reto-bucher.ch Open in urlscan Pro
149.13.127.176 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.reto-bucher.ch/
Effective URL:
https://reto-bucher.ch/
Submission: On August 29 via api (August 29th 2022, 12:39:01 pm UTC) from US — Scanned from FR

Summary HTTP 140 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 21 IPs in 7 countries across 21 domains to perform 140 HTTP transactions. The main IP is 149.13.127.176, located in Clichy-sous-Bois, France and belongs to COGENT-174, US. The main domain is reto-bucher.ch.
TLS certificate: Issued by R3 on August 26th 2022. Valid for: 3 months.

This is the only time reto-bucher.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 27	149.13.127.176 149.13.127.176	174 (COGENT-174) (COGENT-174)
3	2a00:1450:400... 2a00:1450:400e:80d::200a	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	199.59.247.73 199.59.247.73	53589 (PLANETHOS...) (PLANETHOSTER-8)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
6 16	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
3 7	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	185.89.210.46 185.89.210.46	29990 (ASN-APPNEX) (ASN-APPNEX)
8	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
1 2	2620:116:800d... 2620:116:800d:21:e365:4988:e8a7:3270	16509 (AMAZON-02) (AMAZON-02)
1 1	34.243.174.74 34.243.174.74	16509 (AMAZON-02) (AMAZON-02)
2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
140	21

27 149.13.127.176 (Clichy-sous-Bois, France) 2 redirects

ASN174 (COGENT-174, US)

www.reto-bucher.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
reto-bucher.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400e:80d::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.59.247.73 (Canada)

ASN53589 (PLANETHOSTER-8, CA)
PTR: hybrid717.ca.ns.planethoster.net

inspire-publicite.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.186.98 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.19.126 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.89.210.46 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:e365:4988:e8a7:3270 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.243.174.74 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-174-74.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.139 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.18.126 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 123 tpc.googlesyndication.com — Cisco Umbrella Rank: 159	526 KB
33	doubleclick.net 6 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 52 cm.g.doubleclick.net — Cisco Umbrella Rank: 214 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 303	167 KB
27	reto-bucher.ch 2 redirects www.reto-bucher.ch reto-bucher.ch	271 KB
10	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 525 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 456	10 KB
8	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 280	261 KB
6	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 88 www.google.com — Cisco Umbrella Rank: 9	2 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 230	5 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	46 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 194	173 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 54	3 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 327	964 B
2	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 634	207 B
2	openx.net rtb.openx.net — Cisco Umbrella Rank: 1517	414 B
2	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 1072	838 B
2	google.fr adservice.google.fr — Cisco Umbrella Rank: 34461	914 B
1	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 929	356 B
1	everesttech.net 1 redirects pixel.everesttech.net — Cisco Umbrella Rank: 3074	374 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 882	413 B
1	inspire-publicite.fr inspire-publicite.fr
0	atdmt.com Failed ad.atdmt.com Failed
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
140	21

	Domain	Requested by
25	reto-bucher.ch	reto-bucher.ch
22	pagead2.googlesyndication.com	reto-bucher.ch pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
21	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
16	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
13	googleads.g.doubleclick.net	pagead2.googlesyndication.com reto-bucher.ch googleads.g.doubleclick.net
8	s0.2mdn.net	reto-bucher.ch s0.2mdn.net
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	googleads4.g.doubleclick.net	reto-bucher.ch
4	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
4	www.googletagservices.com	googleads.g.doubleclick.net
3	ssum-sec.casalemedia.com	3 redirects
3	www.gstatic.com	googleads.g.doubleclick.net
3	fonts.googleapis.com	reto-bucher.ch googleads.g.doubleclick.net
2	pixel.rubiconproject.com	2 redirects
2	image6.pubmatic.com	googleads.g.doubleclick.net
2	rtb.openx.net	googleads.g.doubleclick.net
2	cms.quantserve.com	1 redirects googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.fr	pagead2.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.reto-bucher.ch	2 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	pixel.everesttech.net	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	inspire-publicite.fr	reto-bucher.ch
0	ad.atdmt.com Failed	googleads.g.doubleclick.net
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
140	28

This site contains links to these domains. Also see Links.

Domain
www.planethoster.com
pub1.fr
canadiandots.ca
gencreuse.fr
incubagem.fr
aquero.fr
moderne.mystrikingly.com
rachat-or-paris-1.com
newmoment.xyz
www.cine-nerd.fr
www.clic-retraite.com
wordpress.org
populariswp.com

Subject Issuer	Validity	Valid
reto-bucher.ch R3	`2022-08-26` - `2022-11-24`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
inspire-publicite.fr R3	`2022-07-12` - `2022-10-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.google.fr GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-24` - `2023-03-27`	a year	crt.sh

This page contains 21 frames:

Primary Page: https://reto-bucher.ch/
Frame ID: 2DDE603808D4C0648EEEF6E01D957706
Requests: 40 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20190131/zrt_lookup.html
Frame ID: 3C4738F76D4AC469D07BFFBB072370ED
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&adk=318159125&adf=2184669829&lmt=1661776736&plat=9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Freto-bucher.ch%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776736322&bpp=2&bdt=290&idt=297&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5242293138153&frm=20&pv=2&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=310
Frame ID: 0598206A72B23DC84E9832D401E16965
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=600&adk=769560160&adf=3452407923&pi=t.aa~a.3108187763~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x600&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=2&bdt=1241&idt=-M&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0&nras=2&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1778&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l7n7n7GeGr&p=https%3A//reto-bucher.ch&dtd=11
Frame ID: E3454F1B3A0A164426D3197B27064B71
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=240&adk=1580930149&adf=4215446715&pi=t.aa~a.3654940567~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x240&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=1&bdt=1241&idt=0&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0%2C255x600&nras=3&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=3323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=JVUEv2fmHe&p=https%3A//reto-bucher.ch&dtd=23
Frame ID: 0BB188C2253A663C0CADBD26F7B5A33F
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1
Frame ID: CDB7DE51B50960FFA5F80EEE3A3AB0A1
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1
Frame ID: 3BE7E481988067B86664F27F97A73A39
Requests: 10 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: D8F2826FD7CFBA9E7511A763CD5A8D48
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: A0C16C6BC2406C4803F03C11E08A5118
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js
Frame ID: 4E7FAF396C9A7EF889D7D790892C97DF
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js
Frame ID: EAA8267D4B3A23DDBC0D1EF21FF376B6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YYqciVrwEwAQ&v=APEucNX1L5uTF8BawgVhvbG4osrAuByHDJuQTF4TEKQflNr4LefUWPIgPJMInTNcAvPpveZbkcpyYejCcAkjPg5kyi24nbxg1w8Zyv3yfGIARijDVmpKxxtlOgLU7TZIurq6eQdiBiiryJR548Nd1-tSRvLlprSH0V69HZMFdryKkJKTBH2MTEI
Frame ID: D61031CFE327BD7BB8DEF276336C4188
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 0EB054C31BDC53A6850D9F163ACCEE02
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3AFA6474DBDB1A127CC8CFF716D6585B
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YYqciVrwEwAQ&v=APEucNXQYjPuTtgi0ytWPZAqeNEkRpexw2U5TtWg3v4GIYC4pOAT7K0sQ4aLMx-V6bfjS-rANOoerlRxyK-tn4XpHpdghwZF7dBaoSD2_FvNhVcAQ8UPKf-ZpvsV_S3pGgmfo7QgY-JMeVlRRby7CY_6rjyyjWF4w7OUvRxpjqAU5HKXRMOwhDg
Frame ID: C37071594F6AFA1BCF3870A64F372130
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14842159294890010616/200x200/banner/index.html
Frame ID: 9B0FBCF1E76EBFF31D1C24260AAB9CD6
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 86378E67D34D93B211053EBAC699E6E1
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C7B1D2B697CD5EDF0505AA966C492F7D
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9896891265765320067/160x600/banner/index.html
Frame ID: C92FA576797D2A59C6CF610EFA16B3CA
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CED5C3FDDFEAE90C3F1A80D8F9D73FF7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3D66355EF4F9BCFE4DAD680D88515875
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Comme Reto Bucher nous disposons de la force nécessaire pour vous propulser en top 10 Google - reto-bucher.ch

Page URL History Show full URLs

http://www.reto-bucher.ch/ HTTP 301
https://www.reto-bucher.ch/ HTTP 301
https://reto-bucher.ch/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

140
Requests

87 %
HTTPS

48 %
IPv6

21
Domains

28
Subdomains

21
IPs

7
Countries

1455 kB
Transfer

4357 kB
Size

11
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.planethoster.com/goph-bbwebconsult-esy1807287f

Search URL Search Domain Scan URL

URL: http://pub1.fr/
Title: achat domaines en .fr

Search URL Search Domain Scan URL

URL: http://canadiandots.ca/
Title: Acheter des noms de domaines .ca

Search URL Search Domain Scan URL

URL: https://gencreuse.fr/
Title: le repère de l'information

Search URL Search Domain Scan URL

URL: https://incubagem.fr/
Title: placer son site en tête de Google

Search URL Search Domain Scan URL

URL: https://aquero.fr/
Title: Articles invités sponsorisés

Search URL Search Domain Scan URL

URL: https://moderne.mystrikingly.com/
Title: Mystriki

Search URL Search Domain Scan URL

URL: https://rachat-or-paris-1.com/
Title: samantha

Search URL Search Domain Scan URL

URL: https://newmoment.xyz/
Title: moto

Search URL Search Domain Scan URL

URL: http://www.cine-nerd.fr/
Title: Snack japonais

Search URL Search Domain Scan URL

URL: http://www.clic-retraite.com/
Title: Bilan retraite

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: WordPress

Search URL Search Domain Scan URL

URL: https://populariswp.com/
Title: Popularis Press

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.reto-bucher.ch/ HTTP 301
https://www.reto-bucher.ch/ HTTP 301
https://reto-bucher.ch/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 72

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVIIlsAl0R5HJAXdOJtOTo&google_cver=1

Request Chain 73

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YwyzYkPxFDaDpLTiNL1twwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGq9VN_5ikBteeHOT6pc_DA&google_cver=1

Request Chain 74

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEB-Uk83kDiSnvV_BFwhyt9w&google_cver=1

Request Chain 75

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg3NzcxNTIyMDg2ODAxMDIyNg%3D%3D

Request Chain 84

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAehlK4DQe83b6Oaj7jWVXYTbvOUJTu3tnBtg4-oNwGQx3Oj9tvnafG6BCqMFupKQQEQSe_CyBxOwQxjCVEulRCpMDkbquXlPNg&google_gid=CAESEIbNLBfkCbTGYH0Tvgn9ULo&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXd5ellnQUFBRlp1WVYybA&google_push=AehlK4DQe83b6Oaj7jWVXYTbvOUJTu3tnBtg4-oNwGQx3Oj9tvnafG6BCqMFupKQQEQSe_CyBxOwQxjCVEulRCpMDkbquXlPNg

Request Chain 87

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEArNl6CDvC4jkM3jT-ox_vE&google_cver=1&google_push=AehlK4CQSvCcHw2t2rMa0NHoy74PM5cjHGLdjqCUN020nlqXhEZf_DuHHYQDHDidH8kGYMINMJmbZcrzWvma__4YcJeHbSwz HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDdFUVlQSTYtNS1HV0dR&google_push=AehlK4CQSvCcHw2t2rMa0NHoy74PM5cjHGLdjqCUN020nlqXhEZf_DuHHYQDHDidH8kGYMINMJmbZcrzWvma__4YcJeHbSwz

Request Chain 88

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGZ36UkmjYl6uiBwAVJzTuw&google_cver=1&google_push=AehlK4DuwIifA5tjqGSlxvFkFOKIki-aDO00rsWpJnp4iMV2hwOrSiXNSNzjXXIdI3e8fpkG51iYXMTcYZsdSawf1BmHm6jc HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEGZ36UkmjYl6uiBwAVJzTuw&google_push=AehlK4DuwIifA5tjqGSlxvFkFOKIki-aDO00rsWpJnp4iMV2hwOrSiXNSNzjXXIdI3e8fpkG51iYXMTcYZsdSawf1BmHm6jc&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGZ36UkmjYl6uiBwAVJzTuw&google_hm=YwyzYl9h-3Ap3H5UknmYYwAAFDIAAAIB&google_nid=index&google_push=AehlK4DuwIifA5tjqGSlxvFkFOKIki-aDO00rsWpJnp4iMV2hwOrSiXNSNzjXXIdI3e8fpkG51iYXMTcYZsdSawf1BmHm6jc

