www.spafinder.com Open in urlscan Pro
35.238.100.44 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://spafinder.com/
Effective URL:
https://www.spafinder.com/
Submission: On February 14 via manual (February 14th 2024, 8:22:26 pm UTC) from US — Scanned from DE

Summary HTTP 102 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 20 IPs in 3 countries across 10 domains to perform 102 HTTP transactions. The main IP is 35.238.100.44, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.spafinder.com.
TLS certificate: Issued by R3 on February 2nd 2024. Valid for: 3 months.

This is the only time www.spafinder.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 59	35.238.100.44 35.238.100.44	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	2600:9000:235... 2600:9000:235a:5400:8:c5db:8400:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	151.101.1.195 151.101.1.195	54113 (FASTLY) (FASTLY)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1f::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
4	2600:9000:264... 2600:9000:2646:4c00:13:2dad:97c0:93a1	16509 (AMAZON-02) (AMAZON-02)
102	20

59 35.238.100.44 (Council Bluffs, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 44.100.238.35.bc.googleusercontent.com

spafinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.spafinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:235a:5400:8:c5db:8400:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.spafinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

recaptcha.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebase.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firestore.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebaseinstallations.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.195 (United States)

ASN54113 (FASTLY, US)

geoip.spafinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1f::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2646:4c00:13:2dad:97c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

resizer.spafinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
72	spafinder.com 2 redirects spafinder.com — Cisco Umbrella Rank: 987095 www.spafinder.com assets.spafinder.com gtm.spafinder.com Failed geoip.spafinder.com resizer.spafinder.com	1 MB
9	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 48 firebase.googleapis.com — Cisco Umbrella Rank: 4158 firestore.googleapis.com — Cisco Umbrella Rank: 1961 firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 544	3 KB
7	gstatic.com www.gstatic.com fonts.gstatic.com	475 KB
3	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 113 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 213	137 KB
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2400 www.google.com — Cisco Umbrella Rank: 2	8 KB
3	recaptcha.net recaptcha.net — Cisco Umbrella Rank: 1244	30 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 257	464 KB
1	google.de www.google.de — Cisco Umbrella Rank: 5654	408 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 317	29 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 52	97 KB
102	10

	Domain	Requested by
57	www.spafinder.com	www.spafinder.com
7	assets.spafinder.com	www.spafinder.com
4	resizer.spafinder.com	www.spafinder.com
4	www.gstatic.com	recaptcha.net www.gstatic.com
3	fonts.gstatic.com	recaptcha.net www.spafinder.com
3	firestore.googleapis.com	www.spafinder.com
3	recaptcha.net	www.spafinder.com www.gstatic.com recaptcha.net
3	cdnjs.cloudflare.com	www.spafinder.com cdnjs.cloudflare.com
2	securepubads.g.doubleclick.net	www.googletagservices.com
2	region1.analytics.google.com	www.googletagmanager.com
2	geoip.spafinder.com	www.spafinder.com
2	firebaseinstallations.googleapis.com	www.spafinder.com
2	firebase.googleapis.com	www.spafinder.com
2	fonts.googleapis.com	www.spafinder.com
2	spafinder.com	2 redirects
1	www.google.com	www.gstatic.com
1	www.google.de	www.spafinder.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	www.googletagservices.com	www.spafinder.com
1	www.googletagmanager.com	www.spafinder.com
0	gtm.spafinder.com Failed	www.spafinder.com
102	21

This site contains links to these domains. Also see Links.

Domain
spafinder-partner.blackhawknetwork.com
blackhawknetwork.com
maps.google.com

Subject Issuer	Validity	Valid
spafinder.com R3	`2024-02-02` - `2024-05-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
misc.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
edgecert.googleapis.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
cloudcrumbly.io GTS CA 1D4	`2023-12-25` - `2024-03-24`	3 months	crt.sh
www.google.de GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.spafinder.com/
Frame ID: 104FB1961C5218203B1F16EEB598B6A3
Requests: 91 HTTP requests in this frame

Frame: https://recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LeU9rwUAAAAAIw7GYHbl623LN6NRsnZNfggJAKi&co=aHR0cHM6Ly93d3cuc3BhZmluZGVyLmNvbTo0NDM.&hl=de&v=yiNW3R9jkyLVP5-EEZLDzUtA&size=invisible&cb=4w8smetdo40o
Frame ID: 15C49AE76FA2FE732FC1C1428580EFD0
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Discover Spas Near You with the Spafinder Wellness Gift Card

Page URL History Show full URLs

http://spafinder.com/ HTTP 308
https://spafinder.com/ HTTP 301
https://www.spafinder.com/ Page URL

Detected technologies

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

102
Requests

99 %
HTTPS

89 %
IPv6

10
Domains

21
Subdomains

20
IPs

3
Countries

2604 kB
Transfer

7507 kB
Size

3
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://spafinder-partner.blackhawknetwork.com/spafinder.com/public/login
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://blackhawknetwork.com/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://maps.google.com/?layer=t&saddr=Frankfurt%20am%20Main+DE&daddr=14651%20Chelonia%20Parkway+Orlando+FL+32821
Title: Orlando , Florida

Search URL Search Domain Scan URL

URL: https://maps.google.com/?layer=t&saddr=Frankfurt%20am%20Main+DE&daddr=13500%20FM2769+Austin+TX+78726
Title: Austin , Texas

Search URL Search Domain Scan URL

URL: https://maps.google.com/?layer=t&saddr=Frankfurt%20am%20Main+DE&daddr=6700%20North%20Gaylord%20Rockies%20Boulevard+Aurora+CO+80019
Title: (5031.2 Miles)

Search URL Search Domain Scan URL

URL: https://maps.google.com/?layer=t&saddr=Frankfurt%20am%20Main+DE&daddr=55%20Lee%20Road+Lenox+MA+01240
Title: (3753.3 Miles)

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://spafinder.com/ HTTP 308
https://spafinder.com/ HTTP 301
https://www.spafinder.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

102 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.spafinder.com/
Redirect Chain

http://spafinder.com/
https://spafinder.com/
https://www.spafinder.com/

5 KB
3 KB

174ms
160ms

Document
text/html

35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

6d6c1c70e35bfe2f69a04318ff42dbc6bc732964341ce7070673504fc0955f61

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0 1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 1415
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
content-type: text/html; charset=utf-8
date: Wed, 14 Feb 2024 20:22:16 GMT
etag: "5d404a264c7fa16fc90f758e0be1b2daa02cfb379c15b80953e3332b6ad76ed0-br"
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
referrer-policy: same-origin
strict-transport-security: max-age=15724800; includeSubDomains
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
x-cache-hits: 1
x-content-type: nosniff
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
x-permitted-cross-domain-policies: master-only
x-served-by: cache-chi-kigq8000036-CHI
x-timer: S1707942137.568323,VS0,VE1
x-xss-protection: 0 1; mode=block

Redirect headers

content-length: 162
content-type: text/html
date: Wed, 14 Feb 2024 20:22:16 GMT
location: https://www.spafinder.com/
strict-transport-security: max-age=15724800; includeSubDomains
x-frontend: wordpress-spafinder-6f8f574c7-4grhb

GET
H2 200 MuseoSans-100.woff2
assets.spafinder.com/fonts/ 20 KB
21 KB 64ms
14ms Font
application/octet-stream 2600:9000:235a:5400:8:c5db:8400:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.spafinder.com/fonts/MuseoSans-100.woff2
Requested by: Host: www.spafinder.com
URL: https://www.spafinder.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:5400:8:c5db:8400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 82f1eae9cfc69f5c3901902a3b55ecc595eb0b1e8c5dee2222c01374ce87b1ed

Request headers

Referer
Origin: https://www.spafinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 10 Feb 2024 05:33:32 GMT
via: 1.1 abf16b943a9b4039b87ccdb094d9303e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 398925
x-cache: Hit from cloudfront
content-length: 20536
last-modified: Thu, 27 Sep 2018 16:05:22 GMT
server: AmazonS3
etag: "debce4bc04237cb1deab667dd511594a"
access-control-max-age: 3000
access-control-allow-methods: PUT, POST, DELETE, GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
vary: Origin
accept-ranges: bytes
x-amz-cf-id: _GV0QAkSB3O3ivYh9-nUjzTm9XhwcaQc5acY5U1zR7NC1-BSDa47dQ==

GET
H2 200 MuseoSans-300.woff2
assets.spafinder.com/fonts/ 17 KB
18 KB 68ms
19ms Font
application/octet-stream 2600:9000:235a:5400:8:c5db:8400:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.spafinder.com/fonts/MuseoSans-300.woff2
Requested by: Host: www.spafinder.com
URL: https://www.spafinder.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:5400:8:c5db:8400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 85c2761557d3602f2b7cfb72f1a65de17f3114aee7e3bfa9893c6d654522e4a3

Request headers

Referer
Origin: https://www.spafinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 10 Feb 2024 05:33:32 GMT
via: 1.1 abf16b943a9b4039b87ccdb094d9303e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 398925
x-cache: Hit from cloudfront
content-length: 17852
last-modified: Thu, 27 Sep 2018 16:05:23 GMT
server: AmazonS3
etag: "7bceb68f1a332432c0378ea0a6848a5c"
access-control-max-age: 3000
access-control-allow-methods: PUT, POST, DELETE, GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
vary: Origin
accept-ranges: bytes
x-amz-cf-id: Ub5j6Nzvd22wBd_3pJrH87NlArEku5gDOK3_2SerABZk7z7RvnffSA==

GET
H2 200 MuseoSans-500.woff2
assets.spafinder.com/fonts/ 18 KB
18 KB 62ms
13ms Font
application/octet-stream 2600:9000:235a:5400:8:c5db:8400:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.spafinder.com/fonts/MuseoSans-500.woff2
Requested by: Host: www.spafinder.com
URL: https://www.spafinder.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:5400:8:c5db:8400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ff6f0a5143d6e6285b150295b5d9bc5b485a0399319776d2154de0ae0b28768a

