9d7d1302.1676635904.18a727d
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465732_34831773_25850493_975_5115_39_0";dur=1
content-length: 10676
x-amz-id-2: xMvFwva2gq1JwhHMj2dddEtMHldGu2109KI1d5zxQYbGi59iHzu4trXqDI7cvp/1W0q6pDoDdODGozIf0RyHXA==
last-modified: Thu, 16 Feb 2023 13:46:09 GMT
server: openresty
etag: W/"366024d18194bdd3fc38316002de5c77"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
expires: Sat, 17 Feb 2024 12:11:44 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 147ms
53ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:wght@400;600;700&display=swap

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cd9216308f7433d319f912cfc029861f0176f0d0af13c57338d291f757fb01de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 Feb 2023 12:11:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Feb 2023 12:11:44 GMT

GET
H/1.1 200
OK load.js Show response
s.ntv.io/serve/ 545 KB
155 KB 181ms
75ms Script
application/x-javascript 23.35.229.64
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/serve/load.js
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.229.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-229-64.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 564c0da4e58950dfa166596840e39d3f744f562a3fb48cfaab0afec82bb7e0a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Fri, 17 Feb 2023 12:11:44 GMT
Content-Encoding: gzip
x-amz-request-id: Q3G695ZYRQ6VXJFT
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
x-amz-id-2: j7MFt0OB0d6ZhVpgTrePP/630evOSGHPxLB85UZx7QIRWuVls5Ub8+mlgkc6qSc77ef68uztP00=
Last-Modified: Thu, 09 Feb 2023 15:40:10 GMT
Server: AmazonS3
ETag: "5e6b7f6776fc8b3b41f92797af08e2f0"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 chartbeat_mab.js Show response
static.chartbeat.com/js/ 23 KB
10 KB 148ms
41ms Script
application/x-javascript 2600:9000:21c7:7000:18:1fcd:351:7bc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab.js
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21c7:7000:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5da042d5812f163384470df8b5fbca46e8364922c47407a8dbdcf114066fc6ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 01:13:30 GMT
content-encoding: gzip
via: 1.1 4b3bed207ec72204ebc89ae818e573ee.cloudfront.net (CloudFront)
last-modified: Wed, 20 Jul 2022 00:57:56 GMT
server: nginx
x-amz-cf-pop: AMS54-C1
age: 39494
etag: W/"62d75314-5d6b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: fBuFRdSmCytB1VcfLvX7peD0uhmUak5nBbD-vgCvxzhpn_ikySDM-g==
expires: Sat, 18 Feb 2023 01:13:30 GMT

GET
H2 200 zephr-browser.umd.js Show response
assets.zephr.com/zephr-browser/1.3.9/ 39 KB
15 KB 141ms
43ms Script
application/javascript 52.222.139.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.zephr.com/zephr-browser/1.3.9/zephr-browser.umd.js
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-91.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fcac0e1a4f11bbf64e60b1305ef1b935ff5c41e49d150c42ca8d8d6464dc240f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 07:39:48 GMT
content-encoding: gzip
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
last-modified: Tue, 27 Apr 2021 11:02:55 GMT
server: AmazonS3
x-amz-cf-pop: AMS50-C1
age: 16438
etag: W/"c531ce77a9ff6380e9671dee680a2102"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: jMA0_DcrYyY2q84-j-OmDZLxQfgp96QFE5HB0CvBEKN1oV1eBD8xFg==

GET
H2 200 zephr-minify.1.0.1.js Show response
assets.zephr.com/tribune/ 1 KB
1012 B 142ms
45ms Script
application/javascript 52.222.139.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.zephr.com/tribune/zephr-minify.1.0.1.js
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-91.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ed6b237b687782c7d85630dec9239d26965f826b0b1a64d2817b4dec65db486a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 09:07:16 GMT
content-encoding: gzip
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
last-modified: Mon, 19 Apr 2021 11:32:39 GMT
server: AmazonS3
x-amz-cf-pop: AMS50-C1
age: 11517
etag: W/"d9f4fec80c2b61c13ef9d38b99f5708c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: kLqW8QWHAIdu-mxkS8yaTrqM6tHUweN8-aJUeIl9lSMnq4bbaW4_iQ==

GET
H2 200 HXNYRVY5HNCL5CE63SGLJM3EWI.jpg
www.chicagotribune.com/resizer/DMdvRIh4qq-5cgzOTbZL2DqQF-Q=/800x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 39 KB
39 KB 78ms
76ms Image
image/avif 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/resizer/DMdvRIh4qq-5cgzOTbZL2DqQF-Q=/800x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/HXNYRVY5HNCL5CE63SGLJM3EWI.jpg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

21c611f1b97656362b0414431388a23564cb2d275135f31e98ddafe5ed356bba

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sun, 12 Feb 2023 15:28:50 GMT
server: Akamai Image Manager
etag: "649b925633a3b43cdea9e3cbb99b61fd740e43b2"
x-arc-request-id: 0.9d7d1302.1676635904.18a88e6
content-type: image/avif
cache-control: private, no-transform, max-age=31115809
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465732_34831773_25856230_483_6921_39_0";dur=1
content-length: 39862
expires: Mon, 12 Feb 2024 15:28:33 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 144ms
49ms Script
application/javascript 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3565ea346e63fda91cc67ba8fc11e95b7482d5873a4f4c6a47c4185b772d9a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:44 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1792
etag: W/"5ffd70753209ca4d09cfef90e7c44df3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 79ae6d642ed590da-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 20 Feb 2023 12:11:44 GMT

GET
H2 200 Menu_Icon.svg
www.chicagotribune.com/pf/resources/icons/ 1 KB
1 KB 49ms
47ms Image
image/svg+xml 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/pf/resources/icons/Menu_Icon.svg?d=114

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

94dba5e97bd9780046fc76db034ae0132c04cdf51858c680ef043f841ee3a468

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-amz-request-id: WC1A9TESB3Z6DFT2
x-amz-server-side-encryption: AES256
x-arc-request-id: 0.9d7d1302.1676635904.18a8853
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465732_34831773_25856083_17_7133_39_0";dur=1
content-length: 505
x-amz-id-2: RQutMOKmPy/xu+h5Py2nIvjoVRcYWO2FFHWrGsGN2f1MJIUGon9wl28yQjW51A+2MFEYBbARfqY=
last-modified: Thu, 16 Feb 2023 13:46:08 GMT
server: openresty
etag: W/"3078b03aa176e280460db6374ed5934b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
expires: Sat, 17 Feb 2024 12:11:44 GMT

GET
H2 200 Search_Icon.svg
www.chicagotribune.com/pf/resources/icons/ 1 KB
1 KB 77ms
75ms Image
image/svg+xml 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/pf/resources/icons/Search_Icon.svg?d=114

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

9729f3eab64671484b7dc72a11b62aa1f6f7841711fa84c318e01007dd03e6c2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-amz-request-id: E91ME6M2TE11PJ3R
x-amz-server-side-encryption: AES256
x-arc-request-id: 0.9d7d1302.1676635904.18a88e7
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465732_34831773_25856231_738_5006_39_0";dur=1
content-length: 700
x-amz-id-2: p7k+Sx4QNxqGLfUmU0m0qEM5lcH40aFnaYoVemWLHHll1fllRLsODfh99ze+NLEhINU1XdmFN/I=
last-modified: Thu, 16 Feb 2023 13:46:08 GMT
server: openresty
etag: W/"d947de375e50e50a1aa4f7951e3c56b0"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
expires: Sat, 17 Feb 2024 12:11:44 GMT

GET
H2 200 index.js Show response
tags.remixd.com/player/v5/ 34 KB
10 KB 133ms
42ms Script
text/javascript 52.222.139.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.remixd.com/player/v5/index.js
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-61.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 91bcc65a1a6bb4755e48576889ae27c2f620e49d126b8127dd16c1a99945b9d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:10:51 GMT
content-encoding: gzip
via: 1.1 c8398cf797b03d1d2d2deda33fe571f0.cloudfront.net (CloudFront)
last-modified: Tue, 21 Jun 2022 15:31:59 GMT
server: AmazonS3
x-amz-cf-pop: AMS50-C1
age: 53
etag: "57b6f8ad4125903b7e06bb427c232d10"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public,max-age=1800
accept-ranges: bytes
content-length: 10041
x-amz-cf-id: xofUDi-av37mnRC8Zue1FfMiNZlkzpjUHI0IxsIZqxDe-F2EjTfZCQ==

GET
H2 200 ct.svg
www.chicagotribune.com/pf/resources/images/stacked/ 727 B
1 KB 63ms
62ms Image
image/svg+xml 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/pf/resources/images/stacked/ct.svg?d=114

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

4de3df3f8c41b969312c7f8fb0ec105ca4ceebfeff99e9c4c6552f017c8aeb2e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-amz-request-id: CK471KGFTPVXDYQR
x-amz-server-side-encryption: AES256
x-arc-request-id: 0.9d7d1302.1676635904.18a88e8
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465732_34831773_25856232_318_5832_39_0";dur=1
content-length: 460
x-amz-id-2: YXa0AoAwDTrjXbIXzI9V5az2cx0N/lL7x7HjK7O7PmMD4Ie4C+DD0kPbcBgPp6MmiMDGBSFvlvPEtWE/y2OVFw==
last-modified: Thu, 16 Feb 2023 13:46:08 GMT
server: openresty
etag: W/"95a011625b282ce688af84fdec6cf2ed"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
expires: Sat, 17 Feb 2024 12:11:44 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 118ms
39ms XHR
application/javascript 52.222.136.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.136.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-136-4.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: pfXD8LfbTWwWYbVa8nASYbe6_QUldhGN
content-encoding: gzip
via: 1.1 abc3ecd1d98ae9cd426d47386509de18.cloudfront.net (CloudFront)
date: Fri, 17 Feb 2023 00:37:56 GMT
x-amz-cf-pop: AMS50-C1
age: 44624
x-cache: Hit from cloudfront
last-modified: Wed, 15 Feb 2023 23:43:01 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: 03LBZCGXDJhQPAextNud-FqgcG2znfA6Dcied3Hnq_fUdeKUyEhiDA==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 346 KB
94 KB 161ms
71ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5K8DK4V

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3b0e937ff3f7459bea57ba083c275c61a19175e34f8f7060b92490a72501b601

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96245
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Feb 2023 12:11:44 GMT

GET
H2 200 cs Show response
tribune.blueconic.net/DG/DEFAULT/ 16 B
697 B 391ms
140ms Script
text/javascript 54.205.212.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://tribune.blueconic.net/DG/DEFAULT/cs?&callback=bc_json727

Requested by

Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.205.212.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-205-212-62.compute-1.amazonaws.com

Software

- /

Resource Hash

3decb093837ea2f97085aae5420207c69b6c7ff11df4acc6e7736c2f0ec9eaa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: -
x-permitted-cross-domain-policies: master-only
content-type: text/javascript; charset=utf-8
p3p: policyref="", CP="DSP"
cache-control: no-cache, no-store, no-transform, must-revalidate, private
x-robots-tag: noindex, nofollow
content-length: 36
x-xss-protection: 1; mode=block
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 wrap.js Show response
cdn.confiant-integrations.net/gptprebidnative/202212211045/ 216 KB
68 KB 52ms
50ms Script
application/javascript 2606:4700:4400::6812:220a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/gptprebidnative/202212211045/wrap.js
Requested by: Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/lN3nDI7DXG9pAWAqmfHN769SKz8/gpt_and_prebid/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:220a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b59e31aeaca17f052e5e16fa1713cb48d45997454c26ae2876302420b77751c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Dec 2022 15:47:15 GMT
server: cloudflare
x-amz-request-id: DW81M6YDWG8DEGTP
age: 1205534
etag: W/"fa407ba001f2ac06196124f41d523471"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 79ae6d63980b3a92-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: oxsnCOakrLSZ83A6nD7HjDExS4kQOoxrpOQeCVVxnYdgAVhn9C7/Qg0/oYdaytruZ1MKZT8YnE4=

GET
H2 200 DA9NK-5NF4A-5FWA6-EFVPV-RL87Z Show response
s.go-mpulse.net/boomerang/ 205 KB
49 KB 132ms
40ms Script
application/javascript 2a02:26f0:3500:586::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/DA9NK-5NF4A-5FWA6-EFVPV-RL87Z
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:586::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: br
last-modified: Sat, 24 Dec 2022 00:00:12 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
x-n: S
timing-allow-origin: *
content-length: 50393

GET
H2 200 DFHD762CSRCTNNGL4RTUVKZBOY.jpg
www.chicagotribune.com/resizer/jhXHlM93zL8poRBvwtHD6kfvMuQ=/1440x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 38 KB
39 KB 64ms
63ms Image
image/avif 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/resizer/jhXHlM93zL8poRBvwtHD6kfvMuQ=/1440x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/DFHD762CSRCTNNGL4RTUVKZBOY.jpg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/engine/react.js?d=114

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

b17dc2723c37186da43d192c89d7bc4bcf028b0e830de63d0e34eb29d00baa51

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000, 31536000, 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 01 Feb 2023 04:45:54 GMT
server: Akamai Image Manager
etag: "b1ddc51f6101ef238372428ed47782e9c9a7eae8"
x-arc-request-id: 0.9d7d1302.1676635904.18a8c3f
content-type: image/avif
cache-control: private, no-transform, max-age=30126739
server-timing: cdn-cache; desc=HIT, edge; dur=2, ak_p; desc="465732_34831773_25857087_354_7329_39_0";dur=1
content-length: 39239
expires: Thu, 01 Feb 2024 04:44:03 GMT

GET
H2 200 G5MBQKC4PRH5NLY5W5XHXSJZRQ.jpg
www.chicagotribune.com/resizer/-eZjkZdn54LvcKHBU2qc6ElM-Lc=/1440x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 61 KB
62 KB 63ms
63ms Image
image/avif 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/resizer/-eZjkZdn54LvcKHBU2qc6ElM-Lc=/1440x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/G5MBQKC4PRH5NLY5W5XHXSJZRQ.jpg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/engine/react.js?d=114

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

f4ef4343eb9d80c40ce3e2b626ba4327a71e63fee3f8c646f8eb67aa969efeb9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000, 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Wed, 01 Feb 2023 04:46:05 GMT
server: Akamai Image Manager
etag: "30a31246f16fde7efc6571019039f9d843a75b9d"
x-arc-request-id: 0.9d7d1302.1676635904.18a8c40
content-type: image/avif
cache-control: private, no-transform, max-age=30126880
server-timing: cdn-cache; desc=HIT, edge; dur=11, ak_p; desc="465732_34831773_25857088_1171_7708_39_0";dur=1
content-length: 62848
expires: Thu, 01 Feb 2024 04:46:24 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
907 B 147ms
54ms Script
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/components/combinations/default.js?d=114

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9310e1bf6431294af16179c9016c9b31197466b9c8ee75ece88bc8c6bc350046

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 587
x-xss-protection: 1; mode=block
expires: Fri, 17 Feb 2023 12:11:44 GMT

GET
H2 200 TGYDKCLXHRWLZPENRN4YB7BVE4.jpg
www.chicagotribune.com/resizer/Y7jX_LYd7vP6oSD5AO-SztF0gy4=/1440x1080/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 95 KB
96 KB 103ms
103ms Image
image/avif 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/resizer/Y7jX_LYd7vP6oSD5AO-SztF0gy4=/1440x1080/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/TGYDKCLXHRWLZPENRN4YB7BVE4.jpg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/engine/react.js?d=114

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

aa6cf513c805631e3da776e4d88fd82a42b30612ce0255eedec83f4d145a9b37

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 17 Feb 2023 12:02:09 GMT
server: Akamai Image Manager
etag: "b60e51f9e87ea6b02663e43edbfc647a60184e83"
x-arc-request-id: 0.9d7d1302.1676635904.18a8cc4
content-type: image/avif
cache-control: private, no-transform, max-age=31535368
server-timing: cdn-cache; desc=HIT, edge; dur=33, ak_p; desc="465732_34831773_25857220_3614_7786_39_0";dur=1
content-length: 97159
expires: Sat, 17 Feb 2024 12:01:12 GMT

GET
H2 200 I5KQQYHPAZBGBE3CUVLFYUMDGU.jpg
www.chicagotribune.com/resizer/jDB2opc40mmxjCNXVsAQ9bLXwO4=/1440x1080/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 106 KB
107 KB 71ms
71ms Image
image/avif 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/resizer/jDB2opc40mmxjCNXVsAQ9bLXwO4=/1440x1080/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/I5KQQYHPAZBGBE3CUVLFYUMDGU.jpg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/engine/react.js?d=114

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

7df4604e95a6fbc974177a6c9f31837936cc25af533ea23e1f10340605cb48a9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 17 Feb 2023 11:31:15 GMT
server: Akamai Image Manager
etag: "dbe6b7f89f1d28f5a7439f76d9779347ac8e09de"
x-arc-request-id: 0.9d7d1302.1676635904.18a8cc5
content-type: image/avif
cache-control: private, no-transform, max-age=31533561
server-timing: cdn-cache; desc=HIT, edge; dur=18, ak_p; desc="465732_34831773_25857221_1834_7365_39_0";dur=1
content-length: 108763
expires: Sat, 17 Feb 2024 11:31:05 GMT

GET
H2 200 HHGVVAPIN5ACZKUW6ZQDOY56DE.jpg
www.chicagotribune.com/resizer/4kkIfq_kw6Z-mwsxHB0uTGeVPHs=/1440x1080/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 364 KB
365 KB 76ms
76ms Image
image/avif 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/resizer/4kkIfq_kw6Z-mwsxHB0uTGeVPHs=/1440x1080/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/HHGVVAPIN5ACZKUW6ZQDOY56DE.jpg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/engine/react.js?d=114