Request Chain 102

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGq9VN_5ikBteeHOT6pc_DA&google_cver=1

Request Chain 103

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YwyzYkPxFDaDpLTiNL1twwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGq9VN_5ikBteeHOT6pc_DA&google_cver=1

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELoVFH1SwQLtUaAnLdf1_lA&google_cver=1

Request Chain 105

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg3NzcxNTIyMDg2ODAxMDIyNg%3D%3D

Request Chain 114

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEM9WE6rBRHIHMh1zi9Egj_c&google_cver=1&google_push=AehlK4DXRFawxw0IogxFv7_xn0bk0wiRMxgjcmV5dOEnqvgau5wysW4yDXVxxs3jcYrATni--1xnlGqWdXdVy0LL-_lm6-KDzLJ6sR4q3amRMfafU6xy2WUDeN_SmaE-XQ-7kTOtV76aCBUevRsFGxxUcPo HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AehlK4DXRFawxw0IogxFv7_xn0bk0wiRMxgjcmV5dOEnqvgau5wysW4yDXVxxs3jcYrATni--1xnlGqWdXdVy0LL-_lm6-KDzLJ6sR4q3amRMfafU6xy2WUDeN_SmaE-XQ-7kTOtV76aCBUevRsFGxxUcPo&google_hm=kVBZ1_WCvgS_Ay2Jon5QzQ

Request Chain 118

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBan6uOsfyd7-OJz6dU0Yd0&google_cver=1&google_push=AehlK4A4f769BC2m6oftoVe5RIeA7DdM80_xcUQwZFGIRJBdTEXiF7Hn_gXEtybbTF1UWE1_utwcn0O_-RHukT5eocisrfLN6TeDwDQJjq28k1kv0FwADvoefGe_z_gzPWHrb8zbSmvjhiQ8iiTwYOBRRQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDdFUVlQTUotQi1LTjRH&google_push=AehlK4A4f769BC2m6oftoVe5RIeA7DdM80_xcUQwZFGIRJBdTEXiF7Hn_gXEtybbTF1UWE1_utwcn0O_-RHukT5eocisrfLN6TeDwDQJjq28k1kv0FwADvoefGe_z_gzPWHrb8zbSmvjhiQ8iiTwYOBRRQ

Request Chain 119

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGYr4rptqsSekEQVEyBDM2Y&google_cver=1&google_push=AehlK4Bym9ZUDqLuKsRpx_CTO_6UgjCOvymZ2nM3uGELNZU1_pugCxwyUp4lvP1s8lxDyngXvhrA76No7Xhyv8GKpNfh8ACSmW2_pMrW6AIvskQtgkx8AdP0ciMin5lA0wyLHNtNXtbNLT_iGZlnV7IDFYk HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGYr4rptqsSekEQVEyBDM2Y&google_hm=YwyzYkPxFDaDpLTiNL1twwAABJkAAAAB&google_nid=index&google_push=AehlK4Bym9ZUDqLuKsRpx_CTO_6UgjCOvymZ2nM3uGELNZU1_pugCxwyUp4lvP1s8lxDyngXvhrA76No7Xhyv8GKpNfh8ACSmW2_pMrW6AIvskQtgkx8AdP0ciMin5lA0wyLHNtNXtbNLT_iGZlnV7IDFYk

140 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
reto-bucher.ch/
Redirect Chain

http://www.reto-bucher.ch/
https://www.reto-bucher.ch/
https://reto-bucher.ch/

56 KB
10 KB

377ms
375ms

Document
text/html

149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: be85c8fcba132a1606675f94532d66901af274126841b08a48e8ef9cc2c907d5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

content-encoding: br
content-length: 9575
content-type: text/html; charset=UTF-8
date: Mon, 29 Aug 2022 12:38:55 GMT
link: <https://reto-bucher.ch/wp-json/>; rel="https://api.w.org/"
referrer-policy: no-referrer-when-downgrade
server: Apache
vary: Accept-Encoding
x-litespeed-tag: 628_HTTP.200,628_PGSRP

Redirect headers

content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Mon, 29 Aug 2022 12:38:54 GMT
location: https://reto-bucher.ch/
referrer-policy: no-referrer-when-downgrade
server: Apache
vary: Accept-Encoding
x-litespeed-tag: 628_HTTP.200,628_HTTP.301
x-redirect-by: WordPress

GET
H2 200 style.min.css
reto-bucher.ch/wp-includes/css/dist/block-library/ 87 KB
12 KB 42ms
40ms Stylesheet
text/css 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-includes/css/dist/block-library/style.min.css
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 12 Jul 2022 19:40:29 GMT
server: Apache
etag: "15b64-5e3a0d748845e-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 11681
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 auto-seo-links-public.min.css
reto-bucher.ch/wp-content/plugins/auto-seo-links/public/css/ 0
53 B 65ms
63ms Stylesheet
text/css 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-content/plugins/auto-seo-links/public/css/auto-seo-links-public.min.css
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 10 Nov 2018 19:58:26 GMT
server: Apache
etag: "0-57a54e421ab2d-br"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 bootstrap.css
reto-bucher.ch/wp-content/themes/popularis/assets/css/ 66 KB
10 KB 43ms
41ms Stylesheet
text/css 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-content/themes/popularis/assets/css/bootstrap.css
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: b38bf480735ea9ba16486c96e38f0048c5a067de8bacadf74b154c496a1ca2b2

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 24 Jul 2022 20:21:54 GMT
server: Apache
etag: "10893-5e492d17e483d-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 10508
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 style.css
reto-bucher.ch/wp-content/themes/popularis/ 20 KB
5 KB 41ms
39ms Stylesheet
text/css 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-content/themes/popularis/style.css
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 2fce2bed692dd86f1e60b48f7c1bae31f2bbc42744204e15f7f2bd082df9d4e8

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 24 Jul 2022 20:21:54 GMT
server: Apache
etag: "501c-5e492d183841e-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 4830
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 style.css
reto-bucher.ch/wp-content/themes/popularis-press/ 5 KB
2 KB 42ms
40ms Stylesheet
text/css 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-content/themes/popularis-press/style.css
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 491974e7f02ca42261b4d660073f3498c3a7db8c229b6a7353b3a36284010ea6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 11 Jun 2021 20:05:38 GMT
server: Apache
etag: "1466-5c48308110833-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1719
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 mmenu-light.css
reto-bucher.ch/wp-content/themes/popularis/assets/css/ 5 KB
1 KB 42ms
41ms Stylesheet
text/css 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-content/themes/popularis/assets/css/mmenu-light.css
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: b1b25e73cb484f20e9a1d8b5a735745427d2c86570ab4d294b46b1a34741191d

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 24 Jul 2022 20:21:54 GMT
server: Apache
etag: "1390-5e492d17e483d-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1068
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 font-awesome.min.css
reto-bucher.ch/wp-content/themes/popularis/assets/css/ 30 KB
7 KB 43ms
41ms Stylesheet
text/css 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-content/themes/popularis/assets/css/font-awesome.min.css
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 24 Jul 2022 20:21:54 GMT
server: Apache
etag: "7918-5e492d17e483d-gzip"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 7053
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 79ms
29ms Stylesheet
text/css 2a00:1450:400e:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans+Condensed%3A300%2C500%2C700&subset=cyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext%2Cvietnamese

Requested by

Host: reto-bucher.ch
URL: https://reto-bucher.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80d::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f4ebbbe9e2cb7f812044295bf4773dbd8e6170652eb80e91cba87643fe176ddb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 12:33:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 29 Aug 2022 12:38:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Aug 2022 12:38:56 GMT

GET
H2 200 jquery.min.js Show response
reto-bucher.ch/wp-includes/js/jquery/ 87 KB
30 KB 64ms
63ms Script
application/x-javascript 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-includes/js/jquery/jquery.min.js
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 20 Jul 2021 19:43:01 GMT
server: Apache
etag: "15db1-5c79342fcd7d6-gzip"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 30908
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 jquery-migrate.min.js Show response
reto-bucher.ch/wp-includes/js/jquery/ 11 KB
4 KB 43ms
42ms Script
application/x-javascript 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-includes/js/jquery/jquery-migrate.min.js
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 09 Feb 2021 21:45:36 GMT
server: Apache
etag: "2bd8-5baee34f41c10-gzip"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 4169
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 auto-seo-links-public.min.js Show response
reto-bucher.ch/wp-content/plugins/auto-seo-links/public/js/ 35 B
113 B 63ms
62ms Script
application/x-javascript 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-content/plugins/auto-seo-links/public/js/auto-seo-links-public.min.js
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: fffe3f157fb78e4867c3e9f5bf65ccb3b720da64c26fb9c9e5a10d31afb12929

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 10 Nov 2018 19:58:26 GMT
server: Apache
etag: "23-57a54e421ab2d-br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 37
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 166 KB
57 KB 136ms
77ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9452625998653244

Requested by

Host: reto-bucher.ch
URL: https://reto-bucher.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cca59894ce1e7b8db6c74eb354bca5b021fe6e72f059b6b6ab8eef9d0c617ace

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reto-bucher.ch/
Origin: https://reto-bucher.ch
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57495
x-xss-protection: 0
server: cafe
etag: 13707000143433935355
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 12:38:56 GMT

GET
H2 200 batterie-.jpg
reto-bucher.ch/wp-content/uploads/2022/08/ 23 KB
23 KB 40ms
39ms Image
image/webp 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reto-bucher.ch/wp-content/uploads/2022/08/batterie-.jpg
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 4a69d90928a45da50e200b7551b93c7e64f41aaf78f0626da0819b131d12c0ff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 25 Aug 2022 11:20:27 GMT
server: Apache
etag: "5aa8-5e70efc037b11-br"
vary: Accept,Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
x-webp-express: Redirected directly to existing webp
accept-ranges: bytes
content-length: 23212
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 404 ba2300x250.png
inspire-publicite.fr/wp-content/themes/fashify/ph/ 0
0 1380ms
984ms Image
text/html 199.59.247.73
PLANETHOSTER-8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://inspire-publicite.fr/wp-content/themes/fashify/ph/ba2300x250.png
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.59.247.73 , Canada, ASN53589 (PLANETHOSTER-8, CA),
Reverse DNS: hybrid717.ca.ns.planethoster.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 200 mmenu-light.js Show response
reto-bucher.ch/wp-content/themes/popularis/assets/js/ 4 KB
1 KB 40ms
40ms Script
application/x-javascript 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-content/themes/popularis/assets/js/mmenu-light.js
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 6aa68b99e95d0356240b62723e6685748bc4e705f0b5817a35e989f0e8343b08

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 24 Jul 2022 20:21:54 GMT
server: Apache
etag: "1075-5e492d17e4c25-gzip"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1142
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 bootstrap.min.js Show response
reto-bucher.ch/wp-content/themes/popularis/assets/js/ 7 KB
2 KB 42ms
42ms Script
application/x-javascript 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-content/themes/popularis/assets/js/bootstrap.min.js
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: acfb2f12f1ebabf1d264b26e9ca593c2e239913b729c66239755c98e36d07285

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 24 Jul 2022 20:21:54 GMT
server: Apache
etag: "1c20-5e492d17e4c25-gzip"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 2492
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 customscript.js Show response
reto-bucher.ch/wp-content/themes/popularis/assets/js/ 3 KB
760 B 36ms
35ms Script
application/x-javascript 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-content/themes/popularis/assets/js/customscript.js
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: e77f3fb3db221080063ae05da7ed2c414390248bc747aa1e83504a961e5f15ba