Request headers

Referer
Origin: https://www.spafinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 10 Feb 2024 05:33:32 GMT
via: 1.1 abf16b943a9b4039b87ccdb094d9303e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 398925
x-cache: Hit from cloudfront
content-length: 17940
last-modified: Thu, 27 Sep 2018 16:05:24 GMT
server: AmazonS3
etag: "fdf19002a3e66461191adb4759c9d471"
access-control-max-age: 3000
access-control-allow-methods: PUT, POST, DELETE, GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
vary: Origin
accept-ranges: bytes
x-amz-cf-id: eM7vIHQ2j4HWmfc1IUAxm5MCDzPl_MvMKZbWu0Xo31DEGH2xHE3Hog==

GET
H2 200 MuseoSans-700.woff2
assets.spafinder.com/fonts/ 18 KB
18 KB 63ms
14ms Font
application/octet-stream 2600:9000:235a:5400:8:c5db:8400:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.spafinder.com/fonts/MuseoSans-700.woff2
Requested by: Host: www.spafinder.com
URL: https://www.spafinder.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:5400:8:c5db:8400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3c2885574185694a5d1ecbebe7e0c026284a2dfbf29c91a942305ab2c2d07b9b

Request headers

Referer
Origin: https://www.spafinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 10 Feb 2024 05:33:32 GMT
via: 1.1 abf16b943a9b4039b87ccdb094d9303e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 398925
x-cache: Hit from cloudfront
content-length: 18188
last-modified: Thu, 27 Sep 2018 16:05:24 GMT
server: AmazonS3
etag: "2d9b5a927e1f759928ef0f546a3b7287"
access-control-max-age: 3000
access-control-allow-methods: PUT, POST, DELETE, GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
vary: Origin
accept-ranges: bytes
x-amz-cf-id: 6h2wf15UaiIMWYcfm0KIditv2I_1KqNOGV_MoP1otWhk9ag6ExXpqg==

GET
H2 200 MuseoSans-900.woff2
assets.spafinder.com/fonts/ 17 KB
18 KB 69ms
20ms Font
application/octet-stream 2600:9000:235a:5400:8:c5db:8400:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.spafinder.com/fonts/MuseoSans-900.woff2
Requested by: Host: www.spafinder.com
URL: https://www.spafinder.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:5400:8:c5db:8400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 004d78f344f196c17544bda557c19b6adb3334d484579c66466bfafb91eca4bc

Request headers

Referer
Origin: https://www.spafinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 10 Feb 2024 05:33:32 GMT
via: 1.1 abf16b943a9b4039b87ccdb094d9303e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 398925
x-cache: Hit from cloudfront
content-length: 17600
last-modified: Thu, 27 Sep 2018 16:05:25 GMT
server: AmazonS3
etag: "f2555a127ee54ad20d7829bb5f76eb39"
access-control-max-age: 3000
access-control-allow-methods: PUT, POST, DELETE, GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
vary: Origin
accept-ranges: bytes
x-amz-cf-id: Q6SvAjXeouWfhxItmx_IpF1GSJWuzxJHNZuDCyvdcQrFnHW1qzFRgQ==

GET
H2 200 materialdesignicons.min.css
cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.1.96/css/ 326 KB
40 KB 57ms
41ms Font
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.1.96/css/materialdesignicons.min.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

446611327adb01390eb1937a404e9bf6ce05541af688a5c609cedc9abf39e72d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.spafinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 6613601
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 41017
last-modified: Mon, 12 Dec 2022 03:38:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6396a22c-a039"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rGCwEueeZpIT%2BDOgH95ro1o8Asc9hnW8ypywUTaQuJRYhFmdH3zL7MeTCsCZXowl7ezXZRqU%2BZEOk0Tca754ipgCf0zOXLAMJBleaO65ymNtYxd0Wrp10z%2Fxm4Et9xM173hNGb%2B4Uu5KLk3AhySxO1F5"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 855805b21e535d91-FRA
expires: Mon, 03 Feb 2025 20:22:16 GMT

GET
H2 200 materialdesignicons.min.css
cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.1.96/css/ 326 KB
41 KB 50ms
34ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.1.96/css/materialdesignicons.min.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

446611327adb01390eb1937a404e9bf6ce05541af688a5c609cedc9abf39e72d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.spafinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 6613601
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 41017
last-modified: Mon, 12 Dec 2022 03:38:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6396a22c-a039"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NtRJNuvaLJfCb0Mbs9gTy73Krq6Eu7rdfg3t3DXCtjgeXcMIPbaPu11eIxXgnEXhlUClNwbrMHbSAFmmii3RopxdZkBB3aDSJaDgPy3SexPO0ttxRC1sx8k%2BaOk%2FSs8rPNe3wYooqX2GgDQ6GuaE6Esi"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 855805b21e515d91-FRA
expires: Mon, 03 Feb 2025 20:22:16 GMT

GET
H2 200 chunk-vendors.5f22a22b.js Show response
www.spafinder.com/js/ 2 MB
487 KB 271ms
270ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

bc97d9a685547f22d7342dae4c5284294f995638664e4c73cc9f8f9199663fd8

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

Referer: https://www.spafinder.com/
Origin: https://www.spafinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:16 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 496010
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000101-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942137.731772,VS0,VE3
etag: "7a287a8a37bbfc90c7d17ec82aa7009d1fed7f6111c604e9cec4fc12efdc9852-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 app.9612d004.js Show response
www.spafinder.com/js/ 239 KB
53 KB 159ms
158ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/app.9612d004.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

400e29bd646725b5792c525bbe10943cfdbf083f09b74ce9a081323e7c0b35d3

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

Referer: https://www.spafinder.com/
Origin: https://www.spafinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:16 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 52897
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000179-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942137.731709,VS0,VE0
etag: "8f04adb0a9f83d8e9cdb11d4cf711eb97ae6a5131571b54b7f054dd51d728f19-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 14

GET
H2 200 chunk-vendors.855512a3.css
www.spafinder.com/css/ 581 KB
43 KB 381ms
381ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/chunk-vendors.855512a3.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

66419982f08cebf9465197450d4540bb430de18d2acfa8d5072736bc4b2f32ff

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:16 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 42720
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000040-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942137.735805,VS0,VE0
etag: "c5521c61e96eb4e778e72199c1318022ad3d58c7573cb7579285735bc501293d-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 6

GET
H2 200 app.ac4e83a5.css
www.spafinder.com/css/ 22 KB
4 KB 159ms
158ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/app.ac4e83a5.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

de2b17234d36b7c16726285e8b9ef05520322bb67d6d13facc159b64bd393308

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:16 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3212
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000055-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942137.731828,VS0,VE0
etag: "0cc5fca9f4da38e5c5308cc09c66ce60f334732d3a737499cae92362ab55a7e3-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 6

GET gtm.js
gtm.spafinder.com/ 0
0

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 167ms
59ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Rubik&display=swap

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/css/app.ac4e83a5.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fd513144e52815d174036a26248bf25241d3ca747613150eecd39a8af68c539c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Feb 2024 20:22:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 14 Feb 2024 20:14:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Feb 2024 20:22:16 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
642 B 168ms
60ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway&display=swap

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/css/app.ac4e83a5.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

950198ebab430cd15def82c2f484072f6bbed93759f7d7cd1ef6ec333bd6f881

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Feb 2024 20:22:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 14 Feb 2024 18:25:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Feb 2024 20:22:16 GMT

GET
H2 200 api.js Show response
recaptcha.net/recaptcha/ 1 KB
1 KB 184ms
62ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://recaptcha.net/recaptcha/api.js?render=explicit

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

627e6c7b41a6e14ca3e2237604f860faf12a088ce3e47d2088ccd356160bf1ea

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Wed, 14 Feb 2024 20:22:18 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/ 492 KB
197 KB 160ms
51ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__de.js

Requested by

Host: recaptcha.net
URL: https://recaptcha.net/recaptcha/api.js?render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f73b574d1f2ea3ca1551ec864077fa60535b48e64a20f39930d5bab098181f6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.spafinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127957
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 201084
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 03:00:37 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Feb 2025 08:49:41 GMT

GET
H2 200 webConfig Show response
firebase.googleapis.com/v1alpha/projects/-/apps/1:198780097623:web:9512c14c026ebc8e88bf12/ 365 B
427 B 80ms
80ms Fetch
application/json 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebase.googleapis.com/v1alpha/projects/-/apps/1:198780097623:web:9512c14c026ebc8e88bf12/webConfig

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

115485bf87b48a99a160d54a46382bfc82998abb4f24758cd0a374ce90dad0cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept: application/json
Referer
x-goog-api-key: AIzaSyA_wNxm6zWGyZpzDG4TZ_WpNT9F0iWpAY0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.spafinder.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 237
x-xss-protection: 0

OPTIONS
H2 200 webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:198780097623:web:9512c14c026ebc8e88bf12/ Frame 0
0 189ms
66ms Preflight
text/html 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebase.googleapis.com/v1alpha/projects/-/apps/1:198780097623:web:9512c14c026ebc8e88bf12/webConfig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-api-key
Access-Control-Request-Method: GET
Origin: https://www.spafinder.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-headers: x-goog-api-key
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.spafinder.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Wed, 14 Feb 2024 20:22:18 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 channel Show response
firestore.googleapis.com/google.firestore.v1.Firestore/Listen/ 54 B
453 B 290ms
167ms Fetch
text/plain 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firestore.googleapis.com/google.firestore.v1.Firestore/Listen/channel?VER=8&database=projects%2Fuser-profile-prod%2Fdatabases%2F(default)&RID=99723&CVER=22&X-HTTP-Session-Id=gsessionid&zx=jva9idz74aox&t=1

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e53c3f082045e91cb2385ea344ec1bd49e226e467c325b0f80b70f64d581e68a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-client-wire-protocol: h2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
vary: origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.spafinder.com
access-control-expose-headers: x-client-wire-protocol,x-http-session-id
cache-control: private
access-control-allow-credentials: true
x-http-session-id: l9HGZa-tYps-sLuiLD5xGR3Uc7PRqJvUK2YLJ9c2o9I

POST
H2 200 installations Show response
firebaseinstallations.googleapis.com/v1/projects/user-profile-prod/ 623 B
678 B 391ms
391ms Fetch
application/json 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseinstallations.googleapis.com/v1/projects/user-profile-prod/installations