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

325d867a377ec35a24fe5576a3889c8eab2fc01db1a372b9252f3872e991c22a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 17 Feb 2023 11:12:10 GMT
server: Akamai Image Manager
etag: "917cb10f5d625839cee6bf2e4caac63eb9ca98cb"
x-arc-request-id: 0.9d7d1302.1676635904.18a8d69
content-type: image/avif
cache-control: private, no-transform, max-age=31532443
server-timing: cdn-cache; desc=HIT, edge; dur=12, ak_p; desc="465732_34831773_25857385_1352_8348_39_0";dur=1
content-length: 372617
expires: Sat, 17 Feb 2024 11:12:27 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v34/ 16 KB
17 KB 129ms
40ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:wght@400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.chicagotribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 22:56:53 GMT
x-content-type-options: nosniff
age: 47691
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16740
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 22:56:53 GMT

GET
H2 200 MEZJ5K2UU5DM7EORBW3WSEYAG4.jpg
www.chicagotribune.com/resizer/-NDrWxNx49mspOQWcgF7vhuPj1M=/105x105/filters:format(jpg):quality(70):focal(1238x583:1248x593)/www.chicagotribune.com/resizer/jxn38je09DB6ZeoopXRjkXutwwo=/cloudfront-u... 2 KB
3 KB 69ms
67ms Image
image/avif 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/resizer/-NDrWxNx49mspOQWcgF7vhuPj1M=/105x105/filters:format(jpg):quality(70):focal(1238x583:1248x593)/www.chicagotribune.com/resizer/jxn38je09DB6ZeoopXRjkXutwwo=/cloudfront-us-east-1.images.arcpublishing.com/tronc/MEZJ5K2UU5DM7EORBW3WSEYAG4.jpg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

2872b47ffdf8c76279849acd7c50ae56c7ff365df10b92ed0707f4c758577e42

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000, 31536000, 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 16 Feb 2023 23:28:22 GMT
server: Akamai Image Manager
etag: "06766204f88c5b515e65ad5062d11220c67698d6"
x-arc-request-id: 0.9d7d1302.1676635904.18a8ea6
content-type: image/avif
cache-control: private, no-transform, max-age=31490170
server-timing: cdn-cache; desc=HIT, edge; dur=11, ak_p; desc="465732_34831773_25857702_1111_7153_39_0";dur=1
content-length: 2431
expires: Fri, 16 Feb 2024 23:27:54 GMT

GET
H2 200 DCFVHQSMKVC2PKBXV4JZESRFK4.jpg
www.chicagotribune.com/resizer/PVymA24sX8pEVhDYzWk6UMhxcCM=/105x105/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/yWbHdUIpPoET4NPLDi56Pte6Yn8=/cloudfront-us-east-1.images.arcpublis... 2 KB
3 KB 68ms
66ms Image
image/avif 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/resizer/PVymA24sX8pEVhDYzWk6UMhxcCM=/105x105/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/yWbHdUIpPoET4NPLDi56Pte6Yn8=/cloudfront-us-east-1.images.arcpublishing.com/tronc/DCFVHQSMKVC2PKBXV4JZESRFK4.jpg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

90b3d8efe63c7b8a88c60ae115cf2c86d601716f218eb95c60fc4dc24306c1c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 31 Jan 2023 21:46:51 GMT
x-serial: 1508
server: Akamai Image Manager
x-check-cacheable: YES
etag: "686f95deeeaf5c6a150ca52ee0f9c59fd4a7bcf8"
x-arc-request-id: 0.9d7d1302.1676635904.18a8f06
content-type: image/avif
cache-control: private, no-transform, max-age=30101924
server-timing: cdn-cache; desc=HIT, edge; dur=2, ak_p; desc="465732_34831773_25857798_228_6693_39_0";dur=1
content-length: 2285
expires: Wed, 31 Jan 2024 21:50:28 GMT

GET
H2 200 I5KQQYHPAZBGBE3CUVLFYUMDGU.jpg
www.chicagotribune.com/resizer/mItypypEnXzaG64ULB3KIFWXMnI=/105x105/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/aYYZrMbhH2oZ9jpbsDY2ubnGaGI=/cloudfront-us-east-1.images.arcpublis... 2 KB
3 KB 93ms
91ms Image
image/avif 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/resizer/mItypypEnXzaG64ULB3KIFWXMnI=/105x105/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/aYYZrMbhH2oZ9jpbsDY2ubnGaGI=/cloudfront-us-east-1.images.arcpublishing.com/tronc/I5KQQYHPAZBGBE3CUVLFYUMDGU.jpg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

651e4c67987352f2207738a0129ec64badb8b6900c4095638121314ca72f85fa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 17 Feb 2023 11:44:16 GMT
x-serial: 1421
server: Akamai Image Manager
x-check-cacheable: YES
etag: "4e0af0892f99cd94f47553dc58d937838c4cea66"
x-edgeconnect-cache-status: 1
x-arc-request-id: 0.9d7d1302.1676635904.18a8f07
content-type: image/avif
cache-control: private, no-transform, max-age=31534352
server-timing: cdn-cache; desc=MISS, edge; dur=1, origin; dur=118, ak_p; desc="465732_34831773_25857799_2346_7757_39_0";dur=1
content-length: 2489
expires: Sat, 17 Feb 2024 11:44:16 GMT

GET
H2 200 TGYDKCLXHRWLZPENRN4YB7BVE4.jpg
www.chicagotribune.com/resizer/0iH0ci6A2TCs6WaHHBYahEjm1Ak=/105x105/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/ITGChkO9quKvDHj4arJoeG_oxWA=/cloudfront-us-east-1.images.arcpublis... 3 KB
3 KB 385ms
383ms Image
image/avif 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/resizer/0iH0ci6A2TCs6WaHHBYahEjm1Ak=/105x105/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/ITGChkO9quKvDHj4arJoeG_oxWA=/cloudfront-us-east-1.images.arcpublishing.com/tronc/TGYDKCLXHRWLZPENRN4YB7BVE4.jpg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

543976c18570337471016b449898439413c195c7108f7b8496ab9346779ec183

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000
date: Fri, 17 Feb 2023 12:11:45 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 17 Feb 2023 12:06:50 GMT
x-serial: 478
server: Akamai Image Manager
x-check-cacheable: YES
etag: "2102428fd4b94b226a5b29906e4a931239ea87f6"
x-arc-request-id: 0.9d7d1302.1676635904.18a8f09
content-type: image/avif
cache-control: private, no-transform, max-age=31535709
server-timing: cdn-cache; desc=MISS, edge; dur=89, origin; dur=219, ak_p; desc="465732_34831773_25857801_32136_9294_39_0";dur=1
content-length: 3074
expires: Sat, 17 Feb 2024 12:06:54 GMT

GET
H2 200 ZHQVGQ4SU5HARDSNUW4FYNKTJQ.jpg
www.chicagotribune.com/resizer/L9hHTxQEIm4ouvG9lZU-U8DPM-0=/105x105/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/3G6ONpmzcd4CtiCzEZldSwmYap4=/cloudfront-us-east-1.images.arcpublis... 3 KB
3 KB 69ms
68ms Image
image/avif 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/resizer/L9hHTxQEIm4ouvG9lZU-U8DPM-0=/105x105/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/3G6ONpmzcd4CtiCzEZldSwmYap4=/cloudfront-us-east-1.images.arcpublishing.com/tronc/ZHQVGQ4SU5HARDSNUW4FYNKTJQ.jpg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

36761ae7fc6f0c2cf778ad23350764caa99747ec3c34f0b17885f441f0ea5eac

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000, 31536000, 31536000, 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 16 Feb 2023 16:37:14 GMT
server: Akamai Image Manager
etag: "734f7d4ce5cc085001338bfea9f09c758e2940f1"
x-arc-request-id: 0.9d7d1302.1676635904.18a8f0a
content-type: image/avif
cache-control: private, no-transform, max-age=31465515
server-timing: cdn-cache; desc=HIT, edge; dur=5, ak_p; desc="465732_34831773_25857802_606_6907_39_0";dur=1
content-length: 2881
expires: Fri, 16 Feb 2024 16:36:59 GMT

GET
H2 200 resize-image-api-client Show response
www.chicagotribune.com/pf/api/v3/content/fetch/ 4 KB
2 KB 356ms
356ms Fetch
application/json 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chicagotribune.com/pf/api/v3/content/fetch/resize-image-api-client?query=%7B%22raw_image_url%22%3A%22https%3A%2F%2Fwww.trbimg.com%2Fimg-593f0e9a%2Fturbine%2Fct-updated-newsletter-thumbs-southtown%2F%22%7D&d=114&_website=chicago-tribune

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/engine/react.js?d=114

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

dfa66de804b031ce3c106266dd95c798cad21e9bbb11986ef7a3e89ce30ec505

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 300
x-arc-pb-request-id: d5e5aa65-50ba-4c53-87da-1cfe0eec488b
content-encoding: gzip
date: Fri, 17 Feb 2023 12:11:45 GMT
last-modified: Fri, 17 Feb 2023 12:06:35 GMT
server: openresty
content-security-policy: upgrade-insecure-requests
etag: W/"1156-UV7Cik40JqhOgm9KRK2Ye5E5Zak"
vary: Accept-Encoding
x-arc-request-id: 0.9d7d1302.1676635904.18a8f0b
content-type: application/json; charset=utf-8
cache-control: max-age=0
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=250, origin; dur=57, ak_p; desc="465732_34831773_25857803_30703_6317_39_0";dur=1
content-length: 1778
expires: Fri, 17 Feb 2023 12:11:45 GMT

GET
H/1.1

200
OK

chiarc.min.js Show response
www.tribdss.com/meter/
Redirect Chain

https://www.tribdss.com/meter/chiarc.min.js
https://www.tribdss.com/meter/chiarc.min.js?disabled=international

34 KB
12 KB

48ms
47ms

Script
text/javascript

104.80.241.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tribdss.com/meter/chiarc.min.js?disabled=international

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

HTTP/1.1

Server

104.80.241.191 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-241-191.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

34ec1683d2642299e982025227fedb587004b36ef9d3abcf47999e7f62a8afff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Fri, 17 Feb 2023 12:11:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Status: 200 OK
Connection: keep-alive
Content-Length: 11338
X-Request-Id: 8c1ccf2ce6b0d0d6951850f1d519b83e
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 0.013004
X-Content-Digest: edc59c57da0cb7d5cdcceb066e2be3ce240b497d
Last-Modified: Tue, 27 Sep 2022 09:54:52 GMT
Server: Apache
X-Host-Info: 6b397c7b2219,; 6bc1041e00adf70b2570b8110e71a863d7d26646 (HEAD -> refs/heads/release/2208.1.0, refs/remotes/origin/release/2208.1.0, refs/remotes/origin/release/2207.1.0) dss-17031 added service account for health check app
ETag: 5978707471600083914R
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, must-revalidate, max-age=773
Httpd-Identifier: 6b397c7b2219
X-Rack-Cache: fresh

Redirect headers

Location: /meter/chiarc.min.js?disabled=international
Date: Fri, 17 Feb 2023 12:11:45 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK chiarc.min.js Show response
ssor.tribdss.com/reg/tribune/ 34 KB
12 KB 374ms
48ms Script
text/javascript 104.80.241.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ssor.tribdss.com/reg/tribune/chiarc.min.js

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/components/combinations/default.js?d=114

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.80.241.191 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-241-191.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

fe16b8b65e1375dd2292a34597e3e88bf3c5e55fb0a9d2adb9b33a5314409a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Fri, 17 Feb 2023 12:11:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Status: 200 OK
Connection: keep-alive
Content-Length: 11268
X-Request-Id: 4595df6c5c3c711357710b1619131f44
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 0.005377
X-Content-Digest: 016646f2cfeb52512eec00ea39e52c1f81cb1e6f
Last-Modified: Thu, 16 Feb 2023 08:25:18 GMT
Server: Apache
X-Host-Info: 5d18dff8a287,; b22e7d1ae8673aef5fcb2a8d0e2b5f98d42e618e (HEAD -> refs/heads/release/2302.1.2, refs/remotes/origin/release/2302.1.2) Merge branch 'jira/DSS-17277-Disable-twitter-and-yahoo-buttons-for-HC' into 'release/2302.1.2'
ETag: 13393364283465634922
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, must-revalidate, max-age=658
Httpd-Identifier: 5d18dff8a287
X-Rack-Cache: fresh

GET
H2 200 / Show response
dynpaywall-api-chicagotribune.ml.sophi.io/v1// 50 B
326 B 648ms
520ms XHR
application/json 52.222.139.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dynpaywall-api-chicagotribune.ml.sophi.io/v1//?domain_userid=&content_id=2FTXQBXQG5GUFLNHRHU6YB6SYI&user_id=&localtime=2023-02-17%2012:11:44%20GMT0000&section=/suburbs/daily-southtown&referrer=
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/components/combinations/default.js?d=114
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-18.ams50.r.cloudfront.net
Software: CloudFront /
Resource Hash: f0f6487e04faf01177ca123beb1fa1c5683887295609275f1a5badafae5ec7cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:45 GMT
via: 1.1 ec354e6d520d6c5c48f3933476169122.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: AMS50-C1
x-cache: GeneratedResponse from cloudfront
content-type: application/json
access-control-allow-origin: *
content-length: 50
x-amz-cf-id: g5OWYZ6Itj-2W5JyUID-Hwp7wEnKCH7KF4QKIIGDqEP0uw0hFqCkCg==

GET
H2 200 osano.js Show response
cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/ 360 KB
94 KB 159ms
58ms Script
application/javascript 2600:9000:2204:c200:3:b7e:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/components/combinations/default.js?d=114

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2204:c200:3:b7e:8940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

7600fa2b0527c3af95aef6b2a6a333ab08c3c384f2fcfa804bcb2b6083728cbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 19:43:17 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000
via: 1.1 fc8f1559bec15e56ec52376ce42c7d90.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
age: 59307
x-cache: Hit from cloudfront
content-length: 95485
x-xss-protection: mode=block
last-modified: Fri, 10 Feb 2023 22:34:38 GMT
server: CloudFront
etag: "923c2ce12580cadd4124cc0a392cc187"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=86400, s-maxage=86400, must-revalidate, proxy-revalidate, no-transform
x-amz-cf-id: sW6E-AC-fUEOw1juMJRx77SoJqYq5kntITcEj0CWlgWzvxyaJpHIgQ==

GET
H2 200 resize-image-api-client Show response
www.chicagotribune.com/pf/api/v3/content/fetch/ 216 B
636 B 395ms
393ms Fetch
application/json 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.chicagotribune.com/pf/api/v3/content/fetch/resize-image-api-client?query=%7B%22raw_image_url%22%3A%22https%3A%2F%2Fcloudfront-us-east-1.images.arcpublishing.com%2Ftronc%2FFZFZTFMV6NHMJCQOCNHBU3T2CY.jpg%22%7D&filter=%7B377x0%2C600x0%7D&d=114&_website=chicago-tribune

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/engine/react.js?d=114

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

8b992185e4480c6985018878a97c716fb566d4438398fe60aba7a9e1d9c06059

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 205
x-arc-pb-request-id: e8986a9e-7e9e-4c91-95fd-51686b41c514
content-encoding: gzip
date: Fri, 17 Feb 2023 12:11:45 GMT
last-modified: Fri, 17 Feb 2023 12:09:03 GMT
server: openresty
content-security-policy: upgrade-insecure-requests
etag: W/"d8-rfA7gHRzBNuGz6dtPoIO84DX24c"
vary: Accept-Encoding
x-arc-request-id: 0.9d7d1302.1676635904.18a8f9b
content-type: application/json; charset=utf-8
cache-control: max-age=138
server-timing: cdn-cache; desc=HIT, edge; dur=348, ak_p; desc="465732_34831773_25857947_34807_5854_39_0";dur=1
content-length: 187
expires: Fri, 17 Feb 2023 12:14:03 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/tribunedigital-network/ 2 MB
107 KB 130ms
42ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 07dd3316f05538dbfd0c246b283c79ef4ca4a89d496ea2d788b327bbe5382790

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: vY5EGfYd88KlcxHzBUrVpl_no4tLvKfx
content-encoding: gzip
via: 1.1 varnish
date: Fri, 17 Feb 2023 12:11:44 GMT
x-amz-request-id: YN1BG3R4W8SB2HSF
age: 4352
x-cache: HIT
x-amz-replication-status: FAILED
content-length: 109217
x-amz-id-2: r9Zlx3YMH5yUTitXlL3JOKJad23rgfwlc3QCOW9EsFFjPujezQ3YsuYxZgFpw5i8TkxrrHAf2Po=
x-served-by: cache-hhn-etou8220082-HHN
last-modified: Thu, 16 Feb 2023 19:22:38 GMT
server: AmazonS3
x-timer: S1676635905.839546,VS0,VE1
etag: "0a19ae8d0993f870bf316d4484278789"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 86
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 v2lycXBmloNJvBgX1X4DVpaOIIEDRv-aIb6gvdB6L-b5V3hFPpKkarQ4Y2H5bdtih Show response
smoggysnakes.com/ 59 KB
22 KB 162ms
62ms Script
text/javascript 2600:1901:0:d733::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://smoggysnakes.com/v2lycXBmloNJvBgX1X4DVpaOIIEDRv-aIb6gvdB6L-b5V3hFPpKkarQ4Y2H5bdtih

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/components/combinations/default.js?d=114

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:d733::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

95fba5f7215712323c9a396538d17c926b55312f29d4cff73632be46777b7d5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
via: 1.1 google
date: Fri, 17 Feb 2023 12:11:44 GMT
x-datacenter: gce-europe-west1
etag: "5139fa31a319a50992ea9420dca3fe51d6de943c2607353c1284ad782ec58435"
x-buildname: hoothoot
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-spot-cdpb
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
x-buildnumber: 764540114
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 main.js Show response
tribune-chicagotribune.zeustechnology.com/ 340 KB
58 KB 139ms
44ms Script
application/javascript 13.227.219.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tribune-chicagotribune.zeustechnology.com/main.js
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/components/combinations/default.js?d=114
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-100.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5e0dc16d8168bc4b0a05db26d6c96e650f643890ce0bf9fd9da3de2f28ec8653