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Sun, 24 Jul 2022 20:21:54 GMT
server: Apache
etag: "ca0-5e492d17e4c25-gzip"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 704
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 wp-emoji-release.min.js Show response
reto-bucher.ch/wp-includes/js/ 18 KB
5 KB 36ms
36ms Script
application/x-javascript 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://reto-bucher.ch/wp-includes/js/wp-emoji-release.min.js
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 24 May 2022 19:58:50 GMT
server: Apache
etag: "48b9-5dfc762a8f9ac-gzip"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 5009
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDuXMRw.woff2
fonts.gstatic.com/s/opensanscondensed/v23/ 15 KB
15 KB 83ms
26ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDuXMRw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans+Condensed%3A300%2C500%2C700&subset=cyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext%2Cvietnamese

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b0b111ca14c2147a0f0cb51f1317290eb5ec19b4a9bea595a5ad7ffb7d9661a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://reto-bucher.ch
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 14:20:51 GMT
x-content-type-options: nosniff
age: 512285
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14964
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:08:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Aug 2023 14:20:51 GMT

GET
H2 200 z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuXMRw.woff2
fonts.gstatic.com/s/opensanscondensed/v23/ 16 KB
16 KB 89ms
32ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuXMRw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans+Condensed%3A300%2C500%2C700&subset=cyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext%2Cvietnamese

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0aa6a7045a55ddcb25bbee4d1edcb864081cf59f7fc9bdc1ada22a32ed4ad3ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://reto-bucher.ch
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 22:27:42 GMT
x-content-type-options: nosniff
age: 483074
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16324
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:08:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Aug 2023 22:27:42 GMT

GET
H2 200 mlm-trading-7.jpg
reto-bucher.ch/wp-content/uploads/2022/07/ 24 KB
24 KB 42ms
41ms Image
image/webp 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reto-bucher.ch/wp-content/uploads/2022/07/mlm-trading-7.jpg
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 76b97e7b4ea9c5d4d0afc1907d75e7ea98a1b56333e11509d83ee1618caa5f4c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 19 Jul 2022 09:34:25 GMT
server: Apache
etag: "5f34-5e42530b90e25-br"
vary: Accept,Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
x-webp-express: Redirected directly to existing webp
accept-ranges: bytes
content-length: 24376
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 Poser-son-gazon-synthetique.jpg
reto-bucher.ch/wp-content/uploads/2022/08/ 42 KB
43 KB 42ms
41ms Image
image/webp 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reto-bucher.ch/wp-content/uploads/2022/08/Poser-son-gazon-synthetique.jpg
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 29827c6c6599feb49c9f722db9185ab508fcfe048f1b91dc505074ab13dda8a8

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 25 Aug 2022 09:48:38 GMT
server: Apache
etag: "a992-5e70db3aae6e4-br"
vary: Accept,Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
x-webp-express: Redirected directly to existing webp
accept-ranges: bytes
content-length: 43414
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 Mauvais-payeurs-4.jpg
reto-bucher.ch/wp-content/uploads/2022/07/ 18 KB
18 KB 60ms
59ms Image
image/webp 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reto-bucher.ch/wp-content/uploads/2022/07/Mauvais-payeurs-4.jpg
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 8604c2f5fb82387e8dea0db9949f94efc13fd436ca45594225cd89e36b0a0293

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 19 Jul 2022 07:13:26 GMT
server: Apache
etag: "4658-5e42338849b43-br"
vary: Accept,Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
x-webp-express: Redirected directly to existing webp
accept-ranges: bytes
content-length: 18012
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 comptable.jpg
reto-bucher.ch/wp-content/uploads/2022/08/ 16 KB
16 KB 71ms
70ms Image
image/webp 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reto-bucher.ch/wp-content/uploads/2022/08/comptable.jpg
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 628fb9a27802547c32fef63322ce9de4528b057bda8fd569e05571a81d638aea

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 25 Aug 2022 09:44:34 GMT
server: Apache
etag: "4130-5e70da5196fbe-br"
vary: Accept,Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
x-webp-express: Redirected directly to existing webp
accept-ranges: bytes
content-length: 16692
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 therapeute-relation-aide.jpg
reto-bucher.ch/wp-content/uploads/2022/08/ 7 KB
7 KB 41ms
40ms Image
image/webp 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reto-bucher.ch/wp-content/uploads/2022/08/therapeute-relation-aide.jpg
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: f7cc54e11e8803821e89c52c6bf1ddb5f919de11d65bf96bb2fb9f6795e2bf7b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 04 Aug 2022 03:54:11 GMT
server: Apache
etag: "1cf8-5e5624d674f04-br"
vary: Accept,Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
x-webp-express: Redirected directly to existing webp
accept-ranges: bytes
content-length: 7420
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 istockphoto-1311598658-170667a.jpg
reto-bucher.ch/wp-content/uploads/2022/07/ 13 KB
13 KB 71ms
70ms Image
image/webp 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reto-bucher.ch/wp-content/uploads/2022/07/istockphoto-1311598658-170667a.jpg
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: f6a9528dd6c7b67541d724b2c20ca5b3aedc5305719423d589c56abe8ab7675c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 09 Jul 2022 17:46:48 GMT
server: Apache
etag: "332a-5e362e730284c-br"
vary: Accept,Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
x-webp-express: Redirected directly to existing webp
accept-ranges: bytes
content-length: 13102
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 assurance-smartphone.jpg
reto-bucher.ch/wp-content/uploads/2022/08/ 15 KB
15 KB 45ms
45ms Image
image/webp 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reto-bucher.ch/wp-content/uploads/2022/08/assurance-smartphone.jpg
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: eac849721dd7a8990e3795d3fba6dbdc760217038f22c9acef5204938790ff0c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 01 Aug 2022 00:19:30 GMT
server: Apache
etag: "3c14-5e522f4177b6c-br"
vary: Accept,Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
x-webp-express: Redirected directly to existing webp
accept-ranges: bytes
content-length: 15384
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 sf.jpg
reto-bucher.ch/wp-content/uploads/2022/08/ 6 KB
6 KB 40ms
39ms Image
image/webp 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reto-bucher.ch/wp-content/uploads/2022/08/sf.jpg
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 6ebb4e2ba1cd8f13c82bdee71f61d73fa341b8b03b4bfe496bc9b2e0fc141034

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 09 Aug 2022 22:42:31 GMT
server: Apache
etag: "17a4-5e5d6a5cf7e12-br"
vary: Accept,Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
x-webp-express: Redirected directly to existing webp
accept-ranges: bytes
content-length: 6056
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H2 200 istockphoto-1345179384-170667a.jpg
reto-bucher.ch/wp-content/uploads/2022/07/ 15 KB
15 KB 41ms
41ms Image
image/webp 149.13.127.176
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reto-bucher.ch/wp-content/uploads/2022/07/istockphoto-1345179384-170667a.jpg
Requested by: Host: reto-bucher.ch
URL: https://reto-bucher.ch/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 149.13.127.176 Clichy-sous-Bois, France, ASN174 (COGENT-174, US),
Reverse DNS
Software: Apache /
Resource Hash: 58f3ac2521e209d4bbd244fc6ebd663226ddf286a72c782d977753232dbb3047

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 14 Jul 2022 04:13:29 GMT
server: Apache
etag: "3af8-5e3bc1fc3fe27-br"
vary: Accept,Accept-Encoding
content-type: image/webp
cache-control: max-age=31536000
x-webp-express: Redirected directly to existing webp
accept-ranges: bytes
content-length: 15100
expires: Tue, 29 Aug 2023 12:38:56 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208240101/ 342 KB
120 KB 137ms
87ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9452625998653244&plah=reto-bucher.ch&bust=31069171

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9452625998653244

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaaf3639b86e87a34de09d470f831de583c4217b607ee3fa1701e5ede95ca588

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123327
x-xss-protection: 0
server: cafe
etag: 16932862234666719440
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 12:38:56 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220822/r20190131/ Frame 3C47 10 KB
5 KB 82ms
24ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220822/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9452625998653244

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reto-bucher.ch/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 9837
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 09:54:59 GMT
etag: 8616628553774171045
expires: Mon, 12 Sep 2022 09:54:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 218 B
413 B 34ms
33ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=reto-bucher.ch&callback=_gfp_s_&client=ca-pub-9452625998653244

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9452625998653244&plah=reto-bucher.ch&bust=31069171

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b17c764df58b6fa16e7ef00dc64de60f4903ff86cb3e40f18dbe28cf56bb0b88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ 107 B
792 B 169ms
41ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=reto-bucher.ch

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 96ms
34ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reto-bucher.ch

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Aug 2022 12:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0598 249 KB
64 KB 590ms
538ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&adk=318159125&adf=2184669829&lmt=1661776736&plat=9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Freto-bucher.ch%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776736322&bpp=2&bdt=290&idt=297&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5242293138153&frm=20&pv=2&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=310

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0eb454a2e6d3e8e6f0acd6597b72403e606ad94a49b67108b773a2e5d1203c36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reto-bucher.ch/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 65122
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 12:38:57 GMT
expires: Mon, 29 Aug 2022 12:38:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208240101/ 149 KB
53 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208240101/reactive_library_fy2021.js?bust=31069171

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f92a66e939d10f5e5b0e25c00a6066943fceaed359b5db30946732fd8591d99f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54512
x-xss-protection: 0
server: cafe
etag: 12526467690076743991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 Aug 2022 12:38:57 GMT

GET
H3 200 integrator.js Show response
adservice.google.fr/adsid/ 107 B
122 B 87ms
35ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=reto-bucher.ch

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Aug 2022 12:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 84ms
33ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=reto-bucher.ch

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Aug 2022 12:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E345 18 KB
10 KB 849ms
849ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=600&adk=769560160&adf=3452407923&pi=t.aa~a.3108187763~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x600&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=2&bdt=1241&idt=-M&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0&nras=2&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1778&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l7n7n7GeGr&p=https%3A//reto-bucher.ch&dtd=11

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

40e3f1c2150221dfa157ccc4dd537db5a350de0dc13ee0bb34a3fa41ba7bb9c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reto-bucher.ch/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 10170
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 12:38:58 GMT
expires: Mon, 29 Aug 2022 12:38:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0BB1 18 KB
10 KB 590ms
589ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=240&adk=1580930149&adf=4215446715&pi=t.aa~a.3654940567~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x240&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=1&bdt=1241&idt=0&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0%2C255x600&nras=3&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=3323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=JVUEv2fmHe&p=https%3A//reto-bucher.ch&dtd=23

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7839bf7ee01bf1298b4c66a7bd3c4f83b92fc8da40dfa8a64550499a3775335

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reto-bucher.ch/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9839
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 12:38:57 GMT
expires: Mon, 29 Aug 2022 12:38:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/ Frame CDB7 10 KB
4 KB 24ms
24ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reto-bucher.ch/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 56750
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 28 Aug 2022 20:53:07 GMT
etag: 8616628553774171045
expires: Sun, 11 Sep 2022 20:53:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/ Frame 3BE7 10 KB
4 KB 24ms
24ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reto-bucher.ch/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 56750
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 28 Aug 2022 20:53:07 GMT
etag: 8616628553774171045
expires: Sun, 11 Sep 2022 20:53:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame CDB7 4 KB
636 B 76ms
29ms Stylesheet
text/css 2a00:1450:400e:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 11:01:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 29 Aug 2022 12:38:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Aug 2022 12:38:57 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame CDB7 205 B
742 B 83ms
25ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 11:05:54 GMT
x-content-type-options: nosniff
age: 5583
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 29 Aug 2023 11:05:54 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame CDB7 604 B
694 B 83ms
25ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 11:56:12 GMT
x-content-type-options: nosniff
age: 2565
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 29 Aug 2023 11:56:12 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/elements/html/ Frame CDB7 19 KB
9 KB 96ms
24ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f964612ea368ffe1d612a004f0a0e05453155fa7cb27dff624e5ada25c6847fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:14:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1465
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8368
x-xss-protection: 0
server: cafe
etag: 5162546928090487746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:14:32 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3BE7 0
0 70ms
69ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CPDJ3YLMMY42FLJKrtwfL86JA4rH1tWv-td7CzA-ok8y23gkQASC68dgYYPsBoAGon-PPA8gBAqgDAcgDyQSqBPABT9AB_l34ruN50Sb0fHtv7hQL0191U6VKTIUP9YgbqfN6O05i6noAx4vUOOs7NDGvRBXKfEJ-LhaksROQMXIA_69nJ-bvPsWNSeYTXO9b18Se1f2h2FRpJlFSouGvR2XB_2hnsGWKb-ECl8htM1szlpo5geQmkih-OCPE8DIc01w1207mU1c-7it45Rtj9ZdpI6svd-Sem54qcQ2iluEKcXBBSw3Qxgzs_VZ4wNOaYRTgy0PkpqjzpVAGXwA9HqM-qgBP0Z0MYRPQh-GjFuxZ1LJykdV5_NkRWEJVtmmALsGzvbuhTFiiYvEnvCLjhu-MwASOnquF-wOSBQQIBBgBkgUECAUYBKAGAoAH18nzjAGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCezxHSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi05NDUyNjI1OTk4NjUzMjQ0GAA&sigh=D_dli3gYV90&uach_m=[UACH]