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

53ef83a9602fadd9fd5c0caa0e3eafa4551d2c219a12926263ca5daf90523d23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept: application/json
Referer
x-goog-api-key: AIzaSyA_wNxm6zWGyZpzDG4TZ_WpNT9F0iWpAY0
accept-language: de-DE,de;q=0.9
x-firebase-client: eyJ2ZXJzaW9uIjoyLCJoZWFydGJlYXRzIjpbeyJhZ2VudCI6ImZpcmUtY29yZS8wLjkuMTMgZmlyZS1jb3JlLWVzbTIwMTcvMC45LjEzIGZpcmUtanMvIGZpcmUtZnN0LzMuMTMuMCBmaXJlLWZzdC1lc20yMDE3LzMuMTMuMCBmaXJlLWF1dGgvMC4yMy4yIGZpcmUtYXV0aC1lc20yMDE3LzAuMjMuMiBmaXJlLWpzLWFsbC1hcHAvOS4yMy4wIiwiZGF0ZXMiOlsiMjAyNC0wMi0xNCJdfV19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: application/json

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.spafinder.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 488
x-xss-protection: 0

OPTIONS
H2 200 installations
firebaseinstallations.googleapis.com/v1/projects/user-profile-prod/ Frame 0
0 201ms
66ms Preflight
text/html 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseinstallations.googleapis.com/v1/projects/user-profile-prod/installations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-firebase-client,x-goog-api-key
Access-Control-Request-Method: POST
Origin: https://www.spafinder.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-firebase-client,x-goog-api-key
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.spafinder.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Wed, 14 Feb 2024 20:22:18 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 293 KB
97 KB 181ms
72ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-3Y62RCFT4P

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0bc48bc92bbe20058d9d75c392641a1f167873a02828702d2ca743d480888491

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 98942
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 14 Feb 2024 20:22:18 GMT

GET
H2 200 channel
firestore.googleapis.com/google.firestore.v1.Firestore/Listen/ 33 KB
0 163ms
162ms Fetch
text/plain 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firestore.googleapis.com/google.firestore.v1.Firestore/Listen/channel?gsessionid=l9HGZa-tYps-sLuiLD5xGR3Uc7PRqJvUK2YLJ9c2o9I&VER=8&database=projects%2Fuser-profile-prod%2Fdatabases%2F(default)&RID=rpc&SID=yVzslw5l2vcgssPKcgdcuA&AID=0&CI=0&TYPE=xmlhttp&zx=itgva0prezhc&t=1

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Referer, origin
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.spafinder.com
cache-control: private, max-age=0
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0

GET
H2 200 anchor Show response
recaptcha.net/recaptcha/api2/ Frame 15C4 45 KB
29 KB 76ms
75ms Document
text/html 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LeU9rwUAAAAAIw7GYHbl623LN6NRsnZNfggJAKi&co=aHR0cHM6Ly93d3cuc3BhZmluZGVyLmNvbTo0NDM.&hl=de&v=yiNW3R9jkyLVP5-EEZLDzUtA&size=invisible&cb=4w8smetdo40o

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cdda09c8162d6b883cf6d706fd0588486d2b85a1e688be75be2b631f499968ea

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-nq8E3lHEnbYw3MR33McbwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-nq8E3lHEnbYw3MR33McbwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 14 Feb 2024 20:22:18 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/ Frame 15C4 55 KB
24 KB 156ms
53ms Stylesheet
text/css 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css

Requested by

Host: recaptcha.net
URL: https://recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LeU9rwUAAAAAIw7GYHbl623LN6NRsnZNfggJAKi&co=aHR0cHM6Ly93d3cuc3BhZmluZGVyLmNvbTo0NDM.&hl=de&v=yiNW3R9jkyLVP5-EEZLDzUtA&size=invisible&cb=4w8smetdo40o

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://recaptcha.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 19:02:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 03:00:37 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 13 Feb 2025 19:02:01 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/ Frame 15C4 492 KB
196 KB 176ms
81ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f73b574d1f2ea3ca1551ec864077fa60535b48e64a20f39930d5bab098181f6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://recaptcha.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 127957
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 201084
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 03:00:37 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Feb 2025 08:49:41 GMT

POST
H3 200 channel Show response
firestore.googleapis.com/google.firestore.v1.Firestore/Listen/ 10 B
50 B 166ms
165ms Fetch
text/plain 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firestore.googleapis.com/google.firestore.v1.Firestore/Listen/channel?VER=8&database=projects%2Fuser-profile-prod%2Fdatabases%2F(default)&gsessionid=l9HGZa-tYps-sLuiLD5xGR3Uc7PRqJvUK2YLJ9c2o9I&SID=yVzslw5l2vcgssPKcgdcuA&RID=99724&AID=7&zx=c8qa734m0jxf&t=1

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e77a0ffcd5f5ba04a57df544d7d57728c3aa9f9d8da436e5d6c6794908491b6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.spafinder.com
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30
x-xss-protection: 0

GET
H2 200 home.1edf0e2a.js Show response
www.spafinder.com/js/ 2 KB
2 KB 160ms
159ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/home.1edf0e2a.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

0356ac8e33f80dfeecfa82242e6c27cffbeb63938dbf1b25341122b0717c3aaa

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 735
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000074-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.931670,VS0,VE2
etag: "51332846d78595962cca80f67c1e8cb9cd4da666a47813c3a95b4d7de631165e-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 96 KB
29 KB 200ms
89ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c91bce29aec92827de7907508c2d9aaf9ef512d7d422b0a4e9483acd48f5340

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29075
x-xss-protection: 0
server: cafe
etag: 51 / 19767 / m202402080201 / config-hash: 2196993353288024174
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 14 Feb 2024 20:22:18 GMT

GET
H2 200 notification-modal.29e39207.css
www.spafinder.com/css/ 8 KB
2 KB 161ms
161ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/notification-modal.29e39207.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

632d4b8964faace7186517b457356c3b2c5e9c4bcb3fc0cda0e7f491a616f382

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 589
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000171-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.937760,VS0,VE1
etag: "b3f51a1a9c01702d59426c8e6479a8468f7535f91a7017a9f29f8201326c0152-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 notification-modal.33fa9891.js Show response
www.spafinder.com/js/ 3 KB
2 KB 162ms
162ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/notification-modal.33fa9891.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

f66c50c94cb8ae4793e651b3913d46dd8f769a70403a3fa6dd001f3e06860812

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1117
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000095-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.941080,VS0,VE0
etag: "eb20d629b5b7584650e2c2468c4c932526b77470838caf99e57c00c41c0f8b45-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 4

OPTIONS
H2 204 /
geoip.spafinder.com/ Frame 0
0 273ms
180ms Preflight
text/html 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip.spafinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend / Express

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept: */*
Access-Control-Request-Headers: 1,x-requested-with
Access-Control-Request-Method: GET
Origin: https://www.spafinder.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: 1,x-requested-with
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.spafinder.com
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: private
content-type: text/html
date: Wed, 14 Feb 2024 20:22:19 GMT
function-execution-id: ugjoje708dy7
server: Google Frontend
strict-transport-security: max-age=31556926
vary: Origin, Access-Control-Request-Headers,cookie,need-authorization, x-fh-requested-host, accept-encoding
x-cache: MISS
x-cache-hits: 0
x-cloud-trace-context: 5dc859e96e3ea779cd699e2f93157885
x-country-code: DE
x-powered-by: Express
x-served-by: cache-fra-eddf8230111-FRA
x-timer: S1707942139.982107,VS0,VE143

GET
H2 200 progress-bar.e5f441da.js Show response
www.spafinder.com/js/ 1 KB
2 KB 160ms
160ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/progress-bar.e5f441da.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

4fba6f541fa2301d3b110655564f78d68c44e93b639d360bf9ebe2c71cc32609

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 671
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000043-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.937467,VS0,VE0
etag: "0f326d8a05355fa05ef02df8755127c658c6f2f604b24b044d49e5cceafe0472-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 5

GET
H2 200 header.f12d9e22.css
www.spafinder.com/css/ 172 B
1 KB 157ms
157ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/header.f12d9e22.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

2521afbd7811be858d4ba59ec031f27c58ca9f258163aee3438a99933e94b0db

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 98
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000134-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.943144,VS0,VE0
etag: "6bd14ef10dc78541b7fbbf2730c15e66845bdea3baaeb406f0e0f5e07f1a21c0-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 6

GET
H2 200 header.964e6bf2.js Show response
www.spafinder.com/js/ 2 KB
2 KB 162ms
162ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/header.964e6bf2.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

e2ad5b7b0c887a7bbdb10acaa4c59669fa74866d42835642f8fb404b9a4a9090

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:18 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 920
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000033-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.947370,VS0,VE0
etag: "199b11fcbff0b7ded9bdd4f278859c8b3a46e6be50159a47fc3298c6abc7e133-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 3

GET
H2 200 / Show response
geoip.spafinder.com/ 264 B
433 B 392ms
392ms XHR
application/json 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip.spafinder.com/

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend / Express

Resource Hash

211b5e8cc76f1589bcb8950b40858c4d5a56d738296c63d22fe57e955fd1de81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

1: 1
Accept: application/json, text/plain, */*
Referer
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: gzip
date: Wed, 14 Feb 2024 20:22:19 GMT
x-powered-by: Express
x-cache: MISS
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-served-by: cache-fra-eddf8230111-FRA
server: Google Frontend
x-timer: S1707942139.133119,VS0,VE384
etag: W/"108-ddZGu35nvct2w4UlE9e15Feieo4"
vary: Origin,cookie,need-authorization, x-fh-requested-host, accept-encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.spafinder.com
x-cloud-trace-context: 9ab7e4aff9fa6536ce5769dac47a0e6c
cache-control: private
function-execution-id: 21u90rl88pp0
accept-ranges: bytes
x-orig-accept-language: de-DE,de;q=0.9
x-country-code: DE
x-cache-hits: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
247 B 108ms
43ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3Y62RCFT4P&gtm=45je42c0v885677839za200&_p=1707942136693&_gaz=1&gcs=G111&gcd=13n3n3l3l5&npa=0&dma_cps=sypham&dma=1&_fid=fjo99YosgI6fCHus7GopAB&cid=330840536.1707942139&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EA&_s=1&sid=1707942138&sct=1&seg=0&dl=https%3A%2F%2Fwww.spafinder.com%2F&dt=Spa%20and%20Wellness%20Locations%20Near%20You%20%7C%20Spafinder%20Gift%20Cards&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.origin=firebase&tfd=3103
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-3Y62RCFT4P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Feb 2024 20:22:19 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.spafinder.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 156ms
52ms Ping
text/plain 2a00:1450:400c:c1f::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3Y62RCFT4P&cid=330840536.1707942139&gtm=45je42c0v885677839za200&aip=1&dma=1&dma_cps=sypham&gcs=G111&gcd=13n3n3l3l5&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-3Y62RCFT4P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c1f::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Feb 2024 20:22:19 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.spafinder.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 195ms
86ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3Y62RCFT4P&cid=330840536.1707942139&gtm=45je42c0v885677839za200&aip=1&dma=1&dma_cps=sypham&gcs=G111&gcd=13n3n3l3l5&npa=0&z=1274439613