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: piCOl0jVHat529hLRXYPtmccww7AwnLh
content-encoding: br
via: 1.1 df4167ab0949b4d2c15466bdfdc05f94.cloudfront.net (CloudFront)
date: Fri, 17 Feb 2023 11:35:41 GMT
last-modified: Fri, 13 Jan 2023 17:15:17 GMT
server: AmazonS3
x-amz-cf-pop: AMS54-C1
age: 2622
etag: W/"32539411c63a1f499627c9d8327151bb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=600,s-maxage=3600
x-amz-cf-id: c2tlx1cVeheffMeHrBlrZiA5N4nlfljmLjLk8sV-iwM8W7GK_R5pHg==

GET
H2 200 Chicago_Tribune-chiblue.svg
www.chicagotribune.com/pf/resources/logo/ 13 KB
6 KB 67ms
66ms Image
image/svg+xml 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/pf/resources/logo/Chicago_Tribune-chiblue.svg?d=114

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

37f8ab8769785287d8b890ba001c44d93c98ec851e4abe769e8a5e243bbe1f0b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000
date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
x-amz-request-id: 8EYAD5PTDBZSKX7B
x-amz-server-side-encryption: AES256
x-arc-request-id: 0.9d7d1302.1676635904.18a9010
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="465732_34831773_25858064_18_4650_39_0";dur=1
content-length: 5118
x-amz-id-2: vNUJ490hK9xlCwS6SycBfYq7l6msKs6O4W1Cplt5UXu2YwSc85n0knUOjPRzAVH2ZFd8n5TbeTo=
last-modified: Thu, 16 Feb 2023 13:46:09 GMT
server: openresty
etag: W/"71456cc06238c3a185cccb135bec0329"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
expires: Sat, 17 Feb 2024 12:11:44 GMT

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 283 KB
68 KB 58ms
56ms Script
application/javascript 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151515

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c3af293c92bffe2f5f6f31753be6de274bf677ee5c4de05428cf394d63d4941

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:44 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1792
etag: W/"725985d8b3cb9e8905cfe4c97cc83600"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 79ae6d64ffd090da-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Mon, 20 Feb 2023 12:11:44 GMT

GET
H2 200 chicagotribune.com Show response
pubcast-files.remixd.com/player-configs/ 41 KB
42 KB 132ms
41ms Fetch
application/json 35.190.38.143
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pubcast-files.remixd.com/player-configs/chicagotribune.com
Requested by: Host: tags.remixd.com
URL: https://tags.remixd.com/player/v5/index.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.38.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 143.38.190.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f486dcad1402002af6f9fee8cbe1f301710b828ea0740abfe8672137ef6e02f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 11:31:31 GMT
age: 2413
x-guploader-uploadid: ADPycdu8dTbYGfuP-rSmjUZVBLIEGd42RZmfRxfvwKJwP1DJ5x5rcMox-tFvNHHOiuxbkkFno6Nvyq5qGCAvCBs3xnX37My0FtCy
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41910
last-modified: Mon, 30 Jan 2023 16:20:06 GMT
server: UploadServer
etag: "5a254665d4a4c7aceb33b05d7ef91bd9"
vary: X-Goog-Allowed-Resources
x-goog-generation: 1675095606494005
x-goog-hash: crc32c=5ElQGQ==, md5=WiVGZdSkx6zrM7Bdfvkb2Q==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600
x-goog-meta-cache-control: public, no-cache, must-revalidate
x-goog-stored-content-length: 41910
accept-ranges: bytes
content-type: application/json
expires: Fri, 17 Feb 2023 12:31:31 GMT

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 276 B
565 B 249ms
149ms XHR
application/json 2a04:4e42:200::714
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=chicagotribune.com&domain=chicagotribune.com&path=%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Requested by: Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:200::714 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 96ccf982c4d6f90c3a1a86ec1115c794b8aff5c09cacfb0c54357946abd0a3a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-cache-hits: 0
date: Fri, 17 Feb 2023 12:11:45 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
age: 0
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 206
x-served-by: cache-hhn-etou8220098-HHN
x-timer: S1676635905.918917,VS0,VE108
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
expires: Wed, 15 Feb 2023 12:11:44 GMT

GET
H2 200 t Show response
jadserve.postrelease.com/ 3 KB
2 KB 193ms
60ms Script
text/javascript 34.253.85.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&ntv_mvi
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.85.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-85-210.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: 3364084daa7d5e1d3001479ffdc24024939f8e5735ca298568801a7ad8b4042a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 12:11:44 GMT
content-encoding: gzip
server: nginx/1.12.2
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 1195
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/O4xzMiFqEvA4YhWjk5t8Xuas/ 408 KB
163 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/O4xzMiFqEvA4YhWjk5t8Xuas/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b28bda3bee08c51cf79bc36c6292f62bdf7f67038d397f1c2616641dba2cf95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.chicagotribune.com/
Origin: https://www.chicagotribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 11:43:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1701
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 166784
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 05:01:25 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 17 Feb 2024 11:43:23 GMT

GET
H2 200 p.js Show response
cdn.parsely.com/keys/chicagotribune.com/ 56 KB
21 KB 134ms
44ms Script
application/javascript 13.227.217.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/chicagotribune.com/p.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5K8DK4V
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.217.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-217-72.ams54.r.cloudfront.net
Software: nginx /
Resource Hash: 6613009940c32f6e3032a2ef430d34037d17904c9beac02478443798784faa98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: public
date: Fri, 17 Feb 2023 06:56:19 GMT
content-encoding: gzip
via: 1.1 2b11d6e7cfac22d5fd2bf9a0df8c4d2a.cloudfront.net (CloudFront)
last-modified: Wed, 05 Jan 2022 19:15:41 GMT
server: nginx
x-amz-cf-pop: AMS54-C1
age: 18987
etag: W/"61d5ee5d-df47"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400, public
x-amz-cf-id: T5MtdZabrWVLpwQo1Zd78Fw53NWC66BEixFj-y8U6c2OXeJTwPjhEA==
expires: Sat, 18 Feb 2023 06:55:17 GMT

GET
H2 200 launchpad-liveramp.js Show response
launchpad-wrapper.privacymanager.io/15aac723-64c8-4b23-ab62-e238fd624c21/ 3 KB
2 KB 131ms
39ms Script
text/javascript 13.227.219.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://launchpad-wrapper.privacymanager.io/15aac723-64c8-4b23-ab62-e238fd624c21/launchpad-liveramp.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5K8DK4V
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-117.ams54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 51ae82135498270faf7037bc1034285965dcde3c43476a24ac83ab3d14322522

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: QPdapfnTKadTbAF2NRlea4Urx3BTN8sm
content-encoding: gzip
via: 1.1 4cc2a0a7eb7d5483edc69be298297f9e.cloudfront.net (CloudFront)
date: Thu, 16 Feb 2023 19:30:53 GMT
x-amz-cf-pop: AMS54-C1
age: 60148
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-disposition: attachment; filename="launchpad-liveramp.js"
last-modified: Fri, 22 Apr 2022 17:52:36 GMT
server: AmazonS3
etag: W/"862af1285f6bfb523bc7fcb34a8cf69f"
vary: Accept-Encoding
content-type: text/javascript
x-amz-cf-id: cwk4oj99mj1MsRfJjMyquJP4GuEKcl6bGVJkr-c9XBqo_B12-ps43Q==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 156ms
39ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5K8DK4V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 17 Feb 2023 10:14:50 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 7015
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Fri, 17 Feb 2023 12:14:50 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 37 KB
15 KB 45ms
44ms Script
application/x-javascript 2600:9000:21c7:7000:18:1fcd:351:7bc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21c7:7000:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 7b307f2ce73aec07bfa1ab1d6462f491de0497c8819b1d6fed66eda9638a3530

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 02:57:12 GMT
content-encoding: gzip
via: 1.1 4b3bed207ec72204ebc89ae818e573ee.cloudfront.net (CloudFront)
last-modified: Thu, 08 Dec 2022 17:25:10 GMT
server: nginx
x-amz-cf-pop: AMS54-C1
age: 33272
etag: W/"63921df6-9377"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: Iyjb5Zv6edjFktnAsXB-G_jmfrsdB-wU2yjUkeV_Z3w8vyJL1_u52g==
expires: Sat, 18 Feb 2023 02:57:12 GMT

GET
H2 200 sophi.min.js Show response
cdn.sophi.io/latest/ 124 KB
43 KB 133ms
39ms Script
application/javascript 52.222.139.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.sophi.io/latest/sophi.min.js
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-110.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 096a0419a3787b284e7105edeebc7cf4915cb9549f3b433258f65483acc24510

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 20:42:07 GMT
content-encoding: gzip
via: 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
x-amz-version-id: 77yKHytHO_pcAyQcoklw1dHdk4sqBtp0
last-modified: Tue, 04 Oct 2022 14:09:32 GMT
server: AmazonS3
x-amz-cf-pop: AMS50-C1
age: 55779
x-amz-server-side-encryption: AES256
etag: W/"dfd164092f8d8abc70b55ba8c1bc2e80"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: bz4p2wNGB42tq31KavqeYG8Kbi5Nth7884-KRhxWx76sVgmcFLxfHQ==

GET
H2

200

ml.br.js Show response
js.matheranalytics.com/static/ltm/ma89701/fusion/9/
Redirect Chain

https://js.matheranalytics.com/s/ma89701/197837611/fusion/ml.js?cb=1617
https://js.matheranalytics.com/static/ltm/ma89701/fusion/9/ml.br.js

150 KB
43 KB

41ms
40ms

Script
application/x-javascript

107.178.250.234
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.matheranalytics.com/static/ltm/ma89701/fusion/9/ml.br.js
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Server: 107.178.250.234 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 234.250.178.107.bc.googleusercontent.com
Software: nginx /
Resource Hash: 32e8506d2f282e7132820c2c989104e013938da8c2214f6442eaec6945918211

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 09:10:18 GMT
content-encoding: br
via: 1.1 google
last-modified: Thu, 26 May 2022 16:23:18 GMT
server: nginx
age: 10887
etag: "31cd74de581fdfc9a6c0d6883d695597"
vary: Accept-Encoding
x-cache: HIT Sun, 18 Dec 2022 05:36:18 GMT
content-type: application/x-javascript
cache-control: public,max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44258

Redirect headers

date: Fri, 17 Feb 2023 12:11:45 GMT
via: 1.1 google
server: nginx
vary: Accept-Encoding
location: https://js.matheranalytics.com/static/ltm/ma89701/fusion/9/ml.br.js
cache-control: public, max-age=269200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-served-by: 3-gc-europe-west6-8j340965

GET
H2 204 b
sb.scorecardresearch.com/ 0
190 B 141ms
55ms Image
text/plain 52.222.139.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=6036462&ns__t=1676635904851&ns_c=UTF-8&c8=Lansing%20woman%E2%80%99s%20MJG%20Movement%20honors%20daughter%20lost%20to%20suicide%20while%20spreading%20kindness%2C%20generosity%20%E2%80%93%20Chicago%20Tribune&c7=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&c9=
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-90.ams50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:45 GMT
via: 1.1 dd133741afef09b02f3e6afd7cb39f40.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
x-amz-cf-id: C26Ai20gGhqg8sjdWfGPo1XDq5yCKoTmmwaDPerkFFQv2iYb-FhZdQ==
x-cache: Miss from cloudfront

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 51 B
323 B 158ms
59ms XHR
application/json 2a02:26f0:3500:991::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=DA9NK-5NF4A-5FWA6-EFVPV-RL87Z&d=www.chicagotribune.com&t=5588786&v=1.720.0&sl=0&si=334b45d4-d32d-4c82-b718-c26e9bad7dad-rq84jj&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=544467
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/DA9NK-5NF4A-5FWA6-EFVPV-RL87Z
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:991::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 385b775f1349e9d369a6c6f63a0aafc11c22515ca8c97f2303038a2c6cdaf858

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 17 Feb 2023 12:11:45 GMT
Cache-Control: private, max-age=120, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 51
Content-Type: application/json

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 358ms
117ms Image
image/gif 3.212.58.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=chicagotribune.com&p=%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&u=BUcz-pD9GOunbHvIA&d=chicagotribune.com&g=3906&g0=suburbs%2Csuburbs%3Adaily-southtown&g1=Bill%20Jones&n=1&f=00001&c=0&x=0&m=0&y=6223&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&b=2210&t=Buvwf0Dj08HYB21tN4DdtWmmXqHJS&V=139&i=Lansing%20woman%E2%80%99s%20MJG%20Movement%20honors%20daughter%20lost%20to%20suicide%20while%20spreading%20kindness%2C%20generosity%20%E2%80%93%20&tz=0&sn=1&sv=Btapli68EQywVI-jB7ySRCDYSG8J&sd=1&im=067b0fff&_
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.58.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-58-10.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 17 Feb 2023 12:11:45 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
484 B 134ms
38ms Image
image/gif 2600:9000:2204:a000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?adunitid=xsrmnm&adnum=8662305
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:a000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 02:16:03 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 618e94643d6094e9ff9adbaaa8ed3aee.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
age: 2886943
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: i1dNAn4FqxvWXDFZTA6fK9iuRtj2a8ZJPAVo_uOYuMO5DrXmyzRhWA==

GET
H2 200 / Show response
cmp.osano.com/ Frame EF21 4 KB
1 KB 40ms
39ms Document
text/html 2600:9000:2204:c200:3:b7e:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cmp.osano.com/

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2204:c200:3:b7e:8940:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a48b96eb4dbabdf7d10b4a7667062cd55b7c1f9aab381f05c916798ec4308f68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chicagotribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 15853
content-encoding: br
content-type: text/html
date: Fri, 17 Feb 2023 07:47:35 GMT
etag: W/"287b497c992487af362d33204f87d28f"
last-modified: Thu, 21 Oct 2021 22:01:08 GMT
referrer-policy: same-origin
server: AmazonS3
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding Origin
via: 1.1 fc8f1559bec15e56ec52376ce42c7d90.cloudfront.net (CloudFront)
x-amz-cf-id: zE2zAZ5SudAONw8N2WRY56zSeGLfx-7dti2iwtlIqkjBDElau_34EA==
x-amz-cf-pop: AMS50-C1
x-amz-version-id: xT1PkIFehetvNf5lINcU02FbT3u47kBr
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
BLOB 200
OK d9357f24-cdba-4625-b7f9-804f75fb4535
https://www.chicagotribune.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.chicagotribune.com/d9357f24-cdba-4625-b7f9-804f75fb4535
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9512d2de91fd27231a5efa08114917ca1bd054801f828b81d55f7a4b5f06b108

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
H2 200 standard-player.html Show response
tags.remixd.com/player/v5/players/ 129 KB
30 KB 134ms
54ms Fetch
text/html 52.222.139.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.remixd.com/player/v5/players/standard-player.html
Requested by: Host: tags.remixd.com
URL: https://tags.remixd.com/player/v5/index.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-61.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7f5d73c848836745a93ff7aa540a8f83f9899e3668628f42e9ba0cc6ef5e0b32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:45 GMT
content-encoding: gzip
via: 1.1 d11ab7cc015083593a9e8e8e2dac0692.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
age: 27
x-cache: Hit from cloudfront
content-length: 29730
last-modified: Tue, 21 Jun 2022 15:31:59 GMT
server: AmazonS3
etag: "9a2e807a291cbaccaab15c40f0629813"
access-control-max-age: 60
access-control-allow-methods: GET, HEAD
content-type: text/html
access-control-allow-origin: *
cache-control: public,max-age=1800
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: Ta5SEYNwKvNbid7sQvaHgrSCFNQ5Ff_9YlDwyMkfKXydwrF2lpglcw==

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame B7E8 46 KB
25 KB 60ms
59ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q&co=aHR0cHM6Ly93d3cuY2hpY2Fnb3RyaWJ1bmUuY29tOjQ0Mw..&hl=de&v=O4xzMiFqEvA4YhWjk5t8Xuas&size=invisible&cb=6x1t0tlv9uci

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6b62fbae13ddee886f032e707ca3a210b1cc5df2f2e58936ca9e28ba34843459

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-dGX0Hdckym4DGLW1Kqr6fQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chicagotribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 25567
content-security-policy: script-src 'report-sample' 'nonce-dGX0Hdckym4DGLW1Kqr6fQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 12:11:45 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 726 Show response
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/ 62 KB
12 KB 297ms
297ms XHR
application/json 52.222.139.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/726?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&bcsessionid=&bctempid=&overruleReferrer=&time=2023-02-17T12%3A11%3A45%2B00%3A00&ts=1676635905231