Requested by

Host: reto-bucher.ch
URL: https://reto-bucher.ch/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 29 Aug 2022 12:38:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 29 Aug 2022 12:38:57 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/ Frame 3BE7 23 KB
10 KB 92ms
28ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:34:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:34:33 GMT

GET
H2 200 6042929851992121834
tpc.googlesyndication.com/simgad/ Frame 3BE7 49 KB
49 KB 119ms
56ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6042929851992121834?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlcbp_bOGy5zSQ-T5VwlimdsiZzfQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb21efe66e34d71e9267dc094bf2e3d80eebb222f10bc8c24e79d892734b2e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 14:02:02 GMT
x-content-type-options: nosniff
age: 513415
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50139
x-xss-protection: 0
last-modified: Tue, 18 Jan 2022 18:18:59 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 23 Aug 2023 14:02:02 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 3BE7 3 KB
1 KB 111ms
48ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:23:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 957
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:23:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3BE7 140 KB
44 KB 112ms
55ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40b5f6acfe971488e28b4570d0b485406d6a56cbdf45e86f0df9b1f040eb6d0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44079
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661341966742178"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 29 Aug 2022 12:38:57 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 3BE7 17 KB
8 KB 96ms
33ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:19:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:19:09 GMT

GET
H2 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 3BE7 32 KB
13 KB 112ms
49ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9091dec867a1dc7341bf0aa79915415e24203019aa46230a6210b98187493570

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 11:20:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4688
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13566
x-xss-protection: 0
server: cafe
etag: 1188449327864671977
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 11:20:49 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D8F2 8 KB
893 B 30ms
30ms Stylesheet
text/css 2a00:1450:400e:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 11:05:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 29 Aug 2022 12:38:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Aug 2022 12:38:57 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame D8F2 2 KB
982 B 59ms
59ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:35:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 224
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:35:13 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/ Frame D8F2 23 KB
10 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:34:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 264
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:34:33 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame D8F2 3 KB
1 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:23:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 957
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:23:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D8F2 140 KB
43 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40b5f6acfe971488e28b4570d0b485406d6a56cbdf45e86f0df9b1f040eb6d0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44079
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661341966742178"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 29 Aug 2022 12:38:57 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame D8F2 17 KB
7 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:19:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:19:09 GMT

GET
H3 200 e3ca5db921b3b46420ba257a4c2f6b26.js Show response
www.gstatic.com/mysidia/ Frame D8F2 33 KB
13 KB 76ms
25ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3ca5db921b3b46420ba257a4c2f6b26.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 22:39:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 395975
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13683
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 19:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 22:39:22 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A0C1 143 B
163 B 24ms
24ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 3578
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Mon, 29 Aug 2022 11:39:19 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3BE7 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7c85af7944b72d5b5f21ea0f1e8dd572133b1dae754f1a660eb7e9f53e962afa

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A0C1
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

41ms
41ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 12:38:57 GMT
expires: Mon, 29 Aug 2022 12:38:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 12:38:57 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js Show response
pagead2.googlesyndication.com/bg/ Frame 4E7F 36 KB
14 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220822/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sun, 28 Aug 2022 12:21:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87441
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 28 Aug 2023 12:21:36 GMT

GET
H3 200 oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js Show response
pagead2.googlesyndication.com/bg/ Frame EAA8 36 KB
14 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js

Requested by

Host: reto-bucher.ch
URL: https://reto-bucher.ch/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sun, 28 Aug 2022 12:21:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87441
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 28 Aug 2023 12:21:36 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0BB1 42 B
63 B 61ms
60ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BRU4mqcVJcNn-k3Bb7WNQCuc-uXfMPS90CPLcg6fcNgHrcd-s2pYDGM2r6bN08akYwmp56ujDSj3_dMoLD4L-xxjwII6QagaqSpiHjgR693S6UGSs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=240&adk=1580930149&adf=4215446715&pi=t.aa~a.3654940567~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x240&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=1&bdt=1241&idt=0&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0%2C255x600&nras=3&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=3323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=JVUEv2fmHe&p=https%3A//reto-bucher.ch&dtd=23

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 0BB1 3 KB
1 KB 83ms
26ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:30:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 503
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:30:34 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0BB1 140 KB
43 KB 102ms
48ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40b5f6acfe971488e28b4570d0b485406d6a56cbdf45e86f0df9b1f040eb6d0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44079
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661341966742178"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 29 Aug 2022 12:38:57 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 0BB1 17 KB
7 KB 81ms
26ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:19:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:19:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0BB1 0
0 88ms
32ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSslr1_DS3YT27Pl-ea2dm83W-cYw58GIN78EJBicWb7LffGu3qLn_slVwoFRcOmOLP2l7ubSYAQgmGpdKKMkcHPgu0zw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=240&adk=1580930149&adf=4215446715&pi=t.aa~a.3654940567~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x240&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=1&bdt=1241&idt=0&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0%2C255x600&nras=3&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=3323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=JVUEv2fmHe&p=https%3A//reto-bucher.ch&dtd=23
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D610 624 B
297 B 63ms
62ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YYqciVrwEwAQ&v=APEucNX1L5uTF8BawgVhvbG4osrAuByHDJuQTF4TEKQflNr4LefUWPIgPJMInTNcAvPpveZbkcpyYejCcAkjPg5kyi24nbxg1w8Zyv3yfGIARijDVmpKxxtlOgLU7TZIurq6eQdiBiiryJR548Nd1-tSRvLlprSH0V69HZMFdryKkJKTBH2MTEI

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=240&adk=1580930149&adf=4215446715&pi=t.aa~a.3654940567~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x240&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=1&bdt=1241&idt=0&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0%2C255x600&nras=3&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=3323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=JVUEv2fmHe&p=https%3A//reto-bucher.ch&dtd=23
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 12:38:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0BB1 79 KB
33 KB 77ms
76ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BmJ8D6inTbX_t8xjKmplZuORDNZ9coXMyvQ7J2m0LzAgqH8L44FswrRDWA4jFg9v9h1FkwoT9LUQ4SiNHPbnN0Ishge9lMIEBaRnVPRewLwNUkuPAC2GtzVlAJny-79bW6uewKRk9Yle_aqVgTNFGbWYEh2Q&dbm_d=AKAmf-C2znE1h0ysxP8zFKbhcL16XDdm6nybCo63u7k99MSDMEmBGxp7xj-vCAnkujzsF6-Kla4Txs8lngQsN9BCQUTwwG5pOi0wBcy2FoVIlRh-Sga5SptJSoBCBsJNuE30PNPGLzdRXrGqW18W3lBTN1AYEoSJut8KYYWdX3PlB8kIlTXdJk-C6DyJTUnay5hlY5Qf29jWUYQ-OJ3wWtksL5sjUWc8vgeVzCyrX5-Btuc_cJSrHu3Bfk3_e8XUtzpg771bE6VoPhdU414Ghq8bb6NqGJFGfLrb7eKnpBqpczGlN8YvWOCuNvmSAi2rlBIf0l4wQmID8cmLlEtJu2dwNIDTWOSggUXCur-Cl8Oth3uV-VYK_aGfJCdkvzaGuznH4QmfNJWj1ZA9GkRvju_rQpPzFSQEtqKfmW9OcCewsl_ekmtLmi3y6dcnbU_ZGsmME8O5Ui-Iv0BhsXSbscFM7WS0dQABmeuQLJsTwXlRhRUvlB1JSyIAiWbEqIpj8VAF7wa1rv8CrvuWdcwp9oDZWWO_ImyU0nhZqZpbb0i0eD2r2zJ92EAfjy088Lk7r_-mJrSC5N4TlI1mwhsdlCQYW5lC4-ytrASvhsXA1h3DkiZjRBgChJ8XRRNFRNiuRk1j9LpsjWQYNXKiEqIZEiLQbEscfJCFVkYg_mcL7HW2zRop9qhKo-Rtrx8kuanZ_Y2tY4ziEHb_LuzI-Yrag_zQzaVhJfT8h0m99qXKDEY89KCvunvfBhLk8WbqdwqNC6EoWjRJNhYQrjSiv_kYyK8EzQIiD2MN9Eceyb4ZJBsFe_d6gUAXh-ceImxyKvjkfpLlUmxSJ-BH5SGpd9s4kYB3vfT4S3pvTr8sCvIMaG2XkkdR0EekbmUZCjvVkeEHsVeubY2VGxRuH_j-ANM9HYzgylnN832kP1A2X2Mc_4KwpWTiNFyussiQhLVKFKhJSH82JyrAA_sufbIbI4W6zMg_fIUIV0ZIgTUFExfZBebmNy2Z7Q8e_AyF0BQ-3KKRyzpHFZrgoPZnu-9SQf_3g2Xjx7f9uELKM3Z8pSCxqIuQ982zD5HrMOH-b_V-PtQ-GKrIoTzisgAFtgfM0MQpYQb3g5AQe_D53uymTDHXiPs6C4Y-fQeSBVH4q5rZnuFhtTv7fIME6kbKbFH-I9xDILNl702ruluf4FwTmCoRuzhcC8aUpiuygw8znElZ7gH2aBi8Flj6_LY2HD7WIweox0yNzVQBnf65wOgHpeZ5ege02dd6jtjhkwJ8eQOn9yKzAnqtMz7zLBEZIAlIHajgFB0McpxlnEoC1BXZkurkM_qWN30gNqKDtwF5pzbBDfCWONMtxU3zMyPIbryud6iWj4xz9a2wlsT4E2CO9nO8avWZ9RBzW_GwAH7-wotiyBkSqyenvkWm_Dbue_hwJqUnWQQNZcbzxgS0yYCYUj8QWQ99Pr6y0UmSDjrakO5EERRSAZwmJbl60nsuYMzz96thpTXuR-FzwtEm8tYD_kdVWRBh5VD5wiRDAAzjR1EVHt4P0LZq9ND0IQpmYcCtCKt_w7WEecIjT4kR4Xxb-Q361Y9t4IZoW0RJ1AP65DaO-fCzVdDm4_JceosFzKhgweUdb2Jyxi2aZ-8grgwT-MV39cVKF85h9xi2J1SHJOeavQ2GQea3SLH0F4-1ROmK5LhMRFDenBL73ZuUbv-9ZxG2uRTFcD1A2Zenbs043Bdn311jSVOKempMGzMvLZXvUmtyA1ld2mbOlSi-eljAO1wDx9yfNYvwQvV5a_e1WnzzLDOIDhlzSxMQJjQnAcz32_7FUBMdabaQhQwMoDDFScEuPf5BRXDvzkM78Z_QP25bb5bkCqNtrRZCjE407Df0qN8glmadnCHh6PPWTXlD4CM1WPjtNlF7F7_vEqmmuaCJMXo2gigeb7HSe2KD5aNw-IuA9yUUf-Cr5G47ToJipXsz40i9Ddbsv5RewTHXZ9Xt0yua1PF-S_qBUgbi959u6MFAPpMyGbsOLEG-b3ETrqqN6p-kl5R2qin5yURqNaTnKJzZ3zyXB0VXoDcCeTqzgb36s4-bIz0HIjoy1w_4ffbEn6xXkHF2jvk0ilQM70LX76dL9fzx7BiBjNMRX6dQK0NUHdFxOR6hCpfkVSlXq7ylnNC9qcu1PCt3rO7i0gCP-6anObrksFY6mODpnafiF6xyE8x3WugjAgISbe5h5meRBGqhxVfBULhZgtAfrKvZpcJA5F9osikfG70mrCp6AxmxKvljDxKUH4S0ARM-bjZZJ_mFnZewi-jmF--bW-frky2ZIG5AMTdooL9-ZSVx6Dxgu-JhnjIX-ceAjxnZ5uYyGNRTxNEemKPzBahFLQJvrw2qsuKoU5gj5lXq4ucqwGeyR5wINNu1fHiCJKLTfQHTWqcFffCP2eHXf1B_SLMsocZwL3cUuqrrzjbn2yrcy8vASaRBo06_SXB-hKgfWcd_bJhupzTnNXTzbB-OREDe74ushTAC5I0dewjrfE-rRwsIiNqyliQpSf4ruEc8kvUjWboQDYiTHHO54zIDIHVgnm4aIez1N5MUNlaZhjAOcofkL0qE5jnY9gwo0XXwia2AFjHHQPJEsK90aoXQdkLQplYiSUMJMtQDo4WdiJfAdv55krQNGq3KYZWk0BRpSJ9Z6ZZ4sFcEKILK014AjNsNCCyMxDLmE9HigLRRoYLY55vuxl2btRBFCNglG4Eqo2enl92WPkAQPFslZO0T-FFhAFNr6JwoNEVc-5VSYS244NtYxMxvOxnqSeX85C_n6PEJ_56Pgt3foFpqFcDH5et5h8-PnqqJT3jhe_iwe8H0nYvYPzkNECPQQmY_jUp9QLWMtxLjYC4JmT2w9c-xlc4VQ4qSALGk74_6TR-7RZGAmj3sazN_vspupKs4TgfjyJLO7WwUk10amn79oXSWFkIOXVtJS4iQ3BvQY_n-ouCfCYc1EUxqVcoiiQqdp7u0Qf9aG9RG7aPAvYiNrc2Boptmy4IblT6WsQW7EwwC1aSR79xLy7m2TtPRF4l8SJeqy4CuVxWUzpIF8YNNbu_19X0B7wtCR0OyB-ba8VRpbnVEDlevqN9bU9ug5kObITnRfVzNkjDHSRGAC_nVUiypOV_34aNPIoSPTodhyn1J&cid=CAASJeRo9hnMaIrWxHg9Y6p1Z5nVhCFoVgkTkbozuD-OhDVeGMQA1ic&rfl=1%2Chttps%253A%252F%252Freto-bucher.ch%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