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Feb 2024 20:22:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 home-default.ee2930fc.css
www.spafinder.com/css/ 7 KB
2 KB 159ms
158ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/home-default.ee2930fc.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

2868ce21f0eccc7468f6bb0ad9795d4a74c16e4ea79b38852eee2776213ad90b

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1055
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000037-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.103579,VS0,VE0
etag: "fd43605509b41b512ac355eabdc83d400080818cb9fc22262c52e41e2280360a-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 home-default.2d397ffc.js Show response
www.spafinder.com/js/ 10 KB
4 KB 160ms
159ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/home-default.2d397ffc.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

6b310f18eec45edc4e069d7ea448b2ec1c21442cb1c2babde568406eb7a3a75b

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2621
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000119-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.104406,VS0,VE0
etag: "f0f9e83c22148f6007f249cf82ae296dbc8826a68e9cc40155d1b28bebbf1955-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 13

GET
H2 200 homepage Show response
www.spafinder.com/api/wordpress/ 54 KB
13 KB 241ms
241ms XHR
application/json 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/api/wordpress/homepage

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

/ Express

Resource Hash

5f7a7ab7674c1aaa04a774b3064a300c9c235fa804365a98bf3a1692b0fd143e

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

1: 1
Accept: application/json, text/plain, */*
Referer: https://www.spafinder.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-powered-by: Express
x-cache: MISS
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000036-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
x-timer: S1707942139.102988,VS0,VE83
etag: W/"d607-5ScI3jupnNrRgmOUcr9zi3G8+co"
vary: Origin,cookie,need-authorization, x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-cloud-trace-context: 1aa438868578930cd3524b41f5897cd9
cache-control: private
function-execution-id: bfeijdptvnb2
accept-ranges: bytes
x-orig-accept-language: de-DE,de;q=0.9
x-country-code: US
x-cache-hits: 0

GET
H2 200 7955.5f381d7d.js Show response
www.spafinder.com/js/ 12 KB
4 KB 163ms
162ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/7955.5f381d7d.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

1486149b16cc9e52ffca9090a892a3c968d07f27cfe17613866dd68daf759220

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3022
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000036-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.126515,VS0,VE0
etag: "7a86fa80cebfe455c724a2c4e2a067f81e38e4133196965fff67a04122fabc66-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 toolbar.71f27763.css
www.spafinder.com/css/ 8 KB
2 KB 162ms
161ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/toolbar.71f27763.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

99b6adb66637de26ca8c7d4daff67ec3b7a2b597954601f28b86f7df9a5db1da

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 964
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000120-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.124491,VS0,VE0
etag: "27bdc1d1d4d33a072d0ea202b6b485963a0f0688e991d48f4013f6120a415a95-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 7

GET
H2 200 toolbar.77af835f.js Show response
www.spafinder.com/js/ 13 KB
5 KB 160ms
159ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/toolbar.77af835f.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

887b9c9b4b8ea58327f610e23b17083cd155fed7f9178c45476d90a7ee1aba6e

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3496
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000173-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.123120,VS0,VE0
etag: "9ac437562eaa31f061b1b8dc1d6ffab72653c549180190517ccb5a735bb33b15-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 5

GET
H2 200 1040.269cbae4.js Show response
www.spafinder.com/js/ 25 KB
8 KB 160ms
159ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/1040.269cbae4.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

af0fad1252c9ea772a6c378b342b992c859bd30ca7c31db7a8f847c60a595bfd

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6964
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000059-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.122722,VS0,VE0
etag: "918f825f88ce2c707872bbef5ad6ab3d9542bf31b4ee7769ec79e97b827d3bb8-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 3

GET
H2 200 header-menu.0dbc9a80.css
www.spafinder.com/css/ 9 KB
6 KB 158ms
158ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/header-menu.0dbc9a80.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

60d39c83d7bdeb38063cbfd133b9412470866fa73d80cd682a181e9371fb4f43

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4960
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000056-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.122452,VS0,VE0
etag: "a943acbf5157f7f4cde71282de424af7289a73302db8850704d794cba2c5b9e4-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 5

GET
H2 200 header-menu.f726c99a.js Show response
www.spafinder.com/js/ 5 KB
3 KB 199ms
199ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/header-menu.f726c99a.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

3a899afdeeefcba31feac12d3fb4208d71a5780e9684475c085eaa8c273ade2f

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1527
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000138-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.163461,VS0,VE0
etag: "498f4192d911ed89487fe0d323d4e8d2509693b3d10b4faec65635e1a4920bbd-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 6

GET
H2 200 menu Show response
www.spafinder.com/api/wordpress/ 4 KB
3 KB 336ms
336ms XHR
application/json 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/api/wordpress/menu?query=main

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

/ Express

Resource Hash

f38881519605d0f75fc57c176bae40d89d96b11be1d6c86e54958f5247e27749

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

1: 1
Accept: application/json, text/plain, */*
Referer: https://www.spafinder.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-powered-by: Express
x-cache: MISS
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000178-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
x-timer: S1707942139.124123,VS0,VE180
etag: W/"1167-jVT9qbQSPSRHAiC8KF9f79Z3MsM"
vary: Origin,cookie,need-authorization, x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-cloud-trace-context: 882930c07f4f5f298242f8c1a4afc8d7
cache-control: private
function-execution-id: b2ikdq2v6ky3
accept-ranges: bytes
x-orig-accept-language: de-DE,de;q=0.9
x-country-code: US
x-cache-hits: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402080201/ 430 KB
136 KB 160ms
50ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402080201/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a75ade244357b72c307d1201f4e1a748951dd96f1237beed544b640bde2cb11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 22:08:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80054
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138443
x-xss-protection: 0
server: cafe
etag: 2029179791382905741
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 12 Feb 2025 22:08:05 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 116 B
611 B 191ms
82ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.spafinder.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a5ba7aec9e69ab081489599629f3ac90625c37aece2d17737256d9c23262460

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69
x-xss-protection: 0
expires: Wed, 14 Feb 2024 20:22:19 GMT

GET
H2 200 GaCecGsOYBX5Y-bYhBnP8HzGx5OMr0R3KV4Tm0nuRTQ.js Show response
www.google.com/js/bg/ Frame 15C4 17 KB
7 KB 162ms
51ms Script
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/GaCecGsOYBX5Y-bYhBnP8HzGx5OMr0R3KV4Tm0nuRTQ.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19a09e706b0e6015f963e6d88419cff07cc6c7938caf4477295e139b49ee4534

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://recaptcha.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:05:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 127003
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6957
x-xss-protection: 0
last-modified: Mon, 05 Feb 2024 17:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Feb 2025 09:05:36 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 15C4 2 KB
2 KB 51ms
51ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:50:20 GMT
x-content-type-options: nosniff
age: 127919
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 20 Feb 2024 08:50:20 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 15C4 15 KB
15 KB 173ms
65ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://recaptcha.net/
Origin: https://recaptcha.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:50:21 GMT
x-content-type-options: nosniff
age: 127918
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 08:50:21 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 15C4 15 KB
16 KB 160ms
52ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://recaptcha.net/
Origin: https://recaptcha.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:09:14 GMT
x-content-type-options: nosniff
age: 126785
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 09:09:14 GMT

GET
H3 200 webworker.js
recaptcha.net/recaptcha/api2/ Frame 15C4 102 B
135 B 62ms
61ms Other
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://recaptcha.net/recaptcha/api2/webworker.js?hl=de&v=yiNW3R9jkyLVP5-EEZLDzUtA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

006075ca8435aa619a3a6885f3d63c6623f827ef97211e4a20b4f640d98e0f8b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LeU9rwUAAAAAIw7GYHbl623LN6NRsnZNfggJAKi&co=aHR0cHM6Ly93d3cuc3BhZmluZGVyLmNvbTo0NDM.&hl=de&v=yiNW3R9jkyLVP5-EEZLDzUtA&size=invisible&cb=4w8smetdo40o
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Wed, 14 Feb 2024 20:22:19 GMT

GET
H2 200 745.242fb953.js Show response
www.spafinder.com/js/ 11 KB
4 KB 158ms
158ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/745.242fb953.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

e32e7a78eefd211fd11f09f485f4ffaff992b66fe8b86de698fd26bc094b0bd0

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2646
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000085-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.266886,VS0,VE0
etag: "b7e9b4d7cdc97ca2b247c6375b90917eb786f6cd56d81fe1e9595af2369eeb59-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 11

GET
H2 200 search-fields.069a7da6.css
www.spafinder.com/css/ 13 KB
3 KB 166ms
166ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/search-fields.069a7da6.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

13a2ffb9504462af069ef7d6b8d059c4d40b3b856cafc59ea3c6b6454fb096bc

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1332
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000073-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.269884,VS0,VE0
etag: "baf592cd60b75d10e7b3fc5f0029d8aa162f4a7a262bb2079431281ae0a16e1a-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 3

GET
H2 200 offers-carousel.e9f2592a.js Show response
www.spafinder.com/js/ 4 KB
2 KB 158ms
157ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/offers-carousel.e9f2592a.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

989a16777de0a9d47410e27e0644c3169b56f41615c1cf844dee105dbe5493ab

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1160
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000147-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.268036,VS0,VE1
etag: "d9f9dac8a692c1c95ee3bf6f2e474553c1439494a00fa4a61b83be870df87189-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 10