Requested by

Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-30.ams50.r.cloudfront.net

Software

- /

Resource Hash

50e8c4230c7e89f0c13f61764380d2bee0188723f5be2feafd10578a427b9e2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 17 Feb 2023 12:11:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: AMS50-C1
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 10819
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.chicagotribune.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: i4xIYkDNaeOAbqKHhE4CXnFtgPNP-v2-ScH-Ltn9pJxzQgIIUgatxw==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
257 B 236ms
55ms Image
image/gif 63.34.81.234
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1676635905261&plid=52595074&idsite=chicagotribune.com&url=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&sref=&sts=1676635905261&slts=0&title=Lansing+woman%E2%80%99s+MJG+Movement+honors+daughter+lost+to+suicide+while+spreading+kindness%2C+generosity+%E2%80%93+Chicago+Tribune&date=Fri+Feb+17+2023+12%3A11%3A45+GMT%2B0000+(GMT)&action=pageview&pvid=57401279&u=pid%3Dc5593363c5e041dff6f11b031b5eab5e
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.81.234 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-81-234.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Fri, 17 Feb 2023 12:11:45 GMT
Cache-Control: no-cache
Last-Modified: Friday, 17-Feb-2023 12:11:45 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
426 B 56ms
56ms Image
image/gif 34.253.85.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_at=394&ntv_usid=2382351&ntv_pl=1109740
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.85.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-85-210.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 12:11:45 GMT
server: nginx/1.12.2
content-type: image/gif
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
426 B 56ms
55ms Image
image/gif 34.253.85.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_ui=2f12c764-698f-4e3c-9df7-0fe8170a7b73&ntv_fl=hFT75SEIQqn36BKsyWHPWBXdQyemWh6WL_7mtpfGfDY3oA1u2x17Dgo8lO0hvYKzOb9KYlQvjK3IkaAv151EKg7UE75PM4oTMhGZXwWyZ1cwU5B0faGXRHdkmM8fds4Z-9UVDQUX7h2nEx6ZYBcsSoDgxWNf9Eb5A9V98P8bCfYLm4OcKXCkQPUCmFl5ALeCMmQ4z4DC5YskQMuc_C5Klv1YJQS4zda28m86taYrTDw3yK0rCOfLw4w-jYgTSw0boFSUor-faSk0FecE7LA99OhhAXPsbhurUXrOgDatu-qGR-6hJ4azYknmD17gzTn5zWg50jyx8MW1SCqEBdvXwQ==&ntv_ht=AG_vYwA&ntv_at=303,302&ntv_a=AAAAAAAAAA7O4QA&ord=1676635905271&ntv_it
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.85.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-85-210.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 12:11:45 GMT
server: nginx/1.12.2
content-type: image/gif
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
426 B 56ms
56ms Image
image/gif 34.253.85.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_ui=2f12c764-698f-4e3c-9df7-0fe8170a7b73&ntv_fl=hFT75SEIQqn36BKsyWHPWBXdQyemWh6WL_7mtpfGfDY3oA1u2x17Dgo8lO0hvYKzOb9KYlQvjK3IkaAv151EKg7UE75PM4oTMhGZXwWyZ1cwU5B0faGXRHdkmM8fds4Z-9UVDQUX7h2nEx6ZYBcsSoDgxWNf9Eb5A9V98P8bCfYLm4OcKXCkQPUCmFl5ALeCMmQ4z4DC5YskQMuc_C5Klv1YJQS4zda28m86taYrTDw3yK0rCOfLw4w-jYgTSw0boFSUor-faSk0FecE7LA99OhhAXPsbhurUXrOgDatu-qGR-6hJ4azYknmD17gzTn5zWg50jyx8MW1SCqEBdvXwQ==&ntv_ht=AG_vYwA&ntv_at=806&ntv_a=AAAAAAAAAA7O4QA&ntv_sat=5&ord=1676635905283&ntv_it
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.85.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-85-210.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 12:11:45 GMT
server: nginx/1.12.2
content-type: image/gif
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 gdprConsent
jadserve.postrelease.com/ 43 B
426 B 55ms
55ms Image
image/gif 34.253.85.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/gdprConsent?ntv_pl=1115555&ntv_gdpr_consent=&ntv_it
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.85.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-85-210.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 12:11:45 GMT
server: nginx/1.12.2
content-type: image/gif
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 read_auth Show response
authenticate.chicagotribune.com/ 101 B
705 B 819ms
234ms Script
application/javascript 35.166.171.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://authenticate.chicagotribune.com/read_auth?product_code=chiarc&master_id=&callback=jQuery350754124841498240_391611278771953000

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.171.190 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-166-171-190.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

bca665b4bd3a5790e2c867b20d429b9edd56002dfe9ee5c5818942d3cd265d86

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-request-id: bdec0752b2465bb2ed2402f961cb9335
x-ua-compatible: IE=Edge,chrome=1
x-runtime: 0.008551
server: Apache
x-host-info: 58c4cd8b1bf5,; b22e7d1ae8673aef5fcb2a8d0e2b5f98d42e618e (HEAD -> refs/heads/release/2302.1.2, refs/remotes/origin/release/2302.1.2) Merge branch 'jira/DSS-17277-Disable-twitter-and-yahoo-buttons-for-HC' into 'release/2302.1.2'
etag: "4979bd45e067f9fa8f3a87dc034dd888"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: must-revalidate, private, max-age=0
httpd-identifier: 58c4cd8b1bf5
x-rack-cache: miss

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/O4xzMiFqEvA4YhWjk5t8Xuas/ Frame B7E8 55 KB
24 KB 124ms
40ms Stylesheet
text/css 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/O4xzMiFqEvA4YhWjk5t8Xuas/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q&co=aHR0cHM6Ly93d3cuY2hpY2Fnb3RyaWJ1bmUuY29tOjQ0Mw..&hl=de&v=O4xzMiFqEvA4YhWjk5t8Xuas&size=invisible&cb=6x1t0tlv9uci

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 11:43:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 05:01:25 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 17 Feb 2024 11:43:19 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/O4xzMiFqEvA4YhWjk5t8Xuas/ Frame B7E8 408 KB
163 KB 122ms
39ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/O4xzMiFqEvA4YhWjk5t8Xuas/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b28bda3bee08c51cf79bc36c6292f62bdf7f67038d397f1c2616641dba2cf95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 11:43:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1702
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 166784
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 05:01:25 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 17 Feb 2024 11:43:23 GMT

OPTIONS
H2 200 tp2
collector2.sophi.io/com.snowplowanalytics.snowplow/ Frame 0
0 381ms
130ms Preflight 52.223.1.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector2.sophi.io/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.1.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8fd921d2017b5f79.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.chicagotribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.chicagotribune.com
access-control-max-age: 600
content-length: 0
date: Fri, 17 Feb 2023 12:11:45 GMT
server: nginx

POST
H2 200 tp2 Show response
collector2.sophi.io/com.snowplowanalytics.snowplow/ 2 B
228 B 363ms
130ms XHR
text/plain 52.223.1.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector2.sophi.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn.sophi.io
URL: https://cdn.sophi.io/latest/sophi.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.1.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8fd921d2017b5f79.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://www.chicagotribune.com
date: Fri, 17 Feb 2023 12:11:46 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

GET
H2 200 FZFZTFMV6NHMJCQOCNHBU3T2CY.jpg
www.chicagotribune.com/resizer/jG5aTsXhyjc0lFPorRdRW9JDvuU=/600x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 8 KB
9 KB 62ms
61ms Image
image/avif 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/resizer/jG5aTsXhyjc0lFPorRdRW9JDvuU=/600x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/FZFZTFMV6NHMJCQOCNHBU3T2CY.jpg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

c922ba035a2a327aea9b9af252fb362f2383466127a648e241a01831e6b51002

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000
date: Fri, 17 Feb 2023 12:11:45 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 31 Jan 2023 22:02:08 GMT
server: Akamai Image Manager
etag: "58d1a89a83cf8179194b58084e8743214db66893"
x-edgeconnect-cache-status: 1
x-arc-request-id: 0.9d7d1302.1676635905.18aaaf3
content-type: image/avif
cache-control: private, no-transform, max-age=30102611
server-timing: cdn-cache; desc=HIT, edge; dur=12, ak_p; desc="465732_34831773_25864947_1238_8970_39_0";dur=1
content-length: 8225
expires: Wed, 31 Jan 2024 22:01:56 GMT

GET
H2 200 launchpad.bundle.js Show response
launchpad.privacymanager.io/1/ 25 KB
9 KB 133ms
41ms Script
application/x-javascript 52.222.139.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://launchpad.privacymanager.io/1/launchpad.bundle.js
Requested by: Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-54.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b9d318b3157ccbfc3bb00e82a446613294f9a592c01537662386bd848882b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: IBczV1acfLsLLKzHm11PkizTXPxE9_cH
content-encoding: gzip
via: 1.1 32f32412600ac6ef6d3d418a75accb72.cloudfront.net (CloudFront)
date: Fri, 17 Feb 2023 11:54:00 GMT
x-amz-cf-pop: AMS50-C1
age: 1065
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/LaunchPadLibraryBuild-prod:f09170b2-5416-4e55-be91-38e5eec207ec
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: a78f2a5a4864424e54348ce47b156abb
last-modified: Thu, 10 Mar 2022 13:10:48 GMT
server: AmazonS3
etag: W/"3e312624cdc2445a38a716f92dc3c0cd"
vary: Accept-Encoding
content-type: application/x-javascript
x-amz-meta-codebuild-content-sha256: e4ad213b137401d20a50fe1692169cc5f8b39867b6fe39afed7e307e1b9c967e
cache-control: must-revalidate,public,max-age=3600
x-amz-cf-id: aR9qavCSai3dWQ2Ay43YxCr-Bsa0MWHsBd5KRyBI4MIrUqcScfmSnA==

GET
H2 200 swg.js Show response
news.google.com/swg/js/v1/ 160 KB
49 KB 156ms
41ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg.js

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4429462b2374dfd8d837655d998c6e810ad666e1dff34cce0ba81ad61b712857

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 11:50:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1294
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49882
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 16:20:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Fri, 17 Feb 2023 12:40:11 GMT

GET
H/1.1

200
OK

chiarc-reaction-1q2w3-1580939748189956228.min.js Show response
www.tribdss.com/meter/assets/
Redirect Chain

https://www.tribdss.com/meter/assets/chiarc-reaction-1q2w3-1580939748189956228.min.js
https://www.tribdss.com/meter/assets/chiarc-reaction-1q2w3-1580939748189956228.min.js?disabled=international

64 KB
15 KB

36ms
36ms

Script
text/javascript

104.80.241.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tribdss.com/meter/assets/chiarc-reaction-1q2w3-1580939748189956228.min.js?disabled=international

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

HTTP/1.1

Server

104.80.241.191 Berlin, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-80-241-191.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8fc4c656fb606d73535160204c5fcb9786950480c185715d4cb677e04687a334

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Fri, 17 Feb 2023 12:11:45 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Status: 200 OK
Connection: keep-alive
Content-Length: 14251
X-Request-Id: 36790d8fb9e612530b4ba84a3465a1e4
X-UA-Compatible: IE=Edge,chrome=1
X-Runtime: 0.009261
X-Content-Digest: c9ca80d4d04a3c68e0ddbe3fb7bf02448f0875e0
Last-Modified: Tue, 27 Sep 2022 09:54:52 GMT
Server: Apache
X-Host-Info: 49d66e17b79a,; 6bc1041e00adf70b2570b8110e71a863d7d26646 (HEAD -> refs/heads/release/2208.1.0, refs/remotes/origin/release/2208.1.0, refs/remotes/origin/release/2207.1.0) dss-17031 added service account for health check app
ETag: 1580939748189956228
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, max-age=27762609
Httpd-Identifier: 49d66e17b79a
X-Rack-Cache: fresh

Redirect headers

Location: /meter/assets/chiarc-reaction-1q2w3-1580939748189956228.min.js?disabled=international
Date: Fri, 17 Feb 2023 12:11:45 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 541ms
118ms Image
image/gif 34.235.180.68
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=pv&page=Lansing%20woman%E2%80%99s%20MJG%20Movement%20honors%20daughter%20lost%20to%20suicide%20while%20spreading%20kindness%2C%20generosity%20%20%20%E2%80%93%20Chicago%20Tribune&artpubt=1671188402&artsrc=Daily%20Southtown&artupt=1671208517&auth=Bill%20Jones&cms=fusion&hier=suburbs%7Cdaily-southtown&ptype=story&prem=metered&pubname=chicagotribune&sec=suburbs&wrdcnt=790&tv=js-3.0.153&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_es6=1&f_gears=2&tvltm=9&tvcfg=fusion&tid=8af595e2-951b-45a8-aeed-ce2ea80165ad&pid=a13c42a6-391e-467e-86dc-2b01d865a1b1&dtm=1676635905384&qnm=_matherq&visible=1&tabid=67fdb21c-b91f-47b6-b89d-fa17fdf293ca&url=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&vp=1600x1200&ds=1600x6303&tofa=1676635905&vid=1&lvidt=1676635905&duid=76cb3e9b77f80344&fp=3469908396&cid=ma89701&mrk=197837611&cx=eyJwZXJmIjp7InN0YXJ0IjoiMTY3NjYzNTkwMjcxMSIsInJlZGlyQ250IjoiMCIsIm5hdlR5cGUiOiJsaW5rIiwiaGVhcFUiOiIxNS4ybWIiLCJoZWFwVCI6IjI0LjVtYiIsImZzdFBhaW50IjoiMTg1MCIsImZldGNoUyI6IjAiLCJkb21haW5TIjoiMSIsImRvbWFpbkUiOiIxMjIiLCJjb25uUyI6IjEyMiIsImNvbm5FIjoiMjQ0Iiwic3NsUyI6IjE2MyIsInJlcXVTIjoiMjQ1IiwicmVzcFMiOiIxMjY0IiwicmVzcEUiOiIxNDQxIiwiZG9tTG9hZCI6IjEyNjgiLCJkb21JbnRlciI6IjE4NTUiLCJkb21Mb2FkUyI6IjE4OTQiLCJkb21Mb2FkRSI6IjE5NjAifSwiYXVkaWVuY2UiOlt7InByb3ZpZGVyIjoidXNlckRCIiwic2VnbWVudHMiOlsiTUFUSEVSX1U5X0ZJUlNUVElNRU1FVDJfMjAxOTEwMTYiXSwicGFnZUlkIjoiYTEzYzQyYTYtMzkxZS00NjdlLTg2ZGMtMmIwMWQ4NjVhMWIxIn0seyJwcm92aWRlciI6ImlTZWdzIiwic2VnbWVudHMiOlsiTUFUSEVSX1U5X0ZJUlNUVElNRU1FVDJfMjAxOTEwMTYiXSwicGFnZUlkIjoiYTEzYzQyYTYtMzkxZS00NjdlLTg2ZGMtMmIwMWQ4NjVhMWIxIn1dfQ
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.180.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-180-68.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Fri, 17 Feb 2023 12:11:45 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 features Show response
zephr.chicagotribune.com/zephr/ 3 KB
1 KB 301ms
99ms Fetch
application/json 13.227.219.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://zephr.chicagotribune.com/zephr/features
Requested by: Host: assets.zephr.com
URL: https://assets.zephr.com/zephr-browser/1.3.9/zephr-browser.umd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-103.ams54.r.cloudfront.net
Software: /
Resource Hash: 65b72c57b7d3e026f367272cac181935f22cf55a317943e7a7458cb122c840a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:45 GMT
content-encoding: gzip
via: 1.1 f5e34f7c59830a3caffb7df5f36b4dae.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.chicagotribune.com
cache-control: public, max-age=300
access-control-allow-credentials: true
access-control-allow-headers: Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
x-amz-cf-id: usKfhw546i99BUmUaKzFkcUSEFaHwLPPgDXPhnMHH4grVxamhK-eQg==
x-blaize-request: ffffffffd14c9cea

GET
H2 200 FUtg69tL.js Show response
cdn.jwplayer.com/libraries/ Frame D8B0 108 KB
41 KB 144ms
54ms Script
text/javascript 2600:9000:2204:a600:1:a3fa:7cc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.jwplayer.com/libraries/FUtg69tL.js
Requested by: Host: tags.remixd.com
URL: https://tags.remixd.com/player/v5/index.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2204:a600:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty /
Resource Hash: b600a81372fe3e21c17ef95dfd6b1f54e7aa28b49a0bbc5652c32eee42a2b535

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:09:16 GMT
content-encoding: gzip
via: 1.1 ab1d15e056bdcedbea349504173a4eca.cloudfront.net (CloudFront)
server: openresty
x-amz-cf-pop: AMS50-C1
age: 148
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=180
x-robots-tag: noindex, indexifembedded
content-length: 41167
x-amz-cf-id: JuaxNO0_-PdPXkJkWcxN3eC2PEdumyw4hYBq4_YT_L_LpTPx8cd5Sw==

POST
H3 200 v2odhH2G88RPPP55AzvPLUJBgafNeqhwy3DJNKCI__XbJRPjZvB_0F0jW6GHaBry0C3s2RTsg Show response
smoggysnakes.com/ 206 B
233 B 154ms
65ms Fetch
application/json 2600:1901:0:d733::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://smoggysnakes.com/v2odhH2G88RPPP55AzvPLUJBgafNeqhwy3DJNKCI__XbJRPjZvB_0F0jW6GHaBry0C3s2RTsg

Requested by

Host: smoggysnakes.com
URL: https://smoggysnakes.com/v2lycXBmloNJvBgX1X4DVpaOIIEDRv-aIb6gvdB6L-b5V3hFPpKkarQ4Y2H5bdtih

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:d733::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

31c6dd01105a9582c1d84661f0b87b3220b6c456738004b5f43617d3d3595735

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Fri, 17 Feb 2023 12:11:45 GMT
via: 1.1 google
x-buildnumber: 764540114
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 206
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.chicagotribune.com
x-hostname: fen-hoothoot-europe-west1-spot-cdpb
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires: Fri, 17 Feb 2023 12:11:44 GMT

GET
H2 200 / Show response
geo.privacymanager.io/ 30 B
592 B 39ms
38ms Fetch
application/json 52.222.139.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.privacymanager.io/
Requested by: Host: launchpad.privacymanager.io
URL: https://launchpad.privacymanager.io/1/launchpad.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-109.ams50.r.cloudfront.net
Software: /
Resource Hash: 55033882e1bc61cac58471a0ce5372606abd57a9663921dbd6f9a4a926c601b0