40b2f0d245aae25a87f465c75c9e453ff5fae29fc9382dcba359ba81edb9bbeb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=240&adk=1580930149&adf=4215446715&pi=t.aa~a.3654940567~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x240&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=1&bdt=1241&idt=0&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0%2C255x600&nras=3&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=3323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=JVUEv2fmHe&p=https%3A//reto-bucher.ch&dtd=23
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34174
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame D610
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVIIlsAl0R5HJAXdOJtOTo&google_cver=1

43 B
946 B

76ms
50ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVIIlsAl0R5HJAXdOJtOTo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YYqciVrwEwAQ&v=APEucNX1L5uTF8BawgVhvbG4osrAuByHDJuQTF4TEKQflNr4LefUWPIgPJMInTNcAvPpveZbkcpyYejCcAkjPg5kyi24nbxg1w8Zyv3yfGIARijDVmpKxxtlOgLU7TZIurq6eQdiBiiryJR548Nd1-tSRvLlprSH0V69HZMFdryKkJKTBH2MTEI
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray: 742558c59f1ed63a-CDG
pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mdY2MNztz%2FZNBbVxOyBLpXOptrkKRH0UCRL9oHiHdmFE4Hkpdm0UfgnQiRHYOOYdRYFbTWnn3zXHgJEo5DIZimgWlbw4ii1ScO%2ByMNmvkJil0nVflOC121mFZri%2Fi6wfi2OIkaeNQQMlCw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGVIIlsAl0R5HJAXdOJtOTo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame D610
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YwyzYkPxFDaDpLTiNL1twwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGq9VN_5ikBteeHOT6pc_DA&google_cver=1

43 B
911 B

84ms
84ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGq9VN_5ikBteeHOT6pc_DA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YYqciVrwEwAQ&v=APEucNX1L5uTF8BawgVhvbG4osrAuByHDJuQTF4TEKQflNr4LefUWPIgPJMInTNcAvPpveZbkcpyYejCcAkjPg5kyi24nbxg1w8Zyv3yfGIARijDVmpKxxtlOgLU7TZIurq6eQdiBiiryJR548Nd1-tSRvLlprSH0V69HZMFdryKkJKTBH2MTEI
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray: 742558c6487bd63a-CDG
pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xnup1%2Ba%2BcWsvl5Q4QajWZBwGs6R7M7EdBpjvzsu5lGJytqdAl68eVjuXAr6gQsPQEBAIDFZiyfMWR8NmRE491I%2Fzg6qQ7vx6Q684e78iBA3ToAIusnv7KxcpkI%2BsXJFdFCFRCX1IP1Frgg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGq9VN_5ikBteeHOT6pc_DA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame D610
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEB-Uk83kDiSnvV_BFwhyt9w&google_cver=1

43 B
1016 B

48ms
23ms

Image
image/gif

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEB-Uk83kDiSnvV_BFwhyt9w&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YYqciVrwEwAQ&v=APEucNX1L5uTF8BawgVhvbG4osrAuByHDJuQTF4TEKQflNr4LefUWPIgPJMInTNcAvPpveZbkcpyYejCcAkjPg5kyi24nbxg1w8Zyv3yfGIARijDVmpKxxtlOgLU7TZIurq6eQdiBiiryJR548Nd1-tSRvLlprSH0V69HZMFdryKkJKTBH2MTEI

Protocol

HTTP/1.1

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Aug 2022 12:38:58 GMT
X-Proxy-Origin: 37.59.164.108; 37.59.164.108; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 37172f8d-b0ec-40dc-9830-e3397876ecf2
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEB-Uk83kDiSnvV_BFwhyt9w&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D610
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg3NzcxNTIyMDg2ODAxMDIyNg%3D%3D

170 B
188 B

86ms
36ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg3NzcxNTIyMDg2ODAxMDIyNg%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Aug 2022 12:38:58 GMT
X-Proxy-Origin: 37.59.164.108; 37.59.164.108; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: c8e25c62-4052-4f51-bc35-aab517e94d34
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg3NzcxNTIyMDg2ODAxMDIyNg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 0BB1 106 KB
38 KB 178ms
24ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: reto-bucher.ch
URL: https://reto-bucher.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 07:50:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17282
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Aug 2022 07:50:56 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220822/r20110914/elements/html/ Frame 0BB1 8 KB
3 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220822/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BmJ8D6inTbX_t8xjKmplZuORDNZ9coXMyvQ7J2m0LzAgqH8L44FswrRDWA4jFg9v9h1FkwoT9LUQ4SiNHPbnN0Ishge9lMIEBaRnVPRewLwNUkuPAC2GtzVlAJny-79bW6uewKRk9Yle_aqVgTNFGbWYEh2Q&dbm_d=AKAmf-C2znE1h0ysxP8zFKbhcL16XDdm6nybCo63u7k99MSDMEmBGxp7xj-vCAnkujzsF6-Kla4Txs8lngQsN9BCQUTwwG5pOi0wBcy2FoVIlRh-Sga5SptJSoBCBsJNuE30PNPGLzdRXrGqW18W3lBTN1AYEoSJut8KYYWdX3PlB8kIlTXdJk-C6DyJTUnay5hlY5Qf29jWUYQ-OJ3wWtksL5sjUWc8vgeVzCyrX5-Btuc_cJSrHu3Bfk3_e8XUtzpg771bE6VoPhdU414Ghq8bb6NqGJFGfLrb7eKnpBqpczGlN8YvWOCuNvmSAi2rlBIf0l4wQmID8cmLlEtJu2dwNIDTWOSggUXCur-Cl8Oth3uV-VYK_aGfJCdkvzaGuznH4QmfNJWj1ZA9GkRvju_rQpPzFSQEtqKfmW9OcCewsl_ekmtLmi3y6dcnbU_ZGsmME8O5Ui-Iv0BhsXSbscFM7WS0dQABmeuQLJsTwXlRhRUvlB1JSyIAiWbEqIpj8VAF7wa1rv8CrvuWdcwp9oDZWWO_ImyU0nhZqZpbb0i0eD2r2zJ92EAfjy088Lk7r_-mJrSC5N4TlI1mwhsdlCQYW5lC4-ytrASvhsXA1h3DkiZjRBgChJ8XRRNFRNiuRk1j9LpsjWQYNXKiEqIZEiLQbEscfJCFVkYg_mcL7HW2zRop9qhKo-Rtrx8kuanZ_Y2tY4ziEHb_LuzI-Yrag_zQzaVhJfT8h0m99qXKDEY89KCvunvfBhLk8WbqdwqNC6EoWjRJNhYQrjSiv_kYyK8EzQIiD2MN9Eceyb4ZJBsFe_d6gUAXh-ceImxyKvjkfpLlUmxSJ-BH5SGpd9s4kYB3vfT4S3pvTr8sCvIMaG2XkkdR0EekbmUZCjvVkeEHsVeubY2VGxRuH_j-ANM9HYzgylnN832kP1A2X2Mc_4KwpWTiNFyussiQhLVKFKhJSH82JyrAA_sufbIbI4W6zMg_fIUIV0ZIgTUFExfZBebmNy2Z7Q8e_AyF0BQ-3KKRyzpHFZrgoPZnu-9SQf_3g2Xjx7f9uELKM3Z8pSCxqIuQ982zD5HrMOH-b_V-PtQ-GKrIoTzisgAFtgfM0MQpYQb3g5AQe_D53uymTDHXiPs6C4Y-fQeSBVH4q5rZnuFhtTv7fIME6kbKbFH-I9xDILNl702ruluf4FwTmCoRuzhcC8aUpiuygw8znElZ7gH2aBi8Flj6_LY2HD7WIweox0yNzVQBnf65wOgHpeZ5ege02dd6jtjhkwJ8eQOn9yKzAnqtMz7zLBEZIAlIHajgFB0McpxlnEoC1BXZkurkM_qWN30gNqKDtwF5pzbBDfCWONMtxU3zMyPIbryud6iWj4xz9a2wlsT4E2CO9nO8avWZ9RBzW_GwAH7-wotiyBkSqyenvkWm_Dbue_hwJqUnWQQNZcbzxgS0yYCYUj8QWQ99Pr6y0UmSDjrakO5EERRSAZwmJbl60nsuYMzz96thpTXuR-FzwtEm8tYD_kdVWRBh5VD5wiRDAAzjR1EVHt4P0LZq9ND0IQpmYcCtCKt_w7WEecIjT4kR4Xxb-Q361Y9t4IZoW0RJ1AP65DaO-fCzVdDm4_JceosFzKhgweUdb2Jyxi2aZ-8grgwT-MV39cVKF85h9xi2J1SHJOeavQ2GQea3SLH0F4-1ROmK5LhMRFDenBL73ZuUbv-9ZxG2uRTFcD1A2Zenbs043Bdn311jSVOKempMGzMvLZXvUmtyA1ld2mbOlSi-eljAO1wDx9yfNYvwQvV5a_e1WnzzLDOIDhlzSxMQJjQnAcz32_7FUBMdabaQhQwMoDDFScEuPf5BRXDvzkM78Z_QP25bb5bkCqNtrRZCjE407Df0qN8glmadnCHh6PPWTXlD4CM1WPjtNlF7F7_vEqmmuaCJMXo2gigeb7HSe2KD5aNw-IuA9yUUf-Cr5G47ToJipXsz40i9Ddbsv5RewTHXZ9Xt0yua1PF-S_qBUgbi959u6MFAPpMyGbsOLEG-b3ETrqqN6p-kl5R2qin5yURqNaTnKJzZ3zyXB0VXoDcCeTqzgb36s4-bIz0HIjoy1w_4ffbEn6xXkHF2jvk0ilQM70LX76dL9fzx7BiBjNMRX6dQK0NUHdFxOR6hCpfkVSlXq7ylnNC9qcu1PCt3rO7i0gCP-6anObrksFY6mODpnafiF6xyE8x3WugjAgISbe5h5meRBGqhxVfBULhZgtAfrKvZpcJA5F9osikfG70mrCp6AxmxKvljDxKUH4S0ARM-bjZZJ_mFnZewi-jmF--bW-frky2ZIG5AMTdooL9-ZSVx6Dxgu-JhnjIX-ceAjxnZ5uYyGNRTxNEemKPzBahFLQJvrw2qsuKoU5gj5lXq4ucqwGeyR5wINNu1fHiCJKLTfQHTWqcFffCP2eHXf1B_SLMsocZwL3cUuqrrzjbn2yrcy8vASaRBo06_SXB-hKgfWcd_bJhupzTnNXTzbB-OREDe74ushTAC5I0dewjrfE-rRwsIiNqyliQpSf4ruEc8kvUjWboQDYiTHHO54zIDIHVgnm4aIez1N5MUNlaZhjAOcofkL0qE5jnY9gwo0XXwia2AFjHHQPJEsK90aoXQdkLQplYiSUMJMtQDo4WdiJfAdv55krQNGq3KYZWk0BRpSJ9Z6ZZ4sFcEKILK014AjNsNCCyMxDLmE9HigLRRoYLY55vuxl2btRBFCNglG4Eqo2enl92WPkAQPFslZO0T-FFhAFNr6JwoNEVc-5VSYS244NtYxMxvOxnqSeX85C_n6PEJ_56Pgt3foFpqFcDH5et5h8-PnqqJT3jhe_iwe8H0nYvYPzkNECPQQmY_jUp9QLWMtxLjYC4JmT2w9c-xlc4VQ4qSALGk74_6TR-7RZGAmj3sazN_vspupKs4TgfjyJLO7WwUk10amn79oXSWFkIOXVtJS4iQ3BvQY_n-ouCfCYc1EUxqVcoiiQqdp7u0Qf9aG9RG7aPAvYiNrc2Boptmy4IblT6WsQW7EwwC1aSR79xLy7m2TtPRF4l8SJeqy4CuVxWUzpIF8YNNbu_19X0B7wtCR0OyB-ba8VRpbnVEDlevqN9bU9ug5kObITnRfVzNkjDHSRGAC_nVUiypOV_34aNPIoSPTodhyn1J&cid=CAASJeRo9hnMaIrWxHg9Y6p1Z5nVhCFoVgkTkbozuD-OhDVeGMQA1ic&rfl=1%2Chttps%253A%252F%252Freto-bucher.ch%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 365
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 18418590997839133011
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:32:53 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220822/r20110914/ Frame 0BB1 30 KB
12 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220822/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:35:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11819
x-xss-protection: 0
server: cafe
etag: 10563440404697844360
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:35:40 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0BB1 41 KB
15 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 11:23:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 522941
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Aug 2023 11:23:17 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0EB0 1 KB
749 B 30ms
29ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 79614
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 28 Aug 2022 14:32:04 GMT
etag: 48472445140208031
expires: Mon, 29 Aug 2022 14:32:04 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0BB1 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16913734881343d57d35989a4e2021c7c6742cab15c977f921911d47f383ad6f