GET
H2 200 spafinder.gif
assets.spafinder.com/logos/ 8 KB
9 KB 34ms
13ms Image
image/gif 2600:9000:235a:5400:8:c5db:8400:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.spafinder.com/logos/spafinder.gif
Requested by: Host: www.spafinder.com
URL: https://www.spafinder.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:5400:8:c5db:8400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5c43b2c31371a6be5897acb64707ce0a7c0461ce5e82f8478fb281f65cc1ecf3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 10 Feb 2024 06:19:01 GMT
via: 1.1 f8e909d80b83cb9eeaf200975944eb56.cloudfront.net (CloudFront)
last-modified: Thu, 27 Sep 2018 16:38:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
age: 396199
etag: "063a819c92c9ecdb5f5fa6f41cbdae33"
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 8551
x-amz-cf-id: H1X6fkzcszaU3BAc7KWjIM6qjRYUJKou-pKLKrr7LenXW2tEABuh4A==

GET
H2 200 materialdesignicons-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.1.96/fonts/ 383 KB
383 KB 22ms
22ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.1.96/fonts/materialdesignicons-webfont.woff2?v=7.1.96

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.1.96/css/materialdesignicons.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

739dc70ddd8affbac6e6a7a7cec3ff342fd28fcd77e3711a312c01845517a495

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/MaterialDesign-Webfont/7.1.96/css/materialdesignicons.min.css
Origin: https://www.spafinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6618713
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 391688
last-modified: Mon, 12 Dec 2022 03:38:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6396a22c-5fa08"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tyrKExjmxH68R1sPxL0Mk%2BSvoS6136emQNDkKxBfZ7lUUnxyW0pyOKbKtxLh6tYcfmatjtBSQ8NFrBJy2LKCBLY964dvpOUis2%2BWt0HzIT87JQPWNlQ65jf2ToXIJVj6RfBflviE9QTKM8n6qGm5ptP6"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 855805c21c105d91-FRA
expires: Mon, 03 Feb 2025 20:22:19 GMT

GET
H2 200 home-blog.41f43398.js Show response
www.spafinder.com/js/ 955 B
2 KB 158ms
158ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/home-blog.41f43398.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

5f17bf847ab816b9030f236df6b9c84388eff620fedb38518b53fa6c9576ebd1

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 486
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000176-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.327019,VS0,VE0
etag: "f02ebee30aaf2d011aef65c8522d4bc0a87e16b621d74d6d08b8010ae1788e55-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 5

GET
H2 200 subscription.6557c594.css
www.spafinder.com/css/ 2 KB
2 KB 159ms
159ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/subscription.6557c594.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

c78cb5022b310c4edfbc53adb5187ebd4c9007df220522be5bcf1489e52bf875

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 401
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000142-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.327959,VS0,VE0
etag: "337bee2cfe4f50cc1bf5f2befd756aa1b3dad3d6313c8089f380cafe85f720f7-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 4

GET
H2 200 subscription.d58e852a.js Show response
www.spafinder.com/js/ 3 KB
2 KB 160ms
160ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/subscription.d58e852a.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

3c3d888a67dbff348c8ec9b693fa45301fbc05dc286ad27029dddeba2cbd8f07

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1021
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000176-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.328836,VS0,VE0
etag: "5e43df1de43f85df09ae2c6afe2b46f0bba79a0f0a5744ed3465baae49184601-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 3938.eb8db66e.css
www.spafinder.com/css/ 2 KB
2 KB 162ms
161ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/3938.eb8db66e.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

c95f850585ade9d1937aeec862e1ec25c0110c725cdefcfa970e9a066df466cc

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 358
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000156-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.341871,VS0,VE0
etag: "184865d68e9e3030877008c0da06c5234830eaf8618ffcf6fb074d9a33478dc3-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 3938.4341a97c.js Show response
www.spafinder.com/js/ 75 KB
19 KB 163ms
162ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/3938.4341a97c.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

ae44890b951fbfc2e8a814678d1c5d0ba88781617ba45dbe728b4146fe1ac3b8

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18606
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000042-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.342951,VS0,VE0
etag: "a9ec087b5754a46d0904743e908f84950400a703ce95750ab317b3f1b48555e9-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 3

GET
H2 200 7743.0de2fe65.js Show response
www.spafinder.com/js/ 3 KB
2 KB 165ms
165ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/7743.0de2fe65.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

4ee48c88924118758c3cb9b71abbb0e76c963792fb5a3f6bffadfaa45a75afb8

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1232
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000048-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.346217,VS0,VE0
etag: "bfb40d234111dcc9079f14656fe288bb4c500edf5ef23e0279ec900ee385985a-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 12

GET
H2 200 6654-4.jpg
resizer.spafinder.com/1333x750/2023/04/ 122 KB
123 KB 67ms
14ms Image
image/jpeg 2600:9000:2646:4c00:13:2dad:97c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resizer.spafinder.com/1333x750/2023/04/6654-4.jpg

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2646:4c00:13:2dad:97c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Google Frontend / Express

Resource Hash

5078629ad47ce59d30d8573ea73ea29e77487d9e1cda24a3dec0f8fc1b8e9950

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Wed, 14 Feb 2024 07:41:06 GMT
via: 1.1 c2bfbd57ba266fad66928f7d9fe2f1c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P5
age: 45671
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 125230
x-served-by: cache-fra-eddf8230024-FRA
server: Google Frontend
x-timer: S1707705347.575348,VS0,VE2859
etag: W/"1e92e-wsvs4vuepkP/5+jv29RGIMGG+HY"
vary: cookie,accept-encoding
content-type: image/jpeg
x-cloud-trace-context: 1a91be4a338a2dd75b44227b2f7a51f1;o=1
cache-control: public, max-age=84000, s-maxage=84000
function-execution-id: fj6dx6noqajp
accept-ranges: bytes
x-amz-cf-id: GUUSVsyxiAu7wCbSiEY-QX7JQ7rIIYSbdG0hLvKIqQkRwnVCRvPziA==
x-country-code: DE
x-cache-hits: 0

GET
H2 200 featured-listings.2bb1ec2e.js Show response
www.spafinder.com/js/ 1 KB
2 KB 160ms
160ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/featured-listings.2bb1ec2e.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

9b3ba98fdeaf025f2e4ba900ae44ab57eaade63cfa3c8d727d395a2d6e30f409

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 610
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000021-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.449601,VS0,VE0
etag: "9e3eca68605c80952fd77da69e16b2f75bba57027d574df4132c62cfb4751323-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 6

GET
H2 200 merchants Show response
www.spafinder.com/api/ 74 KB
18 KB 1077ms
1077ms XHR
application/json 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/api/merchants?size=12&sort=relevance&distance=50&filters=eyJoYXNPZmZlcnMiOnRydWV9

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

/ Express

Resource Hash

49a3de795c570633f8b0c5d3776905b509a889add5cf5558fd5ac5f667e247a8

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

1: 1
Accept: application/json, text/plain, */*
Referer: https://www.spafinder.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-powered-by: Express
x-cache: MISS
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000085-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
x-timer: S1707942139.496963,VS0,VE903
etag: W/"12813-owsheJBUqwIOqMlmX8lLqky+/Ds"
vary: Origin,cookie,need-authorization, x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-cloud-trace-context: 3706885f217b1b673f7d1181c00ee82b;o=1
cache-control: private
function-execution-id: cgf4m3ynhy52
accept-ranges: bytes
x-orig-accept-language: de-DE,de;q=0.9
x-country-code: US
x-cache-hits: 0

GET
H2 200 multi-offers-carousel.55d33955.css
www.spafinder.com/css/ 3 KB
2 KB 160ms
159ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/multi-offers-carousel.55d33955.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

90968683330584df70de364e453a02b421dcd5f2c472e437f7ef1f47e992ce84

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 586
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000042-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.486940,VS0,VE0
etag: "031ec521727e2987246e6efbd51962a4e8a3a9eda2f8e9262fcb8521c19b4deb-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 multi-offers-carousel.729d34d9.js Show response
www.spafinder.com/js/ 11 KB
4 KB 158ms
158ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/multi-offers-carousel.729d34d9.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

3cc86cb4038f26040f2a791057d2b878bd00ef7949f069a09a01d5c5a7f6de64

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2880
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000080-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942139.486545,VS0,VE0
etag: "0f493de6f1160723b0f2545cd654371ba085cfefa9f18783119e1d952b3723c9-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 10

GET
H2 200 blog-carousel.e101d2e6.css
www.spafinder.com/css/ 671 B
1 KB 159ms
158ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/blog-carousel.e101d2e6.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

e19e56dd435b218190ffe5d7a6fb62f1ec1d806a57f93396d167e1eda6d16135

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 154
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000036-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942140.538293,VS0,VE0
etag: "0ec9c44791d10fe08f187fac2b218dfbba8d26bb94a4bbeaeb78aa0601999b59-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 4

GET
H2 200 blog-carousel.665e6ef2.js Show response
www.spafinder.com/js/ 3 KB
2 KB 160ms
159ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/blog-carousel.665e6ef2.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

fa8d18940eb4ff4d3c81231d30bc93861855a54654c4705c0f99f10d03128950

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1099
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000170-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942140.538941,VS0,VE0
etag: "7e02216ba3d01b0c18b2fe415ebd9994cc143e4a6894143ca33216dcfac02f73-br"
vary: x-fh-requested-host, accept-encoding
report-to: {"group":"gfe-default_product_name","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/default_product_name"}]}
content-type: text/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
cache-control: max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="gfe-default_product_name"
x-cache-hits: 9

GET
H2 200 Subscribe-and-Save-10.jpg
resizer.spafinder.com/600x370/2023/02/ 35 KB
36 KB 11ms
11ms Image
image/jpeg 2600:9000:2646:4c00:13:2dad:97c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resizer.spafinder.com/600x370/2023/02/Subscribe-and-Save-10.jpg

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2646:4c00:13:2dad:97c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Google Frontend / Express

Resource Hash

fc10ac9a9b64d0dd2f03f314e793b10cbbec3215c59dbc9c46834c5416e45bea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Wed, 14 Feb 2024 09:53:42 GMT
via: 1.1 c2bfbd57ba266fad66928f7d9fe2f1c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P5
age: 37715
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 36200
x-served-by: cache-fra-eddf8230077-FRA
server: Google Frontend
x-timer: S1707540607.304157,VS0,VE612
etag: W/"8d68-3c7OeP4WNL1dyINArViaJys+yyE"
vary: cookie,accept-encoding
content-type: image/jpeg
x-cloud-trace-context: bba2a2b5a25f56aa897b2a7ddb466345;o=1
cache-control: public, max-age=84000, s-maxage=84000
function-execution-id: i4tlt6m1mo1s
accept-ranges: bytes
x-amz-cf-id: rJbMUsD6BhzI9TmWj05ZEo9_gaDfwTA2ad0Y-HCxWVxXQtJiV3vKdg==
x-country-code: DE
x-cache-hits: 0