Request headers

Accept: application/json
Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 17 Feb 2023 02:06:58 GMT
via: 1.1 626c544a24a86c6cd608360f520b6d8c.cloudfront.net (CloudFront), 1.1 ff34f581ad0f4009e4c404975952e7f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3, AMS50-C1
age: 36287
x-amzn-requestid: fd78b52c-9bc3-4553-8938-e5ac3b2f2970
x-amzn-trace-id: Root=1-63eee142-351a6aac25096341089185ea;Sampled=0
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type: application/json
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-apigw-id: AdgicEjnDoEFySQ=
content-length: 30
x-amz-cf-id: xrSHl-40rm5WMLIYp39v2lgvys3b9xL3i01xaTKNyllvldqbUu0jgA==
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token

OPTIONS
H2 200 /
geo.privacymanager.io/ Frame 0
0 174ms
61ms Preflight
application/json 52.222.139.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.privacymanager.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-109.ams50.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.chicagotribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: *
content-length: 0
content-type: application/json
date: Fri, 17 Feb 2023 12:11:45 GMT
via: 1.1 edd6d90087c4f2b49e182778a2273adc.cloudfront.net (CloudFront), 1.1 ff34f581ad0f4009e4c404975952e7f0.cloudfront.net (CloudFront)
x-amz-apigw-id: Ae5ITHmIjoEFUhg=
x-amz-cf-id: cNDhOcClx3-voKytQh5yCY6sjIpZqOHVA4XunWrypTAtRWqACN2hDw==
x-amz-cf-pop: AMS54-C1 AMS50-C1
x-amzn-requestid: 601511b9-d73f-4ef0-81a7-238f8a28f6c0
x-cache: Miss from cloudfront

GET
H2 200 5f76984a5ae5f1a8be5b94a06544cd56 Show response
r610.chicagotribune.com/plugin/plugin/ 108 KB
26 KB 45ms
45ms Script
text/javascript 52.222.139.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r610.chicagotribune.com/plugin/plugin/5f76984a5ae5f1a8be5b94a06544cd56

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-30.ams50.r.cloudfront.net

Software

- /

Resource Hash

e49b3edc160949dc79c29c49e60491ea6aba323a077c42e31d39cdf03c23c6cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 19:44:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: AMS50-C1
age: 1528057
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 26341
x-xss-protection: 1; mode=block
last-modified: Sun, 29 Jan 2023 19:44:07 GMT
server: -
etag: 5f76984a5ae5f1a8be5b94a06544cd56
content-type: text/javascript; charset=utf-8
cache-control: public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag: noindex, nofollow
x-amz-cf-id: uUdCMPCVftfQ_isAZjOZSIJ6BuVpIPv1v80uOufpnnK_0YiTgD6kQA==
expires: Tue, 30 Jan 2024 19:44:07 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame B7E8 2 KB
2 KB 40ms
40ms Image
image/png 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/O4xzMiFqEvA4YhWjk5t8Xuas/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/O4xzMiFqEvA4YhWjk5t8Xuas/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:56:35 GMT
x-content-type-options: nosniff
age: 148510
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Wed, 22 Feb 2023 18:56:35 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B7E8 15 KB
15 KB 41ms
40ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 15:27:04 GMT
x-content-type-options: nosniff
age: 74681
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 15:27:04 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B7E8 15 KB
15 KB 43ms
42ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:28:44 GMT
x-content-type-options: nosniff
age: 150181
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 18:28:44 GMT

GET
H2 200 swg-button.css
news.google.com/swg/js/v1/ 21 KB
6 KB 41ms
40ms Stylesheet
text/css 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c429b056c18833dd3d7fe28ab8ba904526ad1375398ffac0a0e4f2d278e1ac43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 11:37:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2052
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6458
x-xss-protection: 0
last-modified: Wed, 02 Nov 2022 19:15:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Fri, 17 Feb 2023 12:27:33 GMT

GET
H2 200 loader.svg
news.google.com/swg/js/v1/ 0
1 KB 42ms
42ms Other
image/svg+xml 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/loader.svg

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 11:51:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1200
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1049
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 18:14:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: image/svg+xml
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Fri, 17 Feb 2023 12:41:45 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame D8B0 3 KB
588 B 50ms
50ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;600&display=swap

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5941bbcfc82fe73f86b9ae9564a319e9b39ece69f05473f767b85df011a208d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Feb 2023 12:11:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 Feb 2023 11:55:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Feb 2023 12:11:45 GMT

GET
H2 200 ping.gif
player-files.remixd.com/ Frame D8B0 43 B
587 B 231ms
141ms Image
image/gif 35.190.38.143
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://player-files.remixd.com/ping.gif?action=playerImpression&userId=null&referrerUrl=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&domain=chicagotribune.com&adDuration=&inViewDuration=&sessionDuration=0&sessionId=5ff01073-5f05-4e08-8c80-0d2971c3acfa&volume=null&speed=1&position=null&mediaLength=null&isAMP=false
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.38.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 143.38.190.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 1d4a78769df11981630c482bfe090ec752e4a7401e15e79abd8d351f6e034903

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:45 GMT
x-guploader-uploadid: ADPycdtvLUECHAQuVFaMes9_pNp1wszGNd1wXpo4CUfsrnoKBHY86Fiv_4v8XyjHSPkQlPVo0djEVhJ9zr6WP_SDafcSE6YCuW2b
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Wed, 23 Oct 2019 15:45:02 GMT
server: UploadServer
etag: "cc8f8e28fe4d3aa85ca835a029fe08a5"
x-goog-generation: 1571845502045744
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=CskzBw==, md5=zI+OKP5NOqhcqDWgKf4IpQ==
access-control-expose-headers: Content-Type
cache-control: no-cache, no-store, must-revalidate
x-goog-stored-content-length: 43
accept-ranges: bytes
expires: Sat, 17 Feb 2024 12:11:45 GMT

GET
H2 200 ping.gif
player-files.remixd.com/ Frame D8B0 43 B
195 B 339ms
249ms Image
image/gif 35.190.38.143
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://player-files.remixd.com/ping.gif?action=loading&userId=null&referrerUrl=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&domain=chicagotribune.com&adDuration=&inViewDuration=&sessionDuration=1&sessionId=5ff01073-5f05-4e08-8c80-0d2971c3acfa&volume=null&speed=1&position=null&mediaLength=null&isAMP=false
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.38.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 143.38.190.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 1d4a78769df11981630c482bfe090ec752e4a7401e15e79abd8d351f6e034903

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:45 GMT
x-guploader-uploadid: ADPycdt-LE12xT6c5Fcoh00ddnv80ete9msRQjM41X_bJDdmO-wlaUTa2AEvbURPx5iwCoqCRL_WjJHECOS0cuxxSaa2yFt-1XFu
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Wed, 23 Oct 2019 15:45:02 GMT
server: UploadServer
etag: "cc8f8e28fe4d3aa85ca835a029fe08a5"
x-goog-generation: 1571845502045744
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=CskzBw==, md5=zI+OKP5NOqhcqDWgKf4IpQ==
access-control-expose-headers: Content-Type
cache-control: no-cache, no-store, must-revalidate
x-goog-stored-content-length: 43
accept-ranges: bytes
expires: Sat, 17 Feb 2024 12:11:45 GMT

GET
H2 200 ping.gif
player-files.remixd.com/ Frame D8B0 43 B
219 B 440ms
350ms Image
image/gif 35.190.38.143
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://player-files.remixd.com/ping.gif?action=loaded&userId=null&referrerUrl=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&domain=chicagotribune.com&adDuration=&inViewDuration=&sessionDuration=1&sessionId=5ff01073-5f05-4e08-8c80-0d2971c3acfa&volume=null&speed=1&position=null&mediaLength=null&isAMP=false
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.38.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 143.38.190.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 1d4a78769df11981630c482bfe090ec752e4a7401e15e79abd8d351f6e034903

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
x-guploader-uploadid: ADPycds44fxWhw7gfbA4PTrV2pHK8QFs1-41HJgzxVxlL5dQl8PFxCyixEGi1wlWWN7vAzImTpFE-tCZlCXPAkl3kj-uAc2foCvR
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Wed, 23 Oct 2019 15:45:02 GMT
server: UploadServer
etag: "cc8f8e28fe4d3aa85ca835a029fe08a5"
x-goog-generation: 1571845502045744
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=CskzBw==, md5=zI+OKP5NOqhcqDWgKf4IpQ==
access-control-expose-headers: Content-Type
cache-control: no-cache, no-store, must-revalidate
x-goog-stored-content-length: 43
accept-ranges: bytes
expires: Sat, 17 Feb 2024 12:11:46 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame B7E8 102 B
134 B 50ms
50ms Other
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=O4xzMiFqEvA4YhWjk5t8Xuas

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c2789481eb03ebaaac567af091a3f7a9032d8387bab5062279694821d7c1aacc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9ZMIUAAAAAI5fS3P2dp4pUibhIqYeRd01EJ_Q&co=aHR0cHM6Ly93d3cuY2hpY2Fnb3RyaWJ1bmUuY29tOjQ0Mw..&hl=de&v=O4xzMiFqEvA4YhWjk5t8Xuas&size=invisible&cb=6x1t0tlv9uci
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112
x-xss-protection: 1; mode=block
expires: Fri, 17 Feb 2023 12:11:45 GMT

GET
H2 200 entitlements Show response
news.google.com/swg/_/api/v1/publication/chicagotribune.com/ 2 B
763 B 105ms
104ms Fetch
application/json 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/api/v1/publication/chicagotribune.com/entitlements

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: text/plain, application/json
Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:45 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientHttp/cspreport
content-encoding: gzip
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.chicagotribune.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 c550b882848919ee080e14e3a3a084ea Show response
r610.chicagotribune.com/plugin/library/ 292 KB
92 KB 45ms
45ms Script
text/javascript 52.222.139.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r610.chicagotribune.com/plugin/library/c550b882848919ee080e14e3a3a084ea

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-30.ams50.r.cloudfront.net

Software

- /

Resource Hash

87eecb67faf2ab19e08c7f364ddef4c22a194a29ed08a7aeab1250d763ee44aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 08:31:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: AMS50-C1
age: 3555612
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 93905
x-xss-protection: 1; mode=block
last-modified: Fri, 06 Jan 2023 08:31:33 GMT
server: -
etag: c550b882848919ee080e14e3a3a084ea
content-type: text/javascript; charset=utf-8
cache-control: public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag: noindex, nofollow
x-amz-cf-id: P7TMm2gHbmUo3ejDUt6kAEUWQccmJS1TuH6sl5AT8jj1IRGLvTry1Q==
expires: Sun, 07 Jan 2024 08:31:33 GMT

POST
H2 200 LB-Zone-2 Show response
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/726/ 2 KB
2 KB 286ms
285ms XHR
application/json 52.222.139.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/726/LB-Zone-2?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&bcsessionid=&bctempid=51be0617-90df-436a-93f8-a1af9ed454ab&overruleReferrer=&time=2023-02-17T12%3A11%3A45%2B00%3A00&ts=1676635905672

Requested by

Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-30.ams50.r.cloudfront.net

Software

- /

Resource Hash

78d1da3f40e7c23e1081642bcb223e2377329db8c07d2ca7a2ca51713cb4dd3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 17 Feb 2023 12:11:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: AMS50-C1
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 875
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.chicagotribune.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: 9NdiIb0-sKrAvCvk-8mTP9d9qbR3of2RqbA9hjWm_8Xuylv14htJZQ==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H3 200 v2jchSfb17fc6zyRn25UAL_ysARzcepXLWjd0z09zhIeO3quhC4ngcvye9TgQUmAohY5cPCAU Show response
smoggysnakes.com/ 3 B
27 B 56ms
55ms Fetch
application/json 2600:1901:0:d733::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://smoggysnakes.com/v2jchSfb17fc6zyRn25UAL_ysARzcepXLWjd0z09zhIeO3quhC4ngcvye9TgQUmAohY5cPCAU

Requested by

Host: smoggysnakes.com
URL: https://smoggysnakes.com/v2lycXBmloNJvBgX1X4DVpaOIIEDRv-aIb6gvdB6L-b5V3hFPpKkarQ4Y2H5bdtih

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:d733::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Fri, 17 Feb 2023 12:11:45 GMT
via: 1.1 google
x-buildnumber: 764540114
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.chicagotribune.com
x-hostname: fen-hoothoot-europe-west1-spot-cdpb
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie

GET
H3 200 7cHqv4kjgoGqM7E3_-gs51os.woff2
fonts.gstatic.com/s/barlow/v12/ Frame D8B0 20 KB
20 KB 41ms
40ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3_-gs51os.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;600&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.chicagotribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 06:26:43 GMT
x-content-type-options: nosniff
age: 20702
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20960
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:18:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Feb 2024 06:26:43 GMT

GET
H3 200 7cHpv4kjgoGqM7E_DMs5.woff2
fonts.gstatic.com/s/barlow/v12/ Frame D8B0 21 KB
21 KB 43ms
42ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;600&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.chicagotribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 12:42:14 GMT
x-content-type-options: nosniff
age: 84571
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21144
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:43:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 12:42:14 GMT

POST
H2 200 feature-decisions Show response
zephr.chicagotribune.com/zephr/ 27 KB
6 KB 168ms
85ms Fetch
application/json 13.227.219.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://zephr.chicagotribune.com/zephr/feature-decisions
Requested by: Host: assets.zephr.com
URL: https://assets.zephr.com/zephr-browser/1.3.9/zephr-browser.umd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-103.ams54.r.cloudfront.net
Software: /
Resource Hash: 38dd7e0a40699e0c50c805b874fdbd366cff8d78b270ba915fbd10039189389c

Request headers

Accept: application/json
Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 17 Feb 2023 12:11:45 GMT
content-encoding: gzip
via: 1.1 f9d671af272d3b5b3c683203ae8f4cc8.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.chicagotribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
x-amz-cf-id: qOAv0i85xSdtAxJAWY66DgXf3N_j_tUb4ZnE6er7at8flgc1E0rwkA==
x-blaize-request: 6297d77c

OPTIONS
H2 200 feature-decisions
zephr.chicagotribune.com/zephr/ Frame 0
0 62ms
62ms Preflight 13.227.219.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://zephr.chicagotribune.com/zephr/feature-decisions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-103.ams54.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.chicagotribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
access-control-allow-methods: POST,PUT,PATCH,GET,DELETE,OPTIONS,HEAD
access-control-allow-origin: https://www.chicagotribune.com
content-length: 0
date: Fri, 17 Feb 2023 12:11:45 GMT
via: 1.1 f5e34f7c59830a3caffb7df5f36b4dae.cloudfront.net (CloudFront)
x-amz-cf-id: S5AY6mpeFyJvETIQFXOZ8faeEUcq6rR7NyWGUb9MT_xKeKMuKrLJhQ==
x-amz-cf-pop: AMS54-C1
x-cache: Miss from cloudfront

GET
H3

200

serviceiframe Show response
news.google.com/swg/ui/v1/ Frame 6F4E
Redirect Chain

https://news.google.com/swg/_/ui/v1/serviceiframe?_=465732&publicationId=chicagotribune.com
https://news.google.com/swg/ui/v1/serviceiframe?_=465732&publicationId=chicagotribune.com

16 KB
7 KB

100ms
100ms

Document
text/html

2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/ui/v1/serviceiframe?_=465732&publicationId=chicagotribune.com

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8a02e802a6fb6a9655581ad42a0f370e004ff0c8a8d45cc5e69561ee688a583d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KHvRN6Xj32wHIpXNwZYb8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.chicagotribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-KHvRN6Xj32wHIpXNwZYb8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-resource-policy: same-site
date: Fri, 17 Feb 2023 12:11:45 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

Redirect headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
content-security-policy: script-src 'report-sample' 'nonce-KBRRpt3LrIEm3ElDbV0iMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
content-type: application/binary
cross-origin-resource-policy: same-site
date: Fri, 17 Feb 2023 12:11:45 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
location: https://news.google.com/swg/ui/v1/serviceiframe?_=465732&publicationId=chicagotribune.com
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 cspreport
news.google.com/swg/_/SubscribewithgoogleClientUi/ Frame 6F4E 0
27 B 97ms
97ms Other
text/html 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/SubscribewithgoogleClientUi/cspreport

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-D_0dNEc19cOt01i-muliGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/swg/ui/v1/serviceiframe?_=465732&publicationId=chicagotribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-D_0dNEc19cOt01i-muliGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"SubscribewithgoogleClientUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientUi/external"}]}
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="SubscribewithgoogleClientUi"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m=serviceiframeview,_b,_tp,_r
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/ss/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.oBAglCAPbis.L.B1.O/am=dAYACA/d=1/ed=1/rs=ABXTjI5tiweOxOmOF8L6nTlNsCrBPhri3Q/ Frame 6F4E 521 B
337 B 40ms
40ms Stylesheet
text/css 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/ss/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.oBAglCAPbis.L.B1.O/am=dAYACA/d=1/ed=1/rs=ABXTjI5tiweOxOmOF8L6nTlNsCrBPhri3Q/m=serviceiframeview,_b,_tp,_r

Requested by

Host: news.google.com
URL: https://news.google.com/swg/ui/v1/serviceiframe?_=465732&publicationId=chicagotribune.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

476d60955514d59fff612bff247149d6c3d8040247ec574886143d08163e1717

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 16:22:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71357
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 311
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 00:18:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/css; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Feb 2024 16:22:28 GMT

GET
H3 200 m=_b,_tp,_r Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/am=dAYACA/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/rs=ABXTjI... Frame 6F4E 196 KB
69 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/am=dAYACA/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/rs=ABXTjI4I0WqZ5ORXru-FoGF0RM93w10DAQ/m=_b,_tp,_r

Requested by

Host: news.google.com
URL: https://news.google.com/swg/ui/v1/serviceiframe?_=465732&publicationId=chicagotribune.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4cf7a559cce212513f2cb3038a080a32d9569a3cf6cbc61fac2b5c3284661da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 17:53:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65890
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70465
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 03:54:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Feb 2024 17:53:35 GMT