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3AFA 22 KB
8 KB 72ms
71ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 430243
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 13:08:15 GMT
expires: Thu, 24 Aug 2023 13:08:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame 0EB0 35 B
464 B 126ms
27ms Image
image/gif 2620:116:800d:21:e365:4988:e8a7:3270
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECH79ccik31ygf_8UcaDWyc&google_cver=1&google_push=AehlK4DfktTTZNc0eOoH8rZDJ3nKYQidp0R8BAq2adUjPG86SahxWvSAtb-dsoQcfawsJ-JFP2m8NFYPooQJ2g_36ZDu08ALew

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:e365:4988:e8a7:3270 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0EB0
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAehlK4DQe83b6Oaj7jWVXYTbvOUJTu3tnBtg4-oNwGQ...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXd5ellnQUFBRlp1WVYybA&google_push=AehlK4DQe83b6Oaj7jWVXYTbvOUJTu3tnBtg4-oNwGQx3Oj9tvnafG6BCqMFupKQQEQSe_CyBxOwQxjCVEulRCpMDkbquXlPNg

170 B
188 B

36ms
35ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXd5ellnQUFBRlp1WVYybA&google_push=AehlK4DQe83b6Oaj7jWVXYTbvOUJTu3tnBtg4-oNwGQx3Oj9tvnafG6BCqMFupKQQEQSe_CyBxOwQxjCVEulRCpMDkbquXlPNg

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WXd5ellnQUFBRlp1WVYybA&google_push=AehlK4DQe83b6Oaj7jWVXYTbvOUJTu3tnBtg4-oNwGQx3Oj9tvnafG6BCqMFupKQQEQSe_CyBxOwQxjCVEulRCpMDkbquXlPNg
Date: Mon, 29 Aug 2022 12:38:58 GMT
Server: Apache
Connection: keep-alive
Content-Length: 389
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 dds
rtb.openx.net/sync/ Frame 0EB0 43 B
350 B 109ms
24ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEInpGRTx2TJYEf1AlGV5JMc&google_cver=1&google_push=AehlK4AIrq1P6oQuf8fkPzFuwnIZc9awdp_aOuzsrhBFR-9-QE8iyl1gDZauD33YxKFt0zDL7r7kWuntKjBbO3E8jRZNncXp-w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=240&adk=1580930149&adf=4215446715&pi=t.aa~a.3654940567~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x240&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=1&bdt=1241&idt=0&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0%2C255x600&nras=3&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=3323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=JVUEv2fmHe&p=https%3A//reto-bucher.ch&dtd=23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: dod8dh1q1d1dhsgpccv51d7n1s29gjf9

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 0EB0 0
166 B 102ms
19ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEO-kGVB6inY77-eEUhyPhA8&google_cver=1&google_push=AehlK4AvV1C0o-iq6RaiDfY5EKjE4-2Wmhy2EHCrprOUbGdahw4hc53KobZIXW2jpn_Yhv4J5vP8XWSiayj7fWkfvNBPTvo5Fg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=240&adk=1580930149&adf=4215446715&pi=t.aa~a.3654940567~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x240&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=1&bdt=1241&idt=0&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0%2C255x600&nras=3&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=3323&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=JVUEv2fmHe&p=https%3A//reto-bucher.ch&dtd=23
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0EB0
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEArNl6CDvC4jkM3jT-ox_vE&google_cver=1&google_push=AehlK4CQSvCcHw2t2rMa0NHoy74PM5cjHGLdjqCUN020nlqXhEZf_DuHHYQDHDidH8kGYMINMJm...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDdFUVlQSTYtNS1HV0dR&google_push=AehlK4CQSvCcHw2t2rMa0NHoy74PM5cjHGLdjqCUN020nlqXhEZf_DuHHYQDHDidH8kGYMINMJmbZcrzWvma__4YcJeHbSwz

170 B
188 B

37ms
37ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDdFUVlQSTYtNS1HV0dR&google_push=AehlK4CQSvCcHw2t2rMa0NHoy74PM5cjHGLdjqCUN020nlqXhEZf_DuHHYQDHDidH8kGYMINMJmbZcrzWvma__4YcJeHbSwz

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDdFUVlQSTYtNS1HV0dR&google_push=AehlK4CQSvCcHw2t2rMa0NHoy74PM5cjHGLdjqCUN020nlqXhEZf_DuHHYQDHDidH8kGYMINMJmbZcrzWvma__4YcJeHbSwz
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0EB0
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGZ36UkmjYl6uiBwAVJzTuw&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEGZ36UkmjYl6uiBwAVJzTuw&google_push=Ae...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGZ36UkmjYl6uiBwAVJzTuw&google_hm=YwyzYl9h-3Ap3H5UknmYYwAAFDIAAAIB&google_nid=index&google_push=AehlK4DuwIifA5tjqGSlxvFkFOKIki-aDO00r...

170 B
188 B

43ms
43ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGZ36UkmjYl6uiBwAVJzTuw&google_hm=YwyzYl9h-3Ap3H5UknmYYwAAFDIAAAIB&google_nid=index&google_push=AehlK4DuwIifA5tjqGSlxvFkFOKIki-aDO00rsWpJnp4iMV2hwOrSiXNSNzjXXIdI3e8fpkG51iYXMTcYZsdSawf1BmHm6jc

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CA6kCXQH%2FNMTN3fMudvyUH5parM8YkTQJMa0Ut3D2SE9%2FDHBi01oD9gZ5D%2Fhfwoxyg7ScquF9kHxQfKBmxqA9LElCRQW2V%2BF0waHIPJRRQSaUJ02BujaimqUOQWoEOHyEzZN%2BRgkRc8MNw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGZ36UkmjYl6uiBwAVJzTuw&google_hm=YwyzYl9h-3Ap3H5UknmYYwAAFDIAAAIB&google_nid=index&google_push=AehlK4DuwIifA5tjqGSlxvFkFOKIki-aDO00rsWpJnp4iMV2hwOrSiXNSNzjXXIdI3e8fpkG51iYXMTcYZsdSawf1BmHm6jc
cache-control: no-cache
cf-ray: 742558c65a02d558-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET googleredir
googlecm.hit.gemius.pl/ Frame 0EB0 0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 0EB0 0
59 B 77ms
76ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Io3Wf9CHXCgIrjn4CAbOqtSiXO0bA-pLp08mRsRI7beUSdJVqa71mLwe5oYxRJRytgCJVoJw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E345 42 B
63 B 60ms
59ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ao9LJkcL5IwP_HnnIQciGBehkuTYo8E2rkMX5Iw_KxbfjuHIrMOOQkbUiXlNcbalbLxP67XyvUdeqLNt8IBwp2qWEQL2EcOLzhXL9Q1tp66_d17_o

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=600&adk=769560160&adf=3452407923&pi=t.aa~a.3108187763~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x600&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=2&bdt=1241&idt=-M&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0&nras=2&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1778&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l7n7n7GeGr&p=https%3A//reto-bucher.ch&dtd=11