GET
H2 200 promotion-listings.fd7f86b4.css
www.spafinder.com/css/ 251 B
1 KB 160ms
160ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/promotion-listings.fd7f86b4.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

de22c26ee7cf0f825c97258b802bffe2e6e40755d670e2a20ff65d9c93e1c8bc

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 105
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000087-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942140.611352,VS0,VE1
etag: "c40d67cefab7564b760dc42f4b5611ff5d2c8a8ee708709f1e3b9968e44eebb1-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 promotion-listings.36f8c71e.js Show response
www.spafinder.com/js/ 6 KB
3 KB 165ms
164ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/promotion-listings.36f8c71e.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

c9bbaa69ee38f788be7fb2b5e1a508c1010b9ea3e2e7b3d5dd3dd323e2baf17a

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1666
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000158-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942140.617439,VS0,VE0
etag: "bdd08a1ef6ebc75a9965d28718b3508636f3334a330cd1bc9ff1aa17c5c86708-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 10

GET
H2 200 spafinder.png
assets.spafinder.com/logos/ 9 KB
9 KB 12ms
11ms Image
image/png 2600:9000:235a:5400:8:c5db:8400:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.spafinder.com/logos/spafinder.png
Requested by: Host: www.spafinder.com
URL: https://www.spafinder.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:5400:8:c5db:8400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e59bc3ab055f64fc5f66c10aa61f0ff2b615b41fca847dd01e4221c8ba28c0a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 10 Feb 2024 05:53:54 GMT
via: 1.1 f8e909d80b83cb9eeaf200975944eb56.cloudfront.net (CloudFront)
last-modified: Thu, 27 Sep 2018 16:38:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P9
age: 397706
etag: "777534f7bf52bf6480ffae552d494f26"
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 9119
x-amz-cf-id: 9VXqstWdqlCM1da2Yn5hdQE0ofud6kkiM7adB5cZxf8FgHxOxyQ3lg==

GET
H2 200 offer-carousel-header.5fd0b8f1.css
www.spafinder.com/css/ 6 KB
2 KB 158ms
158ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/offer-carousel-header.5fd0b8f1.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

792f19ecfb723c76adb0c9bf991517e6f649a61586ca08d04dc34aa8ef447983

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 669
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000155-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942140.649861,VS0,VE0
etag: "41724836ec65f84c184fb3f63e7c833356b269ffb51e7ecff0d59db0b0663926-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 offer-carousel-header.6474b906.js Show response
www.spafinder.com/js/ 2 KB
2 KB 161ms
161ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/offer-carousel-header.6474b906.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

52e17c80dc48d620ccb5cf7c938363852515a32db661c8073856957e355f3a6b

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 740
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000159-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942140.653127,VS0,VE0
etag: "6e3bdced59b8f7dac6c10663447bde964e4e86e105bf927f00a1445a78921b4b-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 16

GET
H2 200 merchants Show response
www.spafinder.com/api/ 332 B
2 KB 815ms
815ms XHR
application/json 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/api/merchants?size=12&sort=relevance&distance=50&location=60313&searchOrigin=50.1155%2C8.6842&filters=eyJoYXNPZmZlcnMiOnRydWV9

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

/ Express

Resource Hash

e7ab345b44b7bf5fb6aa2e7b80ea9bf45b50a6682e1fd8d1438b3ba30e9278d5

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

1: 1
Accept: application/json, text/plain, */*
Referer: https://www.spafinder.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-powered-by: Express
x-cache: MISS
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000151-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
x-timer: S1707942140.700585,VS0,VE607
etag: W/"14c-d7HIKz5tYcs/NeKo4AKceSM+6Vc"
vary: Origin,cookie,need-authorization, x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-cloud-trace-context: caf122668ddfe2f39ea2c1f3dcb5a5b9
cache-control: private
function-execution-id: 2tb12bc0p631
accept-ranges: bytes
x-orig-accept-language: de-DE,de;q=0.9
x-country-code: US
x-cache-hits: 0

GET
H2 200 multi-carousel.eba78b8d.css
www.spafinder.com/css/ 2 KB
2 KB 157ms
157ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/multi-carousel.eba78b8d.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

92807d33d92c5f11ab080447fb06087c9c33103b3e724e6a228cf1d2f16f2be8

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 312
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000127-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942140.698552,VS0,VE0
etag: "18fc1d9c0c10580713e581eba1901ba2367321191d4d0d143d13cb2b9d2fed89-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 3

GET
H2 200 listing-background.64ab9862.css
www.spafinder.com/css/ 5 KB
2 KB 173ms
173ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/listing-background.64ab9862.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

9ccdd22f5dfa6643d0e4da6dc83397e05ff836f8ab1f6ac31b2e11a88c8ee561

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 533
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000171-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942140.793968,VS0,VE0
etag: "3151f0f9ecfbbccb1e1518e0deb57b6e0ff7625ac5eb46b7ed00d88b32f395a4-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 3

GET
H2 200 listing-background.2cd761bb.js Show response
www.spafinder.com/js/ 2 KB
2 KB 159ms
159ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/listing-background.2cd761bb.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

da7c651fbd78c0a3bb226570a2acc0ce696658f32c9f17f93f0717da3c0679e4

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 825
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000110-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942140.779082,VS0,VE1
etag: "fcc1b06431fa0ad93ff0adda78e6a6e4b660c421c2b6772f31215da5c2ddc5ed-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 merchants Show response
www.spafinder.com/api/ 437 B
2 KB 810ms
810ms XHR
application/json 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/api/merchants?size=12&sort=relevance&distance=50&location=Frankfurt%20am%20Main%2C%20DE&searchOrigin=Frankfurt%20am%20Main%2C%20DE&filters=eyJwcm9tb3Rpb25zLnByb21vdGlvblR5cGVOYW1lIjoiRmVhdHVyZWQgTWVyY2hhbnQifQ

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

/ Express

Resource Hash

ec0b7d7b9878a51313c8d94776567b8f92cd94656a3d6c717690c2923c030da6

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

1: 1
Accept: application/json, text/plain, */*
Referer: https://www.spafinder.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-powered-by: Express
x-cache: MISS
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000096-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
x-timer: S1707942140.779058,VS0,VE652
etag: W/"1b5-Q2/5//CD3gzQ63vdQUvIahwM+FU"
vary: Origin,cookie,need-authorization, x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-cloud-trace-context: 28f90c5d67dc66a2a6d2da032582286e
cache-control: private
function-execution-id: idsht23h7sgx
accept-ranges: bytes
x-orig-accept-language: de-DE,de;q=0.9
x-country-code: US
x-cache-hits: 0

GET
H2 200 blog-card.42729cd1.css
www.spafinder.com/css/ 2 KB
2 KB 162ms
161ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/blog-card.42729cd1.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

4a3948501eb64db4fadada15a7965c191d50fbb663e0580079d682bd0159a109

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 445
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000109-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942140.862111,VS0,VE0
etag: "d26165692ef16bae252221ccddfd72bb813a988d703ce10edf2183bce7657c00-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 blog-card.b4e255c0.js Show response
www.spafinder.com/js/ 4 KB
3 KB 180ms
180ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/blog-card.b4e255c0.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

e159ee11cdad2d5f45b560d8ce9da154bf84bc9ede61bd89dda571e473dd4b1a

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1489
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000115-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942140.881163,VS0,VE1
etag: "408e81cedd573b0a16c67e11ff00fbf32f166a3d1eb58fa1bc2ca435e26690e6-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 home-featured.jpg
resizer.spafinder.com/1333x750/2019/08/ 235 KB
236 KB 1086ms
1086ms Image
image/jpeg 2600:9000:2646:4c00:13:2dad:97c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resizer.spafinder.com/1333x750/2019/08/home-featured.jpg

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2646:4c00:13:2dad:97c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Google Frontend / Express

Resource Hash

e21265e7abbaa0fee4d4b7790fceaa0e23c044725a48a56ee2996185ef88f323

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Wed, 14 Feb 2024 20:22:19 GMT
via: 1.1 c2bfbd57ba266fad66928f7d9fe2f1c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P5
x-powered-by: Express
x-cache: RefreshHit from cloudfront
content-length: 241102
x-served-by: cache-fra-eddf8230132-FRA
server: Google Frontend
x-timer: S1707831592.999570,VS0,VE1467
etag: W/"3adce-13yDbgGL5DcPOAjJvDHtodDD+BE"
vary: cookie,accept-encoding
content-type: image/jpeg
x-cloud-trace-context: 178edd4b3a93e7617e884a04008489a9;o=1
cache-control: public, max-age=84000, s-maxage=84000
function-execution-id: yozrhtmjrovy
accept-ranges: bytes
x-amz-cf-id: RmAdWGfYMC7aX8xjnTN1B6d3SeL8jGSYCk9j0ivRAE2faRzBGZHy6w==
x-country-code: DE
x-cache-hits: 0

GET
H2 200 custom-image.b247825c.js Show response
www.spafinder.com/js/ 3 KB
2 KB 158ms
158ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/custom-image.b247825c.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

58737bfaa7b320a5e21ccc56dcd710b42d6b74c14f0c44253c2b6a2b264ebd3b

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:20 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 912
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000137-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942140.047514,VS0,VE0
etag: "487fe75b1e6cd9ee81c7574fde8e68b0040d245a96fe28b8ed1d8b3ae45cfeba-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 9

GET
H2 200 merchants Show response
www.spafinder.com/api/ 74 KB
18 KB 556ms
555ms XHR
application/json 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/api/merchants?size=12&sort=relevance&distance=50&searchOrigin=50.1155%2C8.6842&filters=eyJoYXNPZmZlcnMiOnRydWV9