POST
H2 200 726 Show response
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/ 2 KB
2 KB 372ms
372ms XHR
application/json 52.222.139.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/726?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&bcsessionid=51be0617-90df-436a-93f8-a1af9ed454ab&bctempid=&overruleReferrer=&time=2023-02-17T12%3A11%3A45%2B00%3A00&ts=1676635905996

Requested by

Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-30.ams50.r.cloudfront.net

Software

- /

Resource Hash

ae6e48bc99a2e998864756249b80e38d14cef42251698256ed8d100a462e3f3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: AMS50-C1
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 1131
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.chicagotribune.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: P26SWMZwi1hkdgXP2TqEWoq9NTQ8HQWVSsA5WCwxZf1jFud4sWrMSg==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 stats Show response
r610.chicagotribune.com/rest/recommendations/ 16 B
859 B 423ms
423ms Script
text/javascript 52.222.139.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r610.chicagotribune.com/rest/recommendations/stats?storeId=699df7a9-502c-4c05-85b0-78cce8b0f987&action=view&itemId=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&url=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&profileId=51be0617-90df-436a-93f8-a1af9ed454ab&isEntrypage=true&hash=1ff764f066a30934d63e19cac57b01ee&lastmodified=1671208516000&&callback=bc_json728

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-30.ams50.r.cloudfront.net

Software

- /

Resource Hash

a50890901413f8305291efe7442cc60cc3bc1670dd2fb6803cb6911ca84fad42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: AMS50-C1
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 36
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: text/javascript;charset=utf-8
cache-control: no-cache, no-store, no-transform, must-revalidate, private
x-robots-tag: noindex, nofollow
x-amz-cf-id: t7oCvAzKiblQtR9HF9TW6qIVUOpfC-EZ5OH79YPXLX8Ebx01MPZvJg==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 726 Show response
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/ 383 B
1 KB 371ms
371ms XHR
application/json 52.222.139.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/726?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&bcsessionid=51be0617-90df-436a-93f8-a1af9ed454ab&bctempid=&overruleReferrer=&time=2023-02-17T12%3A11%3A46%2B00%3A00&ts=1676635906015

Requested by

Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-30.ams50.r.cloudfront.net

Software

- /

Resource Hash

ee9f78cbc7a4ab43cbf92257875500fe4a97c940ca581996699f0749a5ca3584

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: AMS50-C1
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 181
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.chicagotribune.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: L2iUNNgsXquzme2LQAFkI4Oa1or9bxBt23TQUFzqFbNZWAv-jONVzQ==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 726 Show response
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/ 192 B
1 KB 289ms
289ms XHR
application/json 52.222.139.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/726?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&bcsessionid=51be0617-90df-436a-93f8-a1af9ed454ab&bctempid=&overruleReferrer=&time=2023-02-17T12%3A11%3A46%2B00%3A00&ts=1676635906016

Requested by

Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-30.ams50.r.cloudfront.net

Software

- /

Resource Hash

2ec828e9594b78b2e2fdf2a2242f095e84677a2dfc662e6c7a15c61c18cb791d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: AMS50-C1
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 170
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.chicagotribune.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: pSiaMHpaqcX_6X02HYr-i3LxI_SI0NbnHP5AgZzvwsqBMZRsSzglzg==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 726 Show response
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/ 2 KB
2 KB 295ms
295ms XHR
application/json 52.222.139.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/726?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&bcsessionid=51be0617-90df-436a-93f8-a1af9ed454ab&bctempid=&overruleReferrer=&time=2023-02-17T12%3A11%3A46%2B00%3A00&ts=1676635906028

Requested by

Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-30.ams50.r.cloudfront.net

Software

- /

Resource Hash

4871239c73a05d562e4bf0cc0f8f46410efe7311b303f57f2177ea101a06bb16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: AMS50-C1
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 1131
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.chicagotribune.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: E5zKlFpXCbpYSfm4ykRGf8k9dRgu-jrBdwdc2YY3he1C0ziaQ8XF5A==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ 2 KB
425 B 51ms
50ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,700,900&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

52519e8c754d4fd14b9ea19ff3f3e758ad1978858827881984e7da06a285ef97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 Feb 2023 10:28:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Feb 2023 12:11:46 GMT

GET
H2 200 banner-presidents-sale.png
www.chicagotribune.com/subscriptions/modal-global/img/ 3 KB
3 KB 74ms
71ms Image
image/png 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/subscriptions/modal-global/img/banner-presidents-sale.png

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8519df10b3f0f4815490db3440298a19885f4c46ad1f0938684620189f9402b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 120, 120, 120, 120, 120, 120, 120, 120
x-amz-version-id: OYBv4CAJ5AO0Z2Fgrl2MpqH0pXX0jxAQ
date: Fri, 17 Feb 2023 12:11:46 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Tue, 17 Jan 2023 17:06:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
etag: "4b3f919eb72a4e59b31402c6116f9095"
x-arc-request-id: 0.9d7d1302.1676635906.18ac9de
content-type: image/png
cache-control: private, max-age=1
server-timing: ak_p; desc="465732_34831773_25872862_2347_8386_39_0";dur=1
content-length: 2949
x-amz-cf-id: QXcz5DyvKHnMt4M_l2fA58cFBG9wLtuTZgAYikr6FjZAAwH7u7RG1A==
expires: Fri, 17 Feb 2023 12:11:47 GMT

GET
H2 200 arrow.svg
www.chicagotribune.com/subscriptions/modal-global/img/ 862 B
1 KB 84ms
81ms Image
image/svg+xml 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/subscriptions/modal-global/img/arrow.svg

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e032575ce4b515c457c0cf6c2dc05a33265351dfc72365e353669418cfc047d0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 120
x-amz-version-id: 8UVaenlHzAE6BRrrl0X5eatDHeivHExx
content-encoding: gzip
date: Fri, 17 Feb 2023 12:11:46 GMT
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: FRA2-C2
x-arc-request-id: 0.9d7d1302.1676635906.18aca33
server-timing: ak_p; desc="465732_34831773_25872947_2505_7464_39_0";dur=1
content-length: 544
last-modified: Mon, 17 Oct 2022 20:54:33 GMT
server: AmazonS3
etag: "961aedd1fed3b3c87e42a9b9f48e8975"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=1
x-amz-cf-id: TzKSRq9IxuGQlRDuk7v7Z0Ogw8MfM4dw2HdPNR-Zw3D_2P3mXlFYBQ==
expires: Fri, 17 Feb 2023 12:11:47 GMT

GET
H2 200 icon-laptop.png
www.chicagotribune.com/subscriptions/modal-global/img/ 4 KB
5 KB 94ms
91ms Image
image/png 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/subscriptions/modal-global/img/icon-laptop.png

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bc96ea6e178463aae045454a8bb583cb8678f20c922a20723bbcdb0b0f242816

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 120, 120, 120, 120, 120, 120, 120, 120
x-amz-version-id: tebKdJyUpG0Byn4LBF9J0h7iC0PNneV_
date: Fri, 17 Feb 2023 12:11:46 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 17 Oct 2022 20:54:34 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
etag: "10c5ddda2dce705aa29de726fdd86de3"
x-arc-request-id: 0.9d7d1302.1676635906.18aca35
content-type: image/png
cache-control: private, max-age=1
server-timing: ak_p; desc="465732_34831773_25872949_3617_5276_39_0";dur=1
content-length: 4400
x-amz-cf-id: 4kgRx5D8-3W8i7kZm7v3xmggJW2Ndh3VlC_AbNVzjOqAERF9HX5lpw==
expires: Fri, 17 Feb 2023 12:11:47 GMT

GET
H2 200 icon-noads.png
www.chicagotribune.com/subscriptions/modal-global/img/ 3 KB
3 KB 75ms
72ms Image
image/png 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/subscriptions/modal-global/img/icon-noads.png

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9ff4bae221a902760c0269d72a02a8e7abdb54597f9a1872a4212f4a5a463ed5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 120, 120, 120
x-amz-version-id: zZWudYECO5ZTTqCVOSz6Qjb.BU5KmHfs
date: Fri, 17 Feb 2023 12:11:46 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 17 Oct 2022 20:54:34 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
etag: "4e1d08e642478b4ec71c8fd0b9c256a2"
x-arc-request-id: 0.9d7d1302.1676635906.18aca36
content-type: image/png
cache-control: private, max-age=1
server-timing: ak_p; desc="465732_34831773_25872950_1883_6267_39_0";dur=1
content-length: 2577
x-amz-cf-id: 2ELAX6kW1d_04YyNAc9hdJdBZMfmfoX_CZTKwT7PJOWq6-oob_XajQ==
expires: Fri, 17 Feb 2023 12:11:47 GMT

GET
H2 200 icon-tablet.png
www.chicagotribune.com/subscriptions/modal-global/img/ 2 KB
2 KB 80ms
77ms Image
image/png 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/subscriptions/modal-global/img/icon-tablet.png

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

20d36b1439759089674dc4d2a6bc17436719a75911b63398b54772458dc709c2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 120, 120
x-amz-version-id: w2CA2N0lZbRRgAIOV7FuPXyRsQcxjcTZ
date: Fri, 17 Feb 2023 12:11:46 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 17 Oct 2022 20:54:34 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
etag: "f30c900e60e4064f42517091db8b501b"
x-arc-request-id: 0.9d7d1302.1676635906.18aca37
content-type: image/png
cache-control: private, max-age=1
server-timing: ak_p; desc="465732_34831773_25872951_2342_6443_39_0";dur=1
content-length: 1911
x-amz-cf-id: idl6xOT3bBJvskcY8_9Yzn5S9qIt1samFdsmo_YtkWwjcOWpvRNx-w==
expires: Fri, 17 Feb 2023 12:11:47 GMT

GET
H2 200 icon-phone.png
www.chicagotribune.com/subscriptions/modal-global/img/ 4 KB
5 KB 79ms
76ms Image
image/png 2a02:26f0:480:f::213:7edd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.chicagotribune.com/subscriptions/modal-global/img/icon-phone.png

Requested by

Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3298bdfdcf3cc6b8bac3088bb71036c0be9eba411cff6c6902b1d53e63124adc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

akamai-true-ttl: 120, 120, 120
x-amz-version-id: XTPYNp8GXdmkOVzf9BRCbDM4HFWxEZwE
date: Fri, 17 Feb 2023 12:11:46 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Mon, 17 Oct 2022 20:54:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
etag: "9a86e435cce562f363835eb199472583"
x-arc-request-id: 0.9d7d1302.1676635906.18aca38
content-type: image/png
cache-control: private, max-age=1
server-timing: ak_p; desc="465732_34831773_25872952_2243_6501_39_0";dur=1
content-length: 4359
x-amz-cf-id: i2jQXeSitibSKGy6jJ8VfAvXsJrHXMb9fjTky9nUzpQe2LduzXdJaw==
expires: Fri, 17 Feb 2023 12:11:47 GMT

POST
H2 200 feature-decisions Show response
zephr.chicagotribune.com/zephr/ 29 KB
7 KB 85ms
85ms Fetch
application/json 13.227.219.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://zephr.chicagotribune.com/zephr/feature-decisions
Requested by: Host: assets.zephr.com
URL: https://assets.zephr.com/zephr-browser/1.3.9/zephr-browser.umd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-103.ams54.r.cloudfront.net
Software: /
Resource Hash: cd2ad425b7a57c33cfab9c368c24eafd08a4176b4e540480f742e287889f56bb

Request headers

Accept: application/json
Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
via: 1.1 f9d671af272d3b5b3c683203ae8f4cc8.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.chicagotribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
x-amz-cf-id: eRbROWmd44A4plFKVKdcVpx-mCkpWbjXrHe1ijAPd_7J0VFDwWMyfA==
x-blaize-request: ffffffff9c76b2fa

OPTIONS
H2 200 feature-decisions
zephr.chicagotribune.com/zephr/ Frame 0
0 84ms
82ms Preflight 13.227.219.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://zephr.chicagotribune.com/zephr/feature-decisions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.219.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-219-103.ams54.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.chicagotribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
access-control-allow-methods: POST,PUT,PATCH,GET,DELETE,OPTIONS,HEAD
access-control-allow-origin: https://www.chicagotribune.com
content-length: 0
date: Fri, 17 Feb 2023 12:11:46 GMT
via: 1.1 f5e34f7c59830a3caffb7df5f36b4dae.cloudfront.net (CloudFront)
x-amz-cf-id: 0BuQVaLFQYgBCGMNUL7jkvu-ALOOByCAFEAD8VzOYH0f9dIw6HLkZw==
x-amz-cf-pop: AMS54-C1
x-cache: Miss from cloudfront

GET
H3 200 m=byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,ws9Tlc,fKUV3e,aurFic,U0aPgd,LEikZe,NwH0H,OmgaI,gychg,EEDORb,Mlhmy,zG9H6c,ZfAoz,kWgXee,ovKuLd,yDVVkb,KG2eXe,DfBslb Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.oBAglCAPbis.L.B1... Frame 6F4E 124 KB
42 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.oBAglCAPbis.L.B1.O/am=dAYACA/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI4klc4MQJyPZxs7Vo3MqAmf1rSvFQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/m=byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,ws9Tlc,fKUV3e,aurFic,U0aPgd,LEikZe,NwH0H,OmgaI,gychg,EEDORb,Mlhmy,zG9H6c,ZfAoz,kWgXee,ovKuLd,yDVVkb,KG2eXe,DfBslb

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/am=dAYACA/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/rs=ABXTjI4I0WqZ5ORXru-FoGF0RM93w10DAQ/m=_b,_tp,_r

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b74868aa7a67fe02d92ade2e51c6be9cd1d01c26ddb848038c13835e1ffc1749

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 18:17:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64450
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42892
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 00:18:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Feb 2024 18:17:36 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.oBAglCAPbis.L.B1... Frame 6F4E 17 KB
7 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.oBAglCAPbis.L.B1.O/am=dAYACA/d=1/exm=COQbmf,DfBslb,EEDORb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,ZfAoz,_b,_r,_tp,aurFic,byfTOb,fKUV3e,gychg,kWgXee,lsjVmc,ovKuLd,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI4klc4MQJyPZxs7Vo3MqAmf1rSvFQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc048c09a8d760da2274f28563f1733f0b12d668122d570226c35870cc939d07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 18:17:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64450
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7309
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 00:18:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Feb 2024 18:17:36 GMT

GET
H3 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 47ms
46ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.chicagotribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:49:32 GMT
x-content-type-options: nosniff
age: 4934
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Feb 2024 10:49:32 GMT

GET
H3 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 22 KB
22 KB 55ms
55ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.chicagotribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:48:08 GMT
x-content-type-options: nosniff
age: 113018
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22504
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 04:48:08 GMT

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 40ms
40ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.chicagotribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 22:41:28 GMT
x-content-type-options: nosniff
age: 48618
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Feb 2024 22:41:28 GMT

POST
H2 200 tp2 Show response
collector2.sophi.io/com.snowplowanalytics.snowplow/ 2 B
227 B 130ms
130ms XHR
text/plain 52.223.1.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector2.sophi.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn.sophi.io
URL: https://cdn.sophi.io/latest/sophi.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.1.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8fd921d2017b5f79.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://www.chicagotribune.com
date: Fri, 17 Feb 2023 12:11:46 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

OPTIONS
H2 200 tp2
collector2.sophi.io/com.snowplowanalytics.snowplow/ Frame 0
0 130ms
130ms Preflight 52.223.1.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector2.sophi.io/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.1.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8fd921d2017b5f79.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.chicagotribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.chicagotribune.com
access-control-max-age: 600
content-length: 0
date: Fri, 17 Feb 2023 12:11:46 GMT
server: nginx

GET
H3 200 m=bm51tf Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.oBAglCAPbis.L.B1... Frame 6F4E 1 KB
741 B 44ms
44ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.oBAglCAPbis.L.B1.O/am=dAYACA/d=1/exm=COQbmf,DfBslb,EEDORb,FCpbqb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,WhJNk,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,byfTOb,fKUV3e,gychg,hhhU8,kWgXee,lsjVmc,ovKuLd,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI4klc4MQJyPZxs7Vo3MqAmf1rSvFQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/m=bm51tf

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdfc386cb96ae30a9a30918bec2434a76440793c217beaa72eb30d43c54b5a28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 18:17:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64450
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 715
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 00:18:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Feb 2024 18:17:36 GMT

GET
H3 200 m=RqjULd Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.oBAglCAPbis.L.B1... Frame 6F4E 11 KB
4 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.oBAglCAPbis.L.B1.O/am=dAYACA/d=1/exm=COQbmf,DfBslb,EEDORb,FCpbqb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,WhJNk,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,bm51tf,byfTOb,fKUV3e,gychg,hhhU8,kWgXee,lsjVmc,ovKuLd,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI4klc4MQJyPZxs7Vo3MqAmf1rSvFQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/m=RqjULd

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

601d52067791cdb3d53ab7091b146b91eb96cae34a84af3d6d2bd7a439ca50e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 18:17:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64450
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4145
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 00:18:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Feb 2024 18:17:36 GMT

POST
H2 200 log Show response
play.google.com/ Frame 6F4E 131 B
579 B 166ms
62ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Feb 2023 12:11:46 GMT

POST
H3 200 batchexecute Show response
news.google.com/swg/_/SubscribewithgoogleClientUi/data/ Frame 6F4E 165 B
194 B 100ms
99ms XHR
application/json 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&source-path=%2Fswg%2Fui%2Fv1%2Fserviceiframe&f.sid=-3256405271508817676&bl=boq_subscribewithgoogleclientserver_20230215.07_p0&hl=de&soc-app=673&soc-platform=1&soc-device=1&_reqid=43907&rt=c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b89b22e5c3cc0c708be24eba7fcc4d440655f10951ad318c637dbdd23cc60733