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame E345 3 KB
1 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:30:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 504
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:30:34 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E345 140 KB
43 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40b5f6acfe971488e28b4570d0b485406d6a56cbdf45e86f0df9b1f040eb6d0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44079
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661341966742178"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 29 Aug 2022 12:38:58 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame E345 17 KB
7 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:19:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1189
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:19:09 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E345 0
0 33ms
33ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQAG8i_vsrcGfQmTNthv1Ul3Q-xCSuAr6Gi5oVNQOnLW00iuPP2jE4M6RngUSbKXbHxbRsnoWLKRp1pmlKqvUZMf5W-KQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=600&adk=769560160&adf=3452407923&pi=t.aa~a.3108187763~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x600&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=2&bdt=1241&idt=-M&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0&nras=2&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1778&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l7n7n7GeGr&p=https%3A//reto-bucher.ch&dtd=11
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C370 624 B
297 B 70ms
70ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YYqciVrwEwAQ&v=APEucNXQYjPuTtgi0ytWPZAqeNEkRpexw2U5TtWg3v4GIYC4pOAT7K0sQ4aLMx-V6bfjS-rANOoerlRxyK-tn4XpHpdghwZF7dBaoSD2_FvNhVcAQ8UPKf-ZpvsV_S3pGgmfo7QgY-JMeVlRRby7CY_6rjyyjWF4w7OUvRxpjqAU5HKXRMOwhDg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=600&adk=769560160&adf=3452407923&pi=t.aa~a.3108187763~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x600&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=2&bdt=1241&idt=-M&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0&nras=2&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1778&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l7n7n7GeGr&p=https%3A//reto-bucher.ch&dtd=11
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 12:38:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E345 79 KB
33 KB 72ms
71ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DHV6pulLuAWNtEjSqSuhA30QDFLiz0lOULTJdBXbX_uxnxTYwhRmvrm9O-qo_30AwGEKNYm9DGQ242sNJkpLevJQ4_5LWRpUwoVQgikc18YYlzQrFDBA5jEWbl4n1r0f8iGh7bdJDrGkjy8i9valWWIJfO-Q&dbm_d=AKAmf-CxrjQgBpV2Nl-pkAT5bMjDDTY_o9xVKoUu486YjzpGpS5hpyP0AXZ3BrtF87iAOK4vmDF9HijdhVq2cPVttmEstflvrCNfN0d-vumRjzsZaasR7cKvqhM6WCsf53nAGeKgzSs5rGlI59Huw3YxDhVHewp_GlYQiuQcKmyvjcSLYxpWhwg6HVTb4PvwObcMykHloGwt1xfImpAuIxq3h02CkQCoTbj6f76UCNU8AhmP_1lHM_LT8AxEqKDlHbF6YMGOmqRcaAPDa2JSPAt-gEvTgysMmFIQ9we1PM2D0zw765hq5TKO4zq-eqr6Zk0o0W0hE3JgembHuZbnUbxBqRJ3bXw9tZrSqRrpkZWV2FTTlI25zKvKG3Eugl0c9pZNkh-ZOVWQJ2R5Z7sNqSDEl_RyC-keri50SD48Qthw2fo-hLguAbJFX8RwhvZKwxzwmPSpzWsLM_4SFGIKX1os4vOlRIxVNbslsAZFMzh26hzt8hWEdf-VRrbP-F2GvIJ44WmO2nwmiWHnLQDPe92WOBN2h9YuO1Tj63fS6pArT9xZvx8YmMzQGWHTYtRDK_xMkw4KNC6nc7n4ZkpAO_g3DnWMcvio3r6lg67W80DDSnalKtTX4yiMhFFpmzm3SYeGacxPUyEWFwLMlFTxctDhzY_0luos0FuhOxd5AU9zpWcDNxJrpevFnDQ9NjH0nze-7dpH8rj6QfU6SPgwWFAmsc8jItnHfYq1zfmX3J1-jUMpmq9zp37frrwZzavRqLVUfOajtlZ4O-NtvFSeJbMw6nDj-T6krL75Wh9H5cQYzzmtxiRYgsz-lGQEHj_ppSc9vs2N2Anu7IjorHTv0Go4c46KJPR4i6kIr3ogQqENYS6RZsjsLq_gncw9Nm3qid_9jni1urH3NWzXNjJ4zqf7yfUe_Q7cBeAqKRSD-27L5uLUafqEg2FxHmKdthVjOFF10So3gdokWM5prJufGHiFyLBismFfqS-7-z4FFy-nDB29kHwFH80j7uDC__EooTyUAWtRG8M5-PDENdxL0sIJz4Rt8_q78EFyppSXcYhacwGJoGVVAJJJ50u8ZakPJ2AWQuyfORXsPJWRxIpS9J9fAvaDESLsenlaMATnFYWsNypfAsSwchwtPluujw-Es-7L_ZR-XTtp2H5f4B3D-K2Cw6DA_QEdYBQ-wOR30dpdin7WYx5YiZ7sqCu3ZqqmvJF1jsM9DJ5DJwg5B181XIx6bjMqjyMJKpb1W1Vj0c4sMo_axDxhZ8ZG8r-gJ2yqTKnLTq4jDQncpVPd60z4FEgHw6Gi0Xs35mkQNfTMzU7xParDAGVe305lK1M6c8wlA_tUwfhqOZ2d31QZjHU2xVRBO4DXfMz2tM1dqP3DAR1XI2BTEBU8lT3dCeXGZsuh0xyD_ZET--CM-pIpFLjD8ihCgKVJWEyjFCZ1BtVFVTL4gHUHcUHrqDyz8mXWoxrIR16nHTdEBIKJ_OqJqFB6MMqPB40N3g0hsjlT8Fg_HL_dmxGmUx0f40SqayoXzdmSAiTfnMAMcx8GKxYoKmx62pV3t9vWAy65p8EZJ_Z3-7CaFUiIWvH1xmC8YYVoSc85MgMU9muNLLJRevM6TIXIcCq2y9dAdUL_T6vEIJvW57gMNw4e9TqKEdMYQYqF1FrqxmtWuZX2Dtaxa92Mo_ftBUU7rIELxi0RAacAWz44RnDtj0dSwU9Jns1DlfnRh50HKQsrd_bNz9Lav9CApzy-bVMgP98-SCg8fhPQ7JdICT6MUdaXtfmGDOSCPRXX6CZ3HKPYk3QQ6m29D--dvKAe_hI-i0cATQ_ZormAFkY3BuDkDwgla6j3N-3GjS0B63KaOqMoiFt1G8-knPJlCRRp0YCxAm1A8bKLP2WrsNGbj0PDagINNhl_zUeiA4IItXv6U9OkYK8GgFM9zYWb-eR2txdwiMKpr2tJWiltuoE7zqkTkKos_KhlL7TRxk9dH5cYlVTpkGpoGKGKOvS-XnuWHJj7z9oiEVPQjEJyZ-JtxVLXQMAmuyjLpQS0vXC--7yg8XJHorQgiP5_Vb_ETnw5rkI-hRP5nooesOaVRl0yOrUTOwa2BvVSuaIYS8y-dXL3vvTwiDa3mivf6r0c32NdutIut5OfMOgxPvvQCDZVR4dDxcZBTpX4vA9G191P-I3dCTpWkZQUscQu-7KPA0uU4YuoKF_0rf7B6Lwfv2Z4YLvdnC-15sA1rghKBRv6cFQ9IICyiRl81B8E8H3KqfrY3NKT11HL9iQKlff1FnwKvmuxeBcAOyqiqPqZ3C_zvOz-3qlyBt2BBuK8G-Bus3-1yCRsRBC27NKnORjNLQwc7X3PfMH3vCKnZFSpfeAPPSbSuPdr2kf12PhFGYB1iapj3pMJh871Hu2azDifpTZJ4mN9_r6-syr5HEgZyA6PqNL7mfYEwmlOUPcjfSp8RmZqP3Gxce6-D6acTg_25gwyx_uZVxfjg2jJnOXN3G6So564DBc1ESzzPj2VaFdGg3EmfDDGqyRpJs7Gkv7qZwBZRW5OXaLPaVLqqIvHpVqY4Y6eyguSt79WBTOMpIUaBUWHban3oPWzGrd2IwGmsUk3mASzNPRRVzmX2WppHmRFSpBX5QEAaGok7UM49UH-CCveyr3_hKG853Jvrj_4CUjiFJhHEyZxoyJPOcqeFITlnvgxWQ2zKMDWowV0KiAppAeu649RqT2nNfFNvdyDMaVD__-FC3QZfkbm95tBNp1FPG9klz_JR5oFuydIk6Ic2Yb0Y07-b4LJuv7O1lW4EXVmU3QketbxKVqULSMEjvegf8yjkdyvHdZRaAIkv-kUnyEgUsHhfGHb2sDCpba4EUhZHTEkOaTj3Jjpz4mXGAeRmNKRxXYWEEvs9_sgSigXMOZblkJDKTxmUr4hz_lSrxDsdlRs_rBfXWDydXhP2hstoqX6aDVazTu_7UeSWOxFRK7mfBPWItnAuAMLbKWyO6JBa1y-uWZo9xlcTlSWK_cSVXw2vGSdV8ciblzpperbWshDhjh7-KCRUAxzhentf6roLelewWqswJs83mVuWtsLKkzxZjhx-lsUw4kKZS6CKxthrBjRjOq63lFueytixOSBGCc6b0-VM0PDFA7SUWpQ2BT80fnAFfrn8hcx&cid=CAASJeRoWWk9eau6EKy-rDm9JtwJqxVSKQffNaRNk2hrz5iXWdXTtaA&rfl=1%2Chttps%253A%252F%252Freto-bucher.ch%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d426b9c09455e4b7a8f8779cc3650fb9831f3bca5adc065c57321ea3946c16dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=600&adk=769560160&adf=3452407923&pi=t.aa~a.3108187763~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x600&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=2&bdt=1241&idt=-M&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0&nras=2&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1778&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l7n7n7GeGr&p=https%3A//reto-bucher.ch&dtd=11
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34139
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js Show response
pagead2.googlesyndication.com/bg/ Frame 3AFA 36 KB
14 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sun, 28 Aug 2022 12:21:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 28 Aug 2023 12:21:36 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/14842159294890010616/200x200/banner/ Frame 9B0F 4 KB
2 KB 77ms
26ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14842159294890010616/200x200/banner/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

302f8ae84ad5c019a7a821d1f1a34ecebb7ac620df8e1dfdba25a2dd8bf32083

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 355684
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1725
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 25 Aug 2022 09:50:54 GMT
expires: Fri, 25 Aug 2023 09:50:54 GMT
last-modified: Mon, 12 Jul 2021 17:43:04 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0BB1 0
622 B 144ms
72ms Ping
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvSoUhHOedpQ8XU2UYNJ2DoEVPbTNT3pFaQKliSuEghuPsN_WO6W8coH48bjW7NdpaLIHzEboeA-MMrClc8ve05m7lb9PcQBqsR59rLjN9q1hX01BQVMRO102RFCAzmrcmkZUw9rNowjxybll-uSN9aekkGd_9SZ2Oh2YNrYpJGzFFiRd_dLsQRZctmYjN0cZr4msmdzesjsVjrPbDQgITRlh8aSpONV7kRjAa2QdvFWWkXP4CpA9Mhh8HaoyTd4tMzH7iWxpovq8VBiSwMUWjMHPBY2hb8giRAa5Al6EjCl3OYy5rr7Rt9HpTl1t94F8uZcaGwlfRD4ns54eHwscNVEbgVjBNYRy_mzLGoQrEvsNaE89ypRnQTKN87t4Lck9RF9LMSAi--pwL4140qU1EVodTTVy6Luqk5yt17HOq1Iy89ouD8K8pRvdZUJ3ddVDCm2mU8ZYuHW9lj754_vNJsDMmC5t2vOGapB0aWoCrJ4d8Si_T88JGi0I756c-U-DLvTIKQT7me81ZLfrGSxW57mGU_qWFIQGlydcXp4DbYOC-5qehCnr_cgoeeYHoggYXZAkecstC8dq1h9zHyITGwngR7k7yOi5V5-dF15l8AVfBHcGeMYQT461EO_KzWh7rpkBaQTids-WAdqvYQXhALvB69ICxeQisiAe2RgbTxnM1vUPeALVhMn05NxiAj2RoYthKV7XSepA2rmZqqkGdZ1iwN9QtQbF5l2F1dRsCCE75r_ltgXjDFYIm_qUODcyBKEb8UsUv3N7BBn5TmbC23vNze_Z09sgExX9DQFqm1dm7Yn9uV4LPEnanyLb2D3rr275vHIPxks_ybkMvcUVDvx4UqkUiHBzjoOSA8tNUOwGZAqwT5fBplq3cWys1y6x_N_FCowMR9U9EZ_WshJZKXbBo024BcspUQt3jLkjwX5rIMSfKuC8YU6UVkE1km7pmJeqBWwPWbSKipV_xUImb8oAY1tx35ZDj65uQUlXR4OHyNPe7As7FGyUtAtsxFdcGuUp_OKGj4Bf-dqZvBKz9fzjQ16x8MFiKgAEpRitYfzBZC_BduJLy7UdComvn6nOXtH_guPDZlMW5MHIVXkiUNCbpIK7H1i5TdLFA1_KOpE8y3IbUO0lC4kGEpnVIARyne96hBlZhU0mXAyCSgzkkeGZwIC2fzCmyz6GLy3hyS9a9ibdX8WU0peY4MJghWxzDGAViuqnQHsmIwuujF6P4pC1RdzTQ&sai=AMfl-YSF8xB__cCyFPY7LTM1ru-mdKcr4BoQps3REyS0Gvq59-N1dHMUGYNRv75wB65UHbubWBa8wsfM_emsf8RacE8MAIAvDsqXVBZ6uI2Z2lw6utyGSkCBOhZvwZ9YPPX5mG4BSUy1AT1VeXRgbWFH70PBkg7TgPRCqaiZxvylzCVlvyz04xecgpeNRmiT3NwSfG1mXdE2ozAsNKUzLDD2dr1s&sig=Cg0ArKJSzHX-0cqPyMZrEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=233&cbvp=1&cstd=230&cisv=r20220822.34911&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: reto-bucher.ch
URL: https://reto-bucher.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Mon, 29 Aug 2022 12:38:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET img;adv=11122207570744;ec=11122226302456;adv.a=6266241;c.a=26163783;s.a=3213511;p.a=307934702;a.a=500490566;cache=1269562794;
ad.atdmt.com/i/ Frame 0BB1 0
0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C370
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGq9VN_5ikBteeHOT6pc_DA&google_cver=1