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

/ Express

Resource Hash

436ece4673ca427937417d1d5e89aa4567715458efba1070a5ce4a67941cd4c7

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

1: 1
Accept: application/json, text/plain, */*
Referer: https://www.spafinder.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-powered-by: Express
x-cache: MISS
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000172-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
x-timer: S1707942140.468564,VS0,VE398
etag: W/"127fc-ur3AtUpvDtbtm4CEUGV+XqRakVs"
vary: Origin,cookie,need-authorization, x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-cloud-trace-context: f0ce3f81aacc74b60cf33e5379d5dcfa
cache-control: private
function-execution-id: h63tjfivwr7l
accept-ranges: bytes
x-orig-accept-language: de-DE,de;q=0.9
x-country-code: US
x-cache-hits: 0

GET
H2 200 merchants Show response
www.spafinder.com/api/ 437 B
2 KB 925ms
925ms XHR
application/json 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

/ Express

Resource Hash

ec0b7d7b9878a51313c8d94776567b8f92cd94656a3d6c717690c2923c030da6

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

1: 1
Accept: application/json, text/plain, */*
Referer: https://www.spafinder.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-powered-by: Express
x-cache: MISS
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000109-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
x-timer: S1707942141.561915,VS0,VE768
etag: W/"1b5-Q2/5//CD3gzQ63vdQUvIahwM+FU"
vary: Origin,cookie,need-authorization, x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-cloud-trace-context: cfeb79e5546acaf2e48a9b977484e0a6
cache-control: private
function-execution-id: cgf444ysi3hd
accept-ranges: bytes
x-orig-accept-language: de-DE,de;q=0.9
x-country-code: US
x-cache-hits: 0

GET
H2 200 merchants Show response
www.spafinder.com/api/ 72 KB
16 KB 901ms
900ms XHR
application/json 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/api/merchants?size=12&sort=relevance&distance=50&searchOrigin=Frankfurt%20am%20Main%2C%20DE&filters=eyJwcm9tb3Rpb25zLnByb21vdGlvblR5cGVOYW1lIjoiRmVhdHVyZWQgTWVyY2hhbnQifQ

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/chunk-vendors.5f22a22b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

/ Express

Resource Hash

cef1663ddea851310eadb7feb51439b1fd37c83120329e58bdcf963faf1e4343

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

1: 1
Accept: application/json, text/plain, */*
Referer: https://www.spafinder.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-powered-by: Express
x-cache: MISS
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000155-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
x-timer: S1707942141.593998,VS0,VE743
etag: W/"11eb5-2lyp5AtPbXbdCfz//WOMAxgG8Vs"
vary: Origin,cookie,need-authorization, x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-cloud-trace-context: 18e5fe730dcb90737aa40a2bc996dc28
cache-control: private
function-execution-id: yc6smaskb8p7
accept-ranges: bytes
x-orig-accept-language: de-DE,de;q=0.9
x-country-code: US
x-cache-hits: 0

GET
H2 200 offer-card.31639184.css
www.spafinder.com/css/ 4 KB
2 KB 166ms
162ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/offer-card.31639184.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

b2417365fc9225e77b67a316c12c23660a319e90a4efec4895330dc8808d56f0

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 796
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000055-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942141.039527,VS0,VE2
etag: "b6638c18c82dc38a428ec17e4ad4e27b6e6bf09b5bc7e5e8bf34b14db427ee9a-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 offer-card.d03d7f83.js Show response
www.spafinder.com/js/ 9 KB
4 KB 159ms
156ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/offer-card.d03d7f83.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

4a0b120e875dac1608c6fdb40ae8db56d488536ce238e82d874dac512bc625d3

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2696
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000058-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942141.034792,VS0,VE0
etag: "e5b1452a958a16564c96be2b20d21c286c02545198a79bce07982db780da3c2b-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 8

GET
H2 200 star-ratig.82fe31cb.css
www.spafinder.com/css/ 714 B
1 KB 160ms
160ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/star-ratig.82fe31cb.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

90a752c40576e05f5512aa0b03f27a0d93795f0d6c3789a196234239bd838f48

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 196
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000108-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942141.204388,VS0,VE0
etag: "da8a9fe43c3589cbf00a4f509d3bd427ce40efe8be6e60ff89050fb8e5595f79-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 3

GET
H2 200 star-ratig.5de0c02d.js Show response
www.spafinder.com/js/ 2 KB
2 KB 157ms
157ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/star-ratig.5de0c02d.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

b6306d59c0f21800b07f1bbebd25019a9f2534ca198f5620f0dd87c7e1d5bef8

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 763
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000028-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-4grhb
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942141.201981,VS0,VE0
etag: "0eac79c8f4ff98b57c27b85d3f98305d9d288e03ae003506f3b23400b97879d7-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 listing-card.82dc2030.css
www.spafinder.com/css/ 3 KB
2 KB 158ms
157ms Stylesheet
text/css 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/css/listing-card.82dc2030.css

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

8a96f4c28970afda513964ae40abc12101fe14af2ece0667d9498ee488410f58

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 617
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000051-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-tstzd
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942142.500320,VS0,VE0
etag: "a85839f34418e3fefad0d8e1926db753be59a3ebdfd2d1e9e922cc18609e6f10-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 listing-card.c8f7a6de.js Show response
www.spafinder.com/js/ 10 KB
4 KB 158ms
158ms Script
text/javascript 35.238.100.44
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spafinder.com/js/listing-card.c8f7a6de.js

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/js/app.9612d004.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.238.100.44 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

44.100.238.35.bc.googleusercontent.com

Software

Resource Hash

204bd414d27acf491b0c2acb13487bb05474fa9a3531749c193351d9591c04a4

Security Headers

Name	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spafinder.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 20:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=15724800; includeSubDomains
x-permitted-cross-domain-policies: master-only
content-security-policy: object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *;
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2695
x-xss-protection: 0, 1; mode=block
x-served-by: cache-chi-kigq8000171-CHI
x-content-type: nosniff
x-frontend: wordpress-spafinder-6f8f574c7-954zq
referrer-policy: same-origin
last-modified: Thu, 25 Jan 2024 14:52:55 GMT
x-timer: S1707942142.500367,VS0,VE0
etag: "bada1c857872b31528f903a3aee6852167a062a22c22fd4de7c1e8424673594d-br"
vary: x-fh-requested-host, accept-encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 8

GET
H2 200 nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
fonts.gstatic.com/s/playfairdisplay/v13/ 24 KB
24 KB 52ms
51ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/playfairdisplay/v13/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/css/app.ac4e83a5.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b525ae0e0efab068f722d12825c452a020df948f819b356fe3c45502de1684c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://www.spafinder.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Wed, 14 Feb 2024 02:16:45 GMT
x-content-type-options: nosniff
age: 65136
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24888
x-xss-protection: 0
last-modified: Tue, 07 Nov 2017 15:20:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Feb 2025 02:16:45 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 37ms
36ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3Y62RCFT4P&gtm=45je42c0v885677839za200&_p=1707942136693&gcs=G111&gcd=13n3n3l3l5&npa=0&dma_cps=sypham&dma=1&_fid=fjo99YosgI6fCHus7GopAB&cid=330840536.1707942139&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EEA&_s=2&uid=&sid=1707942138&sct=1&seg=0&dl=https%3A%2F%2Fwww.spafinder.com%2F&dt=Spa%20and%20Wellness%20Locations%20Near%20You%20%7C%20Spafinder%20Gift%20Cards&en=scroll&ep.origin=firebase&epn.percent_scrolled=90&_et=4&tfd=8108
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-3Y62RCFT4P
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Feb 2024 20:22:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.spafinder.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 iStock-486873186-scaled.jpg
resizer.spafinder.com/1333x750/2022/08/ 63 KB
63 KB 25ms
25ms Image
image/jpeg 2600:9000:2646:4c00:13:2dad:97c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://resizer.spafinder.com/1333x750/2022/08/iStock-486873186-scaled.jpg

Requested by

Host: www.spafinder.com
URL: https://www.spafinder.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2646:4c00:13:2dad:97c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Google Frontend / Express

Resource Hash

9eea4bd5b73b0aaa17e77da37aafb6789e939f316312092f2e103e44ff250b2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Wed, 14 Feb 2024 20:22:25 GMT
via: 1.1 c2bfbd57ba266fad66928f7d9fe2f1c6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P5
age: 7368
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 64355
x-served-by: cache-fra-etou8220076-FRA
server: Google Frontend
x-timer: S1707740205.358783,VS0,VE930
etag: W/"fb63-TTxo9hdCZl06NAyf+Etl2js/7kY"
vary: cookie,accept-encoding
content-type: image/jpeg
x-cloud-trace-context: 863a929df316649deb3b2e951c8025c5;o=1
cache-control: public, max-age=84000, s-maxage=84000
function-execution-id: nii0hi5j81ni
accept-ranges: bytes
x-amz-cf-id: d9bwp_qt4wZT6UirezfbIzsEUEEADlI7w19p1E7EYvwPctwj76dA9Q==
x-country-code: DE
x-cache-hits: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gtm.spafinder.com
URL: https://gtm.spafinder.com/gtm.js?id=GTM-MSN4NSC

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.spafinder.com/	1970-01-21 04:01:42	Name: _ga Value: GA1.1.330840536.1707942139
.spafinder.com/	1970-01-21 04:01:42	Name: _ga_3Y62RCFT4P Value: GS1.1.1707942138.1.0.1707942138.60.0.0
www.spafinder.com/	1970-01-21 04:01:42	Name: review_anonymous Value: 8c151075-9278-4941-9d60-8b8968441d9b