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Same-Domain: 1
Referer: https://news.google.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
content-encoding: gzip
cross-origin-resource-policy: same-site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"SubscribewithgoogleClientUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientUi/external"}]}
content-type: application/json; charset=utf-8
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="SubscribewithgoogleClientUi"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m=n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,O6y8ed,PrPYRd,MpJwZc,XVMNvd,L1AAkb,KUM7Z,s39S4,SdcwHb,aW3pY,pw70Gc,wmnU7d,Z5uLle,xQtZb,QIhFr,hc6Ubd,SpsfSb,MdUzUe,zbML3c Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.oBAglCAPbis.L.B1... Frame 6F4E 108 KB
36 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.5HhjugxJgQ0.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.oBAglCAPbis.L.B1.O/am=dAYACA/d=1/exm=COQbmf,DfBslb,EEDORb,FCpbqb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,RqjULd,U0aPgd,WhJNk,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,bm51tf,byfTOb,fKUV3e,gychg,hhhU8,kWgXee,lsjVmc,ovKuLd,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI4klc4MQJyPZxs7Vo3MqAmf1rSvFQ/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/m=n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,O6y8ed,PrPYRd,MpJwZc,XVMNvd,L1AAkb,KUM7Z,s39S4,SdcwHb,aW3pY,pw70Gc,wmnU7d,Z5uLle,xQtZb,QIhFr,hc6Ubd,SpsfSb,MdUzUe,zbML3c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4272282ad7fed99cf21178d7f48758985ce550be0d20169fa4f5ef7d397511ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 18:17:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64450
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36621
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 00:18:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Feb 2024 18:17:36 GMT

GET
H3 200 css2
fonts.googleapis.com/ 2 KB
427 B 51ms
50ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@300;400;900&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

690ccd1d5147450547924d553c47ba22f8d9c3fc79c5357e5e51df1f709cca1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 Feb 2023 12:11:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Feb 2023 12:11:46 GMT

POST
H2 200 log Show response
play.google.com/ Frame 6F4E 131 B
273 B 50ms
48ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Feb 2023 12:11:46 GMT

OPTIONS
H3 200 log
play.google.com/ Frame 0
0 128ms
47ms Preflight
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://news.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://news.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 17 Feb 2023 12:11:46 GMT
expires: Fri, 17 Feb 2023 12:11:46 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 log Show response
play.google.com/ Frame 6F4E 131 B
273 B 50ms
49ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Feb 2023 12:11:46 GMT

OPTIONS
H3 200 log
play.google.com/ Frame 0
0 128ms
48ms Preflight
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://news.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://news.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 17 Feb 2023 12:11:46 GMT
expires: Fri, 17 Feb 2023 12:11:46 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 log Show response
play.google.com/ Frame 6F4E 131 B
273 B 50ms
50ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 17 Feb 2023 12:11:46 GMT

OPTIONS
H3 200 log
play.google.com/ Frame 0
0 127ms
48ms Preflight
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://news.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://news.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 17 Feb 2023 12:11:46 GMT
expires: Fri, 17 Feb 2023 12:11:46 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 726 Show response
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/ 383 B
1 KB 288ms
287ms XHR
application/json 52.222.139.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/726?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&bcsessionid=51be0617-90df-436a-93f8-a1af9ed454ab&bctempid=&overruleReferrer=&time=2023-02-17T12%3A11%3A46%2B00%3A00&ts=1676635906325

Requested by

Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.139.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-139-30.ams50.r.cloudfront.net

Software

- /

Resource Hash

93ae480b2cdbbc7d8d8c80d2530aa781163b554ce0e22e3ac2de1602afd11dcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ef2cb74895744344a0ea2100fbbb760a.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: AMS50-C1
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 180
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.chicagotribune.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: c86ZDHxZvU-RrAy7A5GVp7i7P-gRLM5ReADDvP71SkuwXWpoA7zmHw==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 tp2 Show response
collector2.sophi.io/com.snowplowanalytics.snowplow/ 2 B
227 B 130ms
130ms XHR
text/plain 52.223.1.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector2.sophi.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn.sophi.io
URL: https://cdn.sophi.io/latest/sophi.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.1.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8fd921d2017b5f79.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.chicagotribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://www.chicagotribune.com
date: Fri, 17 Feb 2023 12:11:46 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

OPTIONS
H2 200 tp2
collector2.sophi.io/com.snowplowanalytics.snowplow/ Frame 0
0 130ms
130ms Preflight 52.223.1.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector2.sophi.io/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.1.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a8fd921d2017b5f79.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.chicagotribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.chicagotribune.com
access-control-max-age: 600
content-length: 0
date: Fri, 17 Feb 2023 12:11:46 GMT
server: nginx

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 118ms
118ms Image
image/gif 34.235.180.68
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=pv&page=Lansing%20woman%E2%80%99s%20MJG%20Movement%20honors%20daughter%20lost%20to%20suicide%20while%20spreading%20kindness%2C%20generosity%20%20%20%E2%80%93%20Chicago%20Tribune&tv=js-3.0.153&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_es6=1&f_gears=2&tvltm=9&tvcfg=fusion&tid=9b30129c-0554-48bd-9199-a08a0432d3ce&pid=a13c42a6-391e-467e-86dc-2b01d865a1b1&dtm=1676635906388&qnm=_matherq&visible=1&tabid=67fdb21c-b91f-47b6-b89d-fa17fdf293ca&url=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&vp=1600x1200&ds=1600x1200&tofa=1676635905&vid=1&lvidt=1676635905&duid=76cb3e9b77f80344&fp=3469908396&cid=ma89701&mrk=197837611&cx=eyJhY3Rpb24iOnsidHlwZSI6InBheXdhbGwiLCJjYXRlZ29yeSI6ImJsb2NrIiwiYWN0aW9uIjoic3RvcCIsIm91dGNvbWVzIjpbeyJmZWF0dXJlTGFiZWwiOiJQcm9kIENUIE1ldGVyIiwib3V0Y29tZUlkIjoidHJhbnNmb3JtYXRpb24vNjYiLCJvdXRjb21lTGFiZWwiOiJTb3BoaSBDTVAgUGF5d2FsbCBSZWN1cmx5IEFub24ifV0sIm1ldGVyIjp7fSwidHJpYWxUcmFja2luZ0RldGFpbCI6e30sInZlbmRvciI6InplcGhyIiwiZmxvd3JlZiI6eyJkYXkwIjp7ImZsb3ciOiJwYXl3YWxsIiwidGlkIjoiOWIzMDEyOWMtMDU1NC00OGJkLTkxOTktYTA4YTA0MzJkM2NlIiwidGltZSI6IjE2NzY2MzU5MDYifSwiZGF5NSI6eyJ0aW1lIjoiMTY3NjYzNTkwNiJ9LCJkYXkzMCI6eyJ0aW1lIjoiMTY3NjYzNTkwNiJ9fX0sImF1ZGllbmNlIjpbeyJwcm92aWRlciI6InVzZXJEQiIsInNlZ21lbnRzIjpbIk1BVEhFUl9VOV9GSVJTVFRJTUVNRVQyXzIwMTkxMDE2Il0sInBhZ2VJZCI6ImExM2M0MmE2LTM5MWUtNDY3ZS04NmRjLTJiMDFkODY1YTFiMSJ9LHsicHJvdmlkZXIiOiJpU2VncyIsInNlZ21lbnRzIjpbIk1BVEhFUl9VOV9GSVJTVFRJTUVNRVQyXzIwMTkxMDE2Il0sInBhZ2VJZCI6ImExM2M0MmE2LTM5MWUtNDY3ZS04NmRjLTJiMDFkODY1YTFiMSJ9XX0
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.180.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-180-68.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Fri, 17 Feb 2023 12:11:46 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 118ms
117ms Image
image/gif 34.235.180.68
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=pv&page=Lansing%20woman%E2%80%99s%20MJG%20Movement%20honors%20daughter%20lost%20to%20suicide%20while%20spreading%20kindness%2C%20generosity%20%20%20%E2%80%93%20Chicago%20Tribune&tv=js-3.0.153&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_es6=1&f_gears=2&tvltm=9&tvcfg=fusion&tid=cb6ec1da-6019-4f03-a09e-2d043588e42b&pid=a13c42a6-391e-467e-86dc-2b01d865a1b1&dtm=1676635906394&qnm=_matherq&visible=1&tabid=67fdb21c-b91f-47b6-b89d-fa17fdf293ca&url=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&vp=1600x1200&ds=1600x1200&tofa=1676635905&vid=1&lvidt=1676635905&duid=76cb3e9b77f80344&fp=3469908396&cid=ma89701&mrk=197837611&cx=eyJhY3Rpb24iOnsiY2F0ZWdvcnkiOiJkaXNwbGF5IiwiYWN0aW9uIjoiY29udGVudCIsIm91dGNvbWVzIjpbeyJmZWF0dXJlTGFiZWwiOiJQcm9kIENUIE1ldGVyIiwib3V0Y29tZUlkIjoidHJhbnNmb3JtYXRpb24vNjYiLCJvdXRjb21lTGFiZWwiOiJTb3BoaSBDTVAgUGF5d2FsbCBSZWN1cmx5IEFub24ifSx7ImZlYXR1cmVMYWJlbCI6IlRvYXN0ZXIiLCJvdXRjb21lSWQiOiJ0cmFuc2Zvcm1hdGlvbi8xNDciLCJvdXRjb21lTGFiZWwiOiJDLUNULUlaLUQtTi1Uc3QifV0sIm1ldGVyIjp7fSwidHJpYWxUcmFja2luZ0RldGFpbCI6e30sIm91dGNvbWVMYWJlbCI6IlNvcGhpIENNUCBQYXl3YWxsIFJlY3VybHkgQW5vbiIsInZlbmRvciI6InplcGhyIiwidHlwZSI6InVua25vd24ifSwiYXVkaWVuY2UiOlt7InByb3ZpZGVyIjoidXNlckRCIiwic2VnbWVudHMiOlsiTUFUSEVSX1U5X0ZJUlNUVElNRU1FVDJfMjAxOTEwMTYiXSwicGFnZUlkIjoiYTEzYzQyYTYtMzkxZS00NjdlLTg2ZGMtMmIwMWQ4NjVhMWIxIn0seyJwcm92aWRlciI6ImlTZWdzIiwic2VnbWVudHMiOlsiTUFUSEVSX1U5X0ZJUlNUVElNRU1FVDJfMjAxOTEwMTYiXSwicGFnZUlkIjoiYTEzYzQyYTYtMzkxZS00NjdlLTg2ZGMtMmIwMWQ4NjVhMWIxIn1dfQ
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.180.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-180-68.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Fri, 17 Feb 2023 12:11:46 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 web Show response
onesignal.com/api/v1/sync/3f49be5a-bc89-48d8-b745-f51873a6c36f/ 6 KB
2 KB 63ms
53ms Script
text/javascript 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/3f49be5a-bc89-48d8-b745-f51873a6c36f/web?callback=__jp0

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8ea67c66091ec4466f92d7e517962991740adc74eec3372fd3cacb5c29b6339

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
age: 3516
cf-polished: origSize=5659
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 56c48899-eb1c-4ca1-983b-15a8a13a70da
x-runtime: 0.046382
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"2618cd28337482c868f54273d620153c"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 79ae6d70ae5090da-FRA
access-control-allow-headers: SDK-Version
expires: Fri, 17 Feb 2023 13:11:46 GMT

GET
H2 204 asyncPixelSync
pixel.sitescout.com/dmp/ Frame 3A63 0
0 133ms
41ms Document
text/plain 98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync
Requested by: Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/suburbs/daily-southtown/ct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash

Request headers

Referer: https://www.chicagotribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0,no-cache,no-store
date: Fri, 17 Feb 2023 12:11:45 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: AC1.1

GET
H2 204 c780cfde9d493686
pixel.sitescout.com/iap/ 0
191 B 131ms
42ms Image
text/plain 98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/iap/c780cfde9d493686
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Fri, 17 Feb 2023 12:11:46 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
BLOB 200
OK 38875512-1e26-42c0-8619-6e572f260251
https://www.chicagotribune.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.chicagotribune.com/38875512-1e26-42c0-8619-6e572f260251
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9512d2de91fd27231a5efa08114917ca1bd054801f828b81d55f7a4b5f06b108

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
BLOB 200
OK 3bd9e34f-1df7-4ca1-bc27-6d99f3be6691
https://www.chicagotribune.com/ 390 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.chicagotribune.com/3bd9e34f-1df7-4ca1-bc27-6d99f3be6691
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9512d2de91fd27231a5efa08114917ca1bd054801f828b81d55f7a4b5f06b108

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Length: 390
Content-Type: text/javascript

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1052291973/ 2 KB
2 KB 141ms
53ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1052291973/?random=1676635906651&cv=11&fst=1676635906651&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&tiba=Lansing%20woman%E2%80%99s%20MJG%20Movement%20honors%20daughter%20lost%20to%20suicide%20while%20spreading%20kindness%2C%20generosity%20%E2%80%93%20Chicago%20Tribune&us_privacy=1---&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

094ae6dea260f5e1a536accf60d074d75f0e74c6fdc615a601614fba2c463407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 12:11:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1013
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 53ms
52ms Stylesheet
text/css 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2

Requested by

Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 12:11:46 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1794
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 79ae6d711f0235e6-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 19 Mar 2023 12:11:46 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/1052291973/ 42 B
64 B 52ms
51ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1052291973/?random=1676635906651&cv=11&fst=1676635200000&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&tiba=Lansing%20woman%E2%80%99s%20MJG%20Movement%20honors%20daughter%20lost%20to%20suicide%20while%20spreading%20kindness%2C%20generosity%20%E2%80%93%20Chicago%20Tribune&fmt=3&is_vtc=1&random=2310661611&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 12:11:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1052291973/ 42 B
455 B 142ms
52ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1052291973/?random=1676635906651&cv=11&fst=1676635200000&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&tiba=Lansing%20woman%E2%80%99s%20MJG%20Movement%20honors%20daughter%20lost%20to%20suicide%20while%20spreading%20kindness%2C%20generosity%20%E2%80%93%20Chicago%20Tribune&fmt=3&is_vtc=1&random=2310661611&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 12:11:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
200 B 118ms
117ms Image
image/gif 3.212.58.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=chicagotribune.com&p=%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&u=BUcz-pD9GOunbHvIA&d=chicagotribune.com&g=3906&g0=suburbs%2Csuburbs%3Adaily-southtown&g1=Bill%20Jones&n=1&f=00001&c=0.04&x=0&m=0&y=3143&o=1600&w=1200&j=30&R=1&W=0&I=0&E=2&e=2&r=&PA=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&b=2210&t=Buvwf0Dj08HYB21tN4DdtWmmXqHJS&V=139&tz=0&_acct=anon&sn=2&sv=Btapli68EQywVI-jB7ySRCDYSG8J&sd=1&im=067b0fff&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.58.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-58-10.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 17 Feb 2023 12:11:47 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
426 B 56ms
55ms Image
image/gif 34.253.85.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_ui=2f12c764-698f-4e3c-9df7-0fe8170a7b73&ntv_fl=hFT75SEIQqn36BKsyWHPWBXdQyemWh6WL_7mtpfGfDY3oA1u2x17Dgo8lO0hvYKzOb9KYlQvjK3IkaAv151EKg7UE75PM4oTMhGZXwWyZ1cwU5B0faGXRHdkmM8fds4Z-9UVDQUX7h2nEx6ZYBcsSoDgxWNf9Eb5A9V98P8bCfYLm4OcKXCkQPUCmFl5ALeCMmQ4z4DC5YskQMuc_C5Klv1YJQS4zda28m86taYrTDw3yK0rCOfLw4w-jYgTSw0boFSUor-faSk0FecE7LA99OhhAXPsbhurUXrOgDatu-qGR-6hJ4azYknmD17gzTn5zWg50jyx8MW1SCqEBdvXwQ==&ntv_ht=AG_vYwA&ntv_at=808&ntv_a=AAAAAAAAAA7O4QA&ntv_sat=5&ord=1676635908606&ntv_it
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.85.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-85-210.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 12:11:48 GMT
server: nginx/1.12.2
content-type: image/gif
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 132ms
41ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1757361571160924&ev=ViewContent&ts=1676635910659&it=1676635910659&v=2.7.21&if=false&cd[article_content_tier]=free&cd[is_subscriber]=true&dl=https%3A%2F%2Fwww.chicagotribune.com%2Fsuburbs%2Fdaily-southtown%2Fct-sta-mjg-movement-giveaway-st-1216-20221216-2ftxqbxqg5guflnhrhu6yb6syi-story.html&rl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de -, , ASN (),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.chicagotribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 17 Feb 2023 12:11:50 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