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	object-src ; frame-src 'self' .spafinder.com .firebaseapp.com api.sardine.ai recaptcha.net .web.app .xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com .criteo.com .salecycle.com .youtube.com .vimeo.com vimeo.com hotjar.com .hotjar.com .moatads.com .googletagmanager.com www.googletagservices.com .google.com www.google.com .otiserver.com .googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net .facebook.com .doubleclick.net .cloudfront.net .sfw-cdn.com .mathtag.com taboola.com .taboola.com adsrvr.org .adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net .trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' data:; connect-src *;
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.spafinder.com
cdnjs.cloudflare.com
firebase.googleapis.com
firebaseinstallations.googleapis.com
firestore.googleapis.com
fonts.googleapis.com
fonts.gstatic.com
geoip.spafinder.com
gtm.spafinder.com
recaptcha.net
region1.analytics.google.com
resizer.spafinder.com
securepubads.g.doubleclick.net
spafinder.com
stats.g.doubleclick.net
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.spafinder.com
gtm.spafinder.com
151.101.1.195
2001:4860:4802:32::36
2600:9000:235a:5400:8:c5db:8400:93a1
2600:9000:2646:4c00:13:2dad:97c0:93a1
2606:4700::6811:190e
2a00:1450:4001:800::2003
2a00:1450:4001:803::2003
2a00:1450:4001:810::2002
2a00:1450:4001:811::2008
2a00:1450:4001:811::200a
2a00:1450:4001:81c::200a
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:830::2004
2a00:1450:4001:831::2003
2a00:1450:400c:c1f::9c
35.238.100.44
004d78f344f196c17544bda557c19b6adb3334d484579c66466bfafb91eca4bc
006075ca8435aa619a3a6885f3d63c6623f827ef97211e4a20b4f640d98e0f8b
0356ac8e33f80dfeecfa82242e6c27cffbeb63938dbf1b25341122b0717c3aaa
0bc48bc92bbe20058d9d75c392641a1f167873a02828702d2ca743d480888491
0e59bc3ab055f64fc5f66c10aa61f0ff2b615b41fca847dd01e4221c8ba28c0a
115485bf87b48a99a160d54a46382bfc82998abb4f24758cd0a374ce90dad0cc
13a2ffb9504462af069ef7d6b8d059c4d40b3b856cafc59ea3c6b6454fb096bc
1486149b16cc9e52ffca9090a892a3c968d07f27cfe17613866dd68daf759220
19a09e706b0e6015f963e6d88419cff07cc6c7938caf4477295e139b49ee4534
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
204bd414d27acf491b0c2acb13487bb05474fa9a3531749c193351d9591c04a4
211b5e8cc76f1589bcb8950b40858c4d5a56d738296c63d22fe57e955fd1de81
2521afbd7811be858d4ba59ec031f27c58ca9f258163aee3438a99933e94b0db
2868ce21f0eccc7468f6bb0ad9795d4a74c16e4ea79b38852eee2776213ad90b
2c91bce29aec92827de7907508c2d9aaf9ef512d7d422b0a4e9483acd48f5340
3a899afdeeefcba31feac12d3fb4208d71a5780e9684475c085eaa8c273ade2f
3c2885574185694a5d1ecbebe7e0c026284a2dfbf29c91a942305ab2c2d07b9b
3c3d888a67dbff348c8ec9b693fa45301fbc05dc286ad27029dddeba2cbd8f07
3cc86cb4038f26040f2a791057d2b878bd00ef7949f069a09a01d5c5a7f6de64
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
400e29bd646725b5792c525bbe10943cfdbf083f09b74ce9a081323e7c0b35d3
436ece4673ca427937417d1d5e89aa4567715458efba1070a5ce4a67941cd4c7
446611327adb01390eb1937a404e9bf6ce05541af688a5c609cedc9abf39e72d
49a3de795c570633f8b0c5d3776905b509a889add5cf5558fd5ac5f667e247a8
4a0b120e875dac1608c6fdb40ae8db56d488536ce238e82d874dac512bc625d3
4a3948501eb64db4fadada15a7965c191d50fbb663e0580079d682bd0159a109
4ee48c88924118758c3cb9b71abbb0e76c963792fb5a3f6bffadfaa45a75afb8
4fba6f541fa2301d3b110655564f78d68c44e93b639d360bf9ebe2c71cc32609
5078629ad47ce59d30d8573ea73ea29e77487d9e1cda24a3dec0f8fc1b8e9950
52e17c80dc48d620ccb5cf7c938363852515a32db661c8073856957e355f3a6b
53ef83a9602fadd9fd5c0caa0e3eafa4551d2c219a12926263ca5daf90523d23
58737bfaa7b320a5e21ccc56dcd710b42d6b74c14f0c44253c2b6a2b264ebd3b
5a75ade244357b72c307d1201f4e1a748951dd96f1237beed544b640bde2cb11
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5c43b2c31371a6be5897acb64707ce0a7c0461ce5e82f8478fb281f65cc1ecf3
5f17bf847ab816b9030f236df6b9c84388eff620fedb38518b53fa6c9576ebd1
5f7a7ab7674c1aaa04a774b3064a300c9c235fa804365a98bf3a1692b0fd143e
60d39c83d7bdeb38063cbfd133b9412470866fa73d80cd682a181e9371fb4f43
627e6c7b41a6e14ca3e2237604f860faf12a088ce3e47d2088ccd356160bf1ea
632d4b8964faace7186517b457356c3b2c5e9c4bcb3fc0cda0e7f491a616f382
66419982f08cebf9465197450d4540bb430de18d2acfa8d5072736bc4b2f32ff
6a5ba7aec9e69ab081489599629f3ac90625c37aece2d17737256d9c23262460
6b310f18eec45edc4e069d7ea448b2ec1c21442cb1c2babde568406eb7a3a75b
6d6c1c70e35bfe2f69a04318ff42dbc6bc732964341ce7070673504fc0955f61
739dc70ddd8affbac6e6a7a7cec3ff342fd28fcd77e3711a312c01845517a495
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
792f19ecfb723c76adb0c9bf991517e6f649a61586ca08d04dc34aa8ef447983
82f1eae9cfc69f5c3901902a3b55ecc595eb0b1e8c5dee2222c01374ce87b1ed
85c2761557d3602f2b7cfb72f1a65de17f3114aee7e3bfa9893c6d654522e4a3
887b9c9b4b8ea58327f610e23b17083cd155fed7f9178c45476d90a7ee1aba6e
8a96f4c28970afda513964ae40abc12101fe14af2ece0667d9498ee488410f58
90968683330584df70de364e453a02b421dcd5f2c472e437f7ef1f47e992ce84
90a752c40576e05f5512aa0b03f27a0d93795f0d6c3789a196234239bd838f48
92807d33d92c5f11ab080447fb06087c9c33103b3e724e6a228cf1d2f16f2be8
950198ebab430cd15def82c2f484072f6bbed93759f7d7cd1ef6ec333bd6f881
989a16777de0a9d47410e27e0644c3169b56f41615c1cf844dee105dbe5493ab
99b6adb66637de26ca8c7d4daff67ec3b7a2b597954601f28b86f7df9a5db1da
9b3ba98fdeaf025f2e4ba900ae44ab57eaade63cfa3c8d727d395a2d6e30f409
9b525ae0e0efab068f722d12825c452a020df948f819b356fe3c45502de1684c
9ccdd22f5dfa6643d0e4da6dc83397e05ff836f8ab1f6ac31b2e11a88c8ee561
9eea4bd5b73b0aaa17e77da37aafb6789e939f316312092f2e103e44ff250b2b
ae44890b951fbfc2e8a814678d1c5d0ba88781617ba45dbe728b4146fe1ac3b8
af0fad1252c9ea772a6c378b342b992c859bd30ca7c31db7a8f847c60a595bfd
b2417365fc9225e77b67a316c12c23660a319e90a4efec4895330dc8808d56f0
b6306d59c0f21800b07f1bbebd25019a9f2534ca198f5620f0dd87c7e1d5bef8
bc97d9a685547f22d7342dae4c5284294f995638664e4c73cc9f8f9199663fd8
c78cb5022b310c4edfbc53adb5187ebd4c9007df220522be5bcf1489e52bf875
c95f850585ade9d1937aeec862e1ec25c0110c725cdefcfa970e9a066df466cc
c9bbaa69ee38f788be7fb2b5e1a508c1010b9ea3e2e7b3d5dd3dd323e2baf17a
cdda09c8162d6b883cf6d706fd0588486d2b85a1e688be75be2b631f499968ea
cef1663ddea851310eadb7feb51439b1fd37c83120329e58bdcf963faf1e4343
da7c651fbd78c0a3bb226570a2acc0ce696658f32c9f17f93f0717da3c0679e4
de22c26ee7cf0f825c97258b802bffe2e6e40755d670e2a20ff65d9c93e1c8bc
de2b17234d36b7c16726285e8b9ef05520322bb67d6d13facc159b64bd393308
e159ee11cdad2d5f45b560d8ce9da154bf84bc9ede61bd89dda571e473dd4b1a
e19e56dd435b218190ffe5d7a6fb62f1ec1d806a57f93396d167e1eda6d16135
e21265e7abbaa0fee4d4b7790fceaa0e23c044725a48a56ee2996185ef88f323
e2ad5b7b0c887a7bbdb10acaa4c59669fa74866d42835642f8fb404b9a4a9090
e32e7a78eefd211fd11f09f485f4ffaff992b66fe8b86de698fd26bc094b0bd0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53c3f082045e91cb2385ea344ec1bd49e226e467c325b0f80b70f64d581e68a
e77a0ffcd5f5ba04a57df544d7d57728c3aa9f9d8da436e5d6c6794908491b6f
e7ab345b44b7bf5fb6aa2e7b80ea9bf45b50a6682e1fd8d1438b3ba30e9278d5
ec0b7d7b9878a51313c8d94776567b8f92cd94656a3d6c717690c2923c030da6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f38881519605d0f75fc57c176bae40d89d96b11be1d6c86e54958f5247e27749
f66c50c94cb8ae4793e651b3913d46dd8f769a70403a3fa6dd001f3e06860812
f73b574d1f2ea3ca1551ec864077fa60535b48e64a20f39930d5bab098181f6c
fa8d18940eb4ff4d3c81231d30bc93861855a54654c4705c0f99f10d03128950
fc10ac9a9b64d0dd2f03f314e793b10cbbec3215c59dbc9c46834c5416e45bea
fd513144e52815d174036a26248bf25241d3ca747613150eecd39a8af68c539c
ff6f0a5143d6e6285b150295b5d9bc5b485a0399319776d2154de0ae0b28768a

www.spafinder.com Open in urlscan Pro 35.238.100.44 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

102 Requests

99 %HTTPS

89 %IPv6

10 Domains

21 Subdomains

20 IPs

3 Countries

2604 kBTransfer

7507 kBSize

3 Cookies

6 Outgoing links

Page URL History

Redirected requests

102 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.spafinder.com Open in urlscan Pro
35.238.100.44 Public Scan

Screenshot
Live screenshot

Full Image

102
Requests

99 %
HTTPS

89 %
IPv6

10
Domains

21
Subdomains

20
IPs

3
Countries

2604 kB
Transfer

7507 kB
Size

3
Cookies

102 HTTP transactions
0 data transactions