Verdicts & Comments Add Verdict or Comment

201 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.chicagotribune.com/subscriptions/modal-global/img	1970-01-20 18:29:31	Name: _lbz Value: 0
.chicagotribune.com/suburbs/daily-southtown	1970-01-20 18:29:31	Name: _lbz Value: 0
r610.chicagotribune.com/DG/DEFAULT	1970-01-20 19:19:55	Name: BCSessionID Value: 51be0617-90df-436a-93f8-a1af9ed454ab
.chicagotribune.com/	1970-01-20 09:43:56	Name: _lb Value: 2
.chicagotribune.com/	1970-01-20 09:43:59	Name: AKA_A2 Value: A
.chicagotribune.com/	1970-01-20 19:12:43	Name: _cb Value: BUcz-pD9GOunbHvIA
.chicagotribune.com/	1970-01-20 19:12:43	Name: _chartbeat2 Value: .1676635904914.1676635904914.1.Btapli68EQywVI-jB7ySRCDYSG8J.1
.chicagotribune.com/	1970-01-20 09:43:57	Name: _cb_svref Value: null
tribune.blueconic.net/	1970-01-20 09:54:00	Name: AWSALBCORS Value: QIe6CYNK4E/umPx39y43o6IVUe8Rt/i0bwOAkKn8+GoibrWoPro5CEdPacH3b2F/VVkfowOPtNr0zaoVjH9KqdhhRk2s6GuafzcuQs0CMF+zJ5hJPwx/QU0WGaXH
.postrelease.com/	1970-01-20 18:29:31	Name: opt_out Value: 1
www.chicagotribune.com/	1969-12-31 23:59:59	Name: ntvSession Value: {"id":2382351,"placementID":1109740,"lastInteraction":1676635905269,"sessionStart":1676635905269,"sessionEndDate":1676678400000,"experiment":""}
.www.chicagotribune.com/	1970-01-20 09:43:57	Name: sophiTagses.7165 Value: *
.chicagotribune.com/	1970-01-20 09:43:57	Name: _ml_ses Value: *
.chicagotribune.com/	1970-01-20 19:19:55	Name: _matheriSegs Value: MATHER_U9_FIRSTTIMEMET2_20191016
.chicagotribune.com/	1970-01-20 19:19:55	Name: _matherSegments Value: MATHER_U9_FIRSTTIMEMET2_20191016
.chicagotribune.com/	1970-01-20 19:12:43	Name: _awl Value: 2.1676635905.5-2e6631ac6acc281fab6ae7808b51632e-6763652d6575726f70652d7765737431-0
zephr.chicagotribune.com/	1970-01-20 13:05:31	Name: blaize_session Value: 52f102ca-c130-4427-bb42-d3568aba3b42
zephr.chicagotribune.com/	1970-01-20 19:19:55	Name: blaize_tracking_id Value: 40b44f6d-d557-4057-a63b-217b6bab2226
www.chicagotribune.com/	1969-12-31 23:59:59	Name: BCSessionID Value: 51be0617-90df-436a-93f8-a1af9ed454ab
.www.chicagotribune.com/	1970-01-20 19:19:55	Name: sophiTagid.7165 Value: 4fd38c7d-6970-416a-b493-92513c4b6643.1676635905.1.1676635906.1676635905.8bd32865-7a1a-4f7e-ae11-b2b6cd2df13e
.chicagotribune.com/	1970-01-20 14:03:07	Name: c_mId Value:
.chicagotribune.com/	1970-01-20 14:03:07	Name: c_PUID Value:
zephr.chicagotribune.com/	1970-01-20 09:54:00	Name: AWSALB Value: R2fnNj9CseMT3cZHxwPlqOc3AMCTRyb4C9owqSkPqfeNQJA33ImpE8gdg6c3vlhaCxZDjv3zOcI433SV4yOURXTqhd88iGf5twGVZs1qP6EjopVDVd9pR9k/Q4nF
zephr.chicagotribune.com/	1970-01-20 09:54:00	Name: AWSALBCORS Value: R2fnNj9CseMT3cZHxwPlqOc3AMCTRyb4C9owqSkPqfeNQJA33ImpE8gdg6c3vlhaCxZDjv3zOcI433SV4yOURXTqhd88iGf5twGVZs1qP6EjopVDVd9pR9k/Q4nF
.chicagotribune.com/	1970-01-20 19:19:55	Name: _ml_id Value: 76cb3e9b77f80344.1676635905.1.1676635906.1676635905
r610.chicagotribune.com/	1970-01-20 09:54:00	Name: AWSALB Value: weZRV2OH5F9663Bgrw10vBKyBvJ/XcHKTptEw5IpQGJNoOwMvOnRTC6oF/SgGMzcSvckcpeuY9/ekeJjb80msSZmugGeBRClYrrIqdkjYRkZC6csOowszQ5czuMp
r610.chicagotribune.com/	1970-01-20 09:54:00	Name: AWSALBCORS Value: weZRV2OH5F9663Bgrw10vBKyBvJ/XcHKTptEw5IpQGJNoOwMvOnRTC6oF/SgGMzcSvckcpeuY9/ekeJjb80msSZmugGeBRClYrrIqdkjYRkZC6csOowszQ5czuMp
.www.chicagotribune.com/	1970-01-20 09:54:00	Name: RT Value: "z=1&dm=www.chicagotribune.com&si=334b45d4-d32d-4c82-b718-c26e9bad7dad&ss=le8hq67r&sl=1&tt=31b&rl=1&ld=31d"
.doubleclick.net/	1970-01-20 09:43:56	Name: test_cookie Value: CheckForPermission

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.zephr.com
authenticate.chicagotribune.com
c.amazon-adsystem.com
c.go-mpulse.net
cdn.confiant-integrations.net
cdn.jwplayer.com
cdn.onesignal.com
cdn.parsely.com
cdn.sophi.io
cdn.taboola.com
cmp.osano.com
collector2.sophi.io
dynpaywall-api-chicagotribune.ml.sophi.io
fonts.googleapis.com
fonts.gstatic.com
geo.privacymanager.io
googleads.g.doubleclick.net
jadserve.postrelease.com
js.matheranalytics.com
launchpad-wrapper.privacymanager.io
launchpad.privacymanager.io
mab.chartbeat.com
news.google.com
onesignal.com
p1.parsely.com
ping.chartbeat.net
pixel.sitescout.com
play.google.com
player-files.remixd.com
polyfill.io
pubcast-files.remixd.com
r610.chicagotribune.com
s.go-mpulse.net
s.ntv.io
sb.scorecardresearch.com
smoggysnakes.com
ssor.tribdss.com
static.adsafeprotected.com
static.chartbeat.com
tags.remixd.com
tribune-chicagotribune.zeustechnology.com
tribune.blueconic.net
www.chicagotribune.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.i.matheranalytics.com
www.tribdss.com
zephr.chicagotribune.com
104.80.241.191
107.178.250.234
13.227.217.72
13.227.219.100
13.227.219.103
13.227.219.117
151.101.1.44
23.35.229.64
2600:1901:0:d733::1
2600:9000:21c7:7000:18:1fcd:351:7bc1
2600:9000:2204:a000:8:48e:53c0:93a1
2600:9000:2204:a600:1:a3fa:7cc0:93a1
2600:9000:2204:c200:3:b7e:8940:93a1
2606:4700:4400::6812:220a
2606:4700::6812:d63b
2a00:1450:4001:809::200e
2a00:1450:4001:811::2002
2a00:1450:4001:813::2003
2a00:1450:4001:827::2003
2a00:1450:4001:828::200a
2a00:1450:4001:829::2008
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2004
2a00:1450:4001:831::200e
2a02:26f0:3500:586::11a6
2a02:26f0:3500:991::11a6
2a02:26f0:480:f::213:7edd
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:200::714
2a04:4e42:e00::282
3.212.58.10
34.235.180.68
34.253.85.210
35.166.171.190
35.190.38.143
52.222.136.4
52.222.139.109
52.222.139.110
52.222.139.18
52.222.139.30
52.222.139.54
52.222.139.61
52.222.139.90
52.222.139.91
52.223.1.76
54.205.212.62
63.34.81.234
98.98.134.241
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07dd3316f05538dbfd0c246b283c79ef4ca4a89d496ea2d788b327bbe5382790
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
094ae6dea260f5e1a536accf60d074d75f0e74c6fdc615a601614fba2c463407
096a0419a3787b284e7105edeebc7cf4915cb9549f3b433258f65483acc24510
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0a0f424ca6d673141f840c622be3e808880680e08699650dd8a0f2fdfac0a69e
0ea92c04c03d7da0e4608664dfb06b8bcf85ac91e2f58a8b984620247f447cca
1b28bda3bee08c51cf79bc36c6292f62bdf7f67038d397f1c2616641dba2cf95
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1d4a78769df11981630c482bfe090ec752e4a7401e15e79abd8d351f6e034903
1e15b61e1a5597f67b6c9cff40991726d8534373967b36098c0b46ff3176e269
20d36b1439759089674dc4d2a6bc17436719a75911b63398b54772458dc709c2
21c611f1b97656362b0414431388a23564cb2d275135f31e98ddafe5ed356bba
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2872b47ffdf8c76279849acd7c50ae56c7ff365df10b92ed0707f4c758577e42
2ec828e9594b78b2e2fdf2a2242f095e84677a2dfc662e6c7a15c61c18cb791d
2f05669a6893e6bdf7171b1e46486771d706e05d311017054b796c9c7320589c
31c6dd01105a9582c1d84661f0b87b3220b6c456738004b5f43617d3d3595735
325d867a377ec35a24fe5576a3889c8eab2fc01db1a372b9252f3872e991c22a
3298bdfdcf3cc6b8bac3088bb71036c0be9eba411cff6c6902b1d53e63124adc
32e8506d2f282e7132820c2c989104e013938da8c2214f6442eaec6945918211
3364084daa7d5e1d3001479ffdc24024939f8e5735ca298568801a7ad8b4042a
337287fc5427369dced36028a2d0959f06d434b030c4c3f0b88223b648300425
34ec1683d2642299e982025227fedb587004b36ef9d3abcf47999e7f62a8afff
36761ae7fc6f0c2cf778ad23350764caa99747ec3c34f0b17885f441f0ea5eac
37f8ab8769785287d8b890ba001c44d93c98ec851e4abe769e8a5e243bbe1f0b
385b775f1349e9d369a6c6f63a0aafc11c22515ca8c97f2303038a2c6cdaf858
38dd7e0a40699e0c50c805b874fdbd366cff8d78b270ba915fbd10039189389c
3b0e937ff3f7459bea57ba083c275c61a19175e34f8f7060b92490a72501b601
3c3af293c92bffe2f5f6f31753be6de274bf677ee5c4de05428cf394d63d4941
3decb093837ea2f97085aae5420207c69b6c7ff11df4acc6e7736c2f0ec9eaa1
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4272282ad7fed99cf21178d7f48758985ce550be0d20169fa4f5ef7d397511ee
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4429462b2374dfd8d837655d998c6e810ad666e1dff34cce0ba81ad61b712857
476d60955514d59fff612bff247149d6c3d8040247ec574886143d08163e1717
4871239c73a05d562e4bf0cc0f8f46410efe7311b303f57f2177ea101a06bb16
4de3df3f8c41b969312c7f8fb0ec105ca4ceebfeff99e9c4c6552f017c8aeb2e
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
50e8c4230c7e89f0c13f61764380d2bee0188723f5be2feafd10578a427b9e2a
51ae82135498270faf7037bc1034285965dcde3c43476a24ac83ab3d14322522
52519e8c754d4fd14b9ea19ff3f3e758ad1978858827881984e7da06a285ef97
543976c18570337471016b449898439413c195c7108f7b8496ab9346779ec183
55033882e1bc61cac58471a0ce5372606abd57a9663921dbd6f9a4a926c601b0
564c0da4e58950dfa166596840e39d3f744f562a3fb48cfaab0afec82bb7e0a0
5941bbcfc82fe73f86b9ae9564a319e9b39ece69f05473f767b85df011a208d7
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5da042d5812f163384470df8b5fbca46e8364922c47407a8dbdcf114066fc6ab
5e0dc16d8168bc4b0a05db26d6c96e650f643890ce0bf9fd9da3de2f28ec8653
601d52067791cdb3d53ab7091b146b91eb96cae34a84af3d6d2bd7a439ca50e9
651e4c67987352f2207738a0129ec64badb8b6900c4095638121314ca72f85fa
65b72c57b7d3e026f367272cac181935f22cf55a317943e7a7458cb122c840a2
6613009940c32f6e3032a2ef430d34037d17904c9beac02478443798784faa98
690ccd1d5147450547924d553c47ba22f8d9c3fc79c5357e5e51df1f709cca1e
6b62fbae13ddee886f032e707ca3a210b1cc5df2f2e58936ca9e28ba34843459
75e658b80c8d440849fcb3dd4462b319b289f8de2fec0972b45fc88e3ec73d61
7600fa2b0527c3af95aef6b2a6a333ab08c3c384f2fcfa804bcb2b6083728cbb
78d1da3f40e7c23e1081642bcb223e2377329db8c07d2ca7a2ca51713cb4dd3d
7b307f2ce73aec07bfa1ab1d6462f491de0497c8819b1d6fed66eda9638a3530
7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80
7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e
7df4604e95a6fbc974177a6c9f31837936cc25af533ea23e1f10340605cb48a9
7f5d73c848836745a93ff7aa540a8f83f9899e3668628f42e9ba0cc6ef5e0b32
81f83a9290ea76b08222294b7d5b43285ee9070834f43ae9540e40659beee898
8519df10b3f0f4815490db3440298a19885f4c46ad1f0938684620189f9402b2
87eecb67faf2ab19e08c7f364ddef4c22a194a29ed08a7aeab1250d763ee44aa
8a02e802a6fb6a9655581ad42a0f370e004ff0c8a8d45cc5e69561ee688a583d
8b992185e4480c6985018878a97c716fb566d4438398fe60aba7a9e1d9c06059
8fc4c656fb606d73535160204c5fcb9786950480c185715d4cb677e04687a334
90b3d8efe63c7b8a88c60ae115cf2c86d601716f218eb95c60fc4dc24306c1c0
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
91bcc65a1a6bb4755e48576889ae27c2f620e49d126b8127dd16c1a99945b9d5
9310e1bf6431294af16179c9016c9b31197466b9c8ee75ece88bc8c6bc350046
93ae480b2cdbbc7d8d8c80d2530aa781163b554ce0e22e3ac2de1602afd11dcd
94dba5e97bd9780046fc76db034ae0132c04cdf51858c680ef043f841ee3a468
9512d2de91fd27231a5efa08114917ca1bd054801f828b81d55f7a4b5f06b108
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
95fba5f7215712323c9a396538d17c926b55312f29d4cff73632be46777b7d5d
96ccf982c4d6f90c3a1a86ec1115c794b8aff5c09cacfb0c54357946abd0a3a8
9729f3eab64671484b7dc72a11b62aa1f6f7841711fa84c318e01007dd03e6c2
9ff4bae221a902760c0269d72a02a8e7abdb54597f9a1872a4212f4a5a463ed5
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a48b96eb4dbabdf7d10b4a7667062cd55b7c1f9aab381f05c916798ec4308f68
a4cf7a559cce212513f2cb3038a080a32d9569a3cf6cbc61fac2b5c3284661da
a50890901413f8305291efe7442cc60cc3bc1670dd2fb6803cb6911ca84fad42
a8ea67c66091ec4466f92d7e517962991740adc74eec3372fd3cacb5c29b6339
aa6cf513c805631e3da776e4d88fd82a42b30612ce0255eedec83f4d145a9b37
ae6e48bc99a2e998864756249b80e38d14cef42251698256ed8d100a462e3f3f
b17dc2723c37186da43d192c89d7bc4bcf028b0e830de63d0e34eb29d00baa51
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
b3565ea346e63fda91cc67ba8fc11e95b7482d5873a4f4c6a47c4185b772d9a1
b59e31aeaca17f052e5e16fa1713cb48d45997454c26ae2876302420b77751c2
b600a81372fe3e21c17ef95dfd6b1f54e7aa28b49a0bbc5652c32eee42a2b535
b74868aa7a67fe02d92ade2e51c6be9cd1d01c26ddb848038c13835e1ffc1749
b89b22e5c3cc0c708be24eba7fcc4d440655f10951ad318c637dbdd23cc60733
bc96ea6e178463aae045454a8bb583cb8678f20c922a20723bbcdb0b0f242816
bca665b4bd3a5790e2c867b20d429b9edd56002dfe9ee5c5818942d3cd265d86
c2789481eb03ebaaac567af091a3f7a9032d8387bab5062279694821d7c1aacc
c429b056c18833dd3d7fe28ab8ba904526ad1375398ffac0a0e4f2d278e1ac43
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c922ba035a2a327aea9b9af252fb362f2383466127a648e241a01831e6b51002
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd2ad425b7a57c33cfab9c368c24eafd08a4176b4e540480f742e287889f56bb
cd9216308f7433d319f912cfc029861f0176f0d0af13c57338d291f757fb01de
cdfc386cb96ae30a9a30918bec2434a76440793c217beaa72eb30d43c54b5a28
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dc048c09a8d760da2274f28563f1733f0b12d668122d570226c35870cc939d07
dfa66de804b031ce3c106266dd95c798cad21e9bbb11986ef7a3e89ce30ec505
e032575ce4b515c457c0cf6c2dc05a33265351dfc72365e353669418cfc047d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b9d318b3157ccbfc3bb00e82a446613294f9a592c01537662386bd848882b7
e49b3edc160949dc79c29c49e60491ea6aba323a077c42e31d39cdf03c23c6cc
ed6b237b687782c7d85630dec9239d26965f826b0b1a64d2817b4dec65db486a
ee9f78cbc7a4ab43cbf92257875500fe4a97c940ca581996699f0749a5ca3584
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f6487e04faf01177ca123beb1fa1c5683887295609275f1a5badafae5ec7cf
f2111f9442898f8a4588f57de8f9d742b7e756f4c810e2093a95c063d647e940
f486dcad1402002af6f9fee8cbe1f301710b828ea0740abfe8672137ef6e02f8
f4ef4343eb9d80c40ce3e2b626ba4327a71e63fee3f8c646f8eb67aa969efeb9
fcac0e1a4f11bbf64e60b1305ef1b935ff5c41e49d150c42ca8d8d6464dc240f
fe16b8b65e1375dd2292a34597e3e88bf3c5e55fb0a9d2adb9b33a5314409a65

www.chicagotribune.com Open in urlscan Pro 2a02:26f0:480:f::213:7edd Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

160 Requests

96 %HTTPS

46 %IPv6

34 Domains

52 Subdomains

49 IPs

3 Countries

3280 kBTransfer

10174 kBSize

29 Cookies

57 Outgoing links

Redirected requests

160 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.chicagotribune.com Open in urlscan Pro
2a02:26f0:480:f::213:7edd Public Scan

Screenshot
Live screenshot

Full Image

160
Requests

96 %
HTTPS

46 %
IPv6

34
Domains

52
Subdomains

49
IPs

3
Countries

3280 kB
Transfer

10174 kB
Size

29
Cookies

160 HTTP transactions
0 data transactions