43 B
912 B

76ms
76ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGq9VN_5ikBteeHOT6pc_DA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YYqciVrwEwAQ&v=APEucNXQYjPuTtgi0ytWPZAqeNEkRpexw2U5TtWg3v4GIYC4pOAT7K0sQ4aLMx-V6bfjS-rANOoerlRxyK-tn4XpHpdghwZF7dBaoSD2_FvNhVcAQ8UPKf-ZpvsV_S3pGgmfo7QgY-JMeVlRRby7CY_6rjyyjWF4w7OUvRxpjqAU5HKXRMOwhDg
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray: 742558c668b0d63a-CDG
pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VwuHg38maAEMjj7w1LwSvApk5yX4HO94%2B9wKVtOlZBVTwbZ%2FeMCQIu4GRvBQPIhSNTUKwnvrT63uuD3QrlR4zOvb34KV0l9MwG%2BrexwYiebKH4aWDCeQFVH5vYuajknSISIqUYDkbz2eOg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGq9VN_5ikBteeHOT6pc_DA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C370
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YwyzYkPxFDaDpLTiNL1twwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGq9VN_5ikBteeHOT6pc_DA&google_cver=1

43 B
907 B

58ms
57ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGq9VN_5ikBteeHOT6pc_DA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YYqciVrwEwAQ&v=APEucNXQYjPuTtgi0ytWPZAqeNEkRpexw2U5TtWg3v4GIYC4pOAT7K0sQ4aLMx-V6bfjS-rANOoerlRxyK-tn4XpHpdghwZF7dBaoSD2_FvNhVcAQ8UPKf-ZpvsV_S3pGgmfo7QgY-JMeVlRRby7CY_6rjyyjWF4w7OUvRxpjqAU5HKXRMOwhDg
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

cf-ray: 742558c6c97cd63a-CDG
pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bQFsYHiky0vOW2eqahmS5werRYwbcfO0qv8XOoHHtHZIMRyPgB1kEdlMth7h6BCNPBiS6qRIaQNbwaQdbdNBRr6BU8mqPQ0%2FpjGvVQvgb09myQLmE4dDWJybo4BiXWWFmD1kq3y28Nvf8A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGq9VN_5ikBteeHOT6pc_DA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame C370
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELoVFH1SwQLtUaAnLdf1_lA&google_cver=1

43 B
1016 B

24ms
23ms

Image
image/gif

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELoVFH1SwQLtUaAnLdf1_lA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CInSVRCfg1YYqciVrwEwAQ&v=APEucNXQYjPuTtgi0ytWPZAqeNEkRpexw2U5TtWg3v4GIYC4pOAT7K0sQ4aLMx-V6bfjS-rANOoerlRxyK-tn4XpHpdghwZF7dBaoSD2_FvNhVcAQ8UPKf-ZpvsV_S3pGgmfo7QgY-JMeVlRRby7CY_6rjyyjWF4w7OUvRxpjqAU5HKXRMOwhDg

Protocol

HTTP/1.1

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Aug 2022 12:38:58 GMT
X-Proxy-Origin: 37.59.164.108; 37.59.164.108; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7bec1dfd-ba25-41d1-9802-991e06f242ca
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELoVFH1SwQLtUaAnLdf1_lA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C370
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg3NzcxNTIyMDg2ODAxMDIyNg%3D%3D

170 B
188 B

35ms
34ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg3NzcxNTIyMDg2ODAxMDIyNg%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 29 Aug 2022 12:38:58 GMT
X-Proxy-Origin: 37.59.164.108; 37.59.164.108; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: b859094a-9532-480f-abc8-d9a65b1275d7
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg3NzcxNTIyMDg2ODAxMDIyNg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame E345 106 KB
37 KB 75ms
24ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: reto-bucher.ch
URL: https://reto-bucher.ch/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 07:50:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17282
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 30 Aug 2022 07:50:56 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220822/r20110914/elements/html/ Frame E345 8 KB
3 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220822/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DHV6pulLuAWNtEjSqSuhA30QDFLiz0lOULTJdBXbX_uxnxTYwhRmvrm9O-qo_30AwGEKNYm9DGQ242sNJkpLevJQ4_5LWRpUwoVQgikc18YYlzQrFDBA5jEWbl4n1r0f8iGh7bdJDrGkjy8i9valWWIJfO-Q&dbm_d=AKAmf-CxrjQgBpV2Nl-pkAT5bMjDDTY_o9xVKoUu486YjzpGpS5hpyP0AXZ3BrtF87iAOK4vmDF9HijdhVq2cPVttmEstflvrCNfN0d-vumRjzsZaasR7cKvqhM6WCsf53nAGeKgzSs5rGlI59Huw3YxDhVHewp_GlYQiuQcKmyvjcSLYxpWhwg6HVTb4PvwObcMykHloGwt1xfImpAuIxq3h02CkQCoTbj6f76UCNU8AhmP_1lHM_LT8AxEqKDlHbF6YMGOmqRcaAPDa2JSPAt-gEvTgysMmFIQ9we1PM2D0zw765hq5TKO4zq-eqr6Zk0o0W0hE3JgembHuZbnUbxBqRJ3bXw9tZrSqRrpkZWV2FTTlI25zKvKG3Eugl0c9pZNkh-ZOVWQJ2R5Z7sNqSDEl_RyC-keri50SD48Qthw2fo-hLguAbJFX8RwhvZKwxzwmPSpzWsLM_4SFGIKX1os4vOlRIxVNbslsAZFMzh26hzt8hWEdf-VRrbP-F2GvIJ44WmO2nwmiWHnLQDPe92WOBN2h9YuO1Tj63fS6pArT9xZvx8YmMzQGWHTYtRDK_xMkw4KNC6nc7n4ZkpAO_g3DnWMcvio3r6lg67W80DDSnalKtTX4yiMhFFpmzm3SYeGacxPUyEWFwLMlFTxctDhzY_0luos0FuhOxd5AU9zpWcDNxJrpevFnDQ9NjH0nze-7dpH8rj6QfU6SPgwWFAmsc8jItnHfYq1zfmX3J1-jUMpmq9zp37frrwZzavRqLVUfOajtlZ4O-NtvFSeJbMw6nDj-T6krL75Wh9H5cQYzzmtxiRYgsz-lGQEHj_ppSc9vs2N2Anu7IjorHTv0Go4c46KJPR4i6kIr3ogQqENYS6RZsjsLq_gncw9Nm3qid_9jni1urH3NWzXNjJ4zqf7yfUe_Q7cBeAqKRSD-27L5uLUafqEg2FxHmKdthVjOFF10So3gdokWM5prJufGHiFyLBismFfqS-7-z4FFy-nDB29kHwFH80j7uDC__EooTyUAWtRG8M5-PDENdxL0sIJz4Rt8_q78EFyppSXcYhacwGJoGVVAJJJ50u8ZakPJ2AWQuyfORXsPJWRxIpS9J9fAvaDESLsenlaMATnFYWsNypfAsSwchwtPluujw-Es-7L_ZR-XTtp2H5f4B3D-K2Cw6DA_QEdYBQ-wOR30dpdin7WYx5YiZ7sqCu3ZqqmvJF1jsM9DJ5DJwg5B181XIx6bjMqjyMJKpb1W1Vj0c4sMo_axDxhZ8ZG8r-gJ2yqTKnLTq4jDQncpVPd60z4FEgHw6Gi0Xs35mkQNfTMzU7xParDAGVe305lK1M6c8wlA_tUwfhqOZ2d31QZjHU2xVRBO4DXfMz2tM1dqP3DAR1XI2BTEBU8lT3dCeXGZsuh0xyD_ZET--CM-pIpFLjD8ihCgKVJWEyjFCZ1BtVFVTL4gHUHcUHrqDyz8mXWoxrIR16nHTdEBIKJ_OqJqFB6MMqPB40N3g0hsjlT8Fg_HL_dmxGmUx0f40SqayoXzdmSAiTfnMAMcx8GKxYoKmx62pV3t9vWAy65p8EZJ_Z3-7CaFUiIWvH1xmC8YYVoSc85MgMU9muNLLJRevM6TIXIcCq2y9dAdUL_T6vEIJvW57gMNw4e9TqKEdMYQYqF1FrqxmtWuZX2Dtaxa92Mo_ftBUU7rIELxi0RAacAWz44RnDtj0dSwU9Jns1DlfnRh50HKQsrd_bNz9Lav9CApzy-bVMgP98-SCg8fhPQ7JdICT6MUdaXtfmGDOSCPRXX6CZ3HKPYk3QQ6m29D--dvKAe_hI-i0cATQ_ZormAFkY3BuDkDwgla6j3N-3GjS0B63KaOqMoiFt1G8-knPJlCRRp0YCxAm1A8bKLP2WrsNGbj0PDagINNhl_zUeiA4IItXv6U9OkYK8GgFM9zYWb-eR2txdwiMKpr2tJWiltuoE7zqkTkKos_KhlL7TRxk9dH5cYlVTpkGpoGKGKOvS-XnuWHJj7z9oiEVPQjEJyZ-JtxVLXQMAmuyjLpQS0vXC--7yg8XJHorQgiP5_Vb_ETnw5rkI-hRP5nooesOaVRl0yOrUTOwa2BvVSuaIYS8y-dXL3vvTwiDa3mivf6r0c32NdutIut5OfMOgxPvvQCDZVR4dDxcZBTpX4vA9G191P-I3dCTpWkZQUscQu-7KPA0uU4YuoKF_0rf7B6Lwfv2Z4YLvdnC-15sA1rghKBRv6cFQ9IICyiRl81B8E8H3KqfrY3NKT11HL9iQKlff1FnwKvmuxeBcAOyqiqPqZ3C_zvOz-3qlyBt2BBuK8G-Bus3-1yCRsRBC27NKnORjNLQwc7X3PfMH3vCKnZFSpfeAPPSbSuPdr2kf12PhFGYB1iapj3pMJh871Hu2azDifpTZJ4mN9_r6-syr5HEgZyA6PqNL7mfYEwmlOUPcjfSp8RmZqP3Gxce6-D6acTg_25gwyx_uZVxfjg2jJnOXN3G6So564DBc1ESzzPj2VaFdGg3EmfDDGqyRpJs7Gkv7qZwBZRW5OXaLPaVLqqIvHpVqY4Y6eyguSt79WBTOMpIUaBUWHban3oPWzGrd2IwGmsUk3mASzNPRRVzmX2WppHmRFSpBX5QEAaGok7UM49UH-CCveyr3_hKG853Jvrj_4CUjiFJhHEyZxoyJPOcqeFITlnvgxWQ2zKMDWowV0KiAppAeu649RqT2nNfFNvdyDMaVD__-FC3QZfkbm95tBNp1FPG9klz_JR5oFuydIk6Ic2Yb0Y07-b4LJuv7O1lW4EXVmU3QketbxKVqULSMEjvegf8yjkdyvHdZRaAIkv-kUnyEgUsHhfGHb2sDCpba4EUhZHTEkOaTj3Jjpz4mXGAeRmNKRxXYWEEvs9_sgSigXMOZblkJDKTxmUr4hz_lSrxDsdlRs_rBfXWDydXhP2hstoqX6aDVazTu_7UeSWOxFRK7mfBPWItnAuAMLbKWyO6JBa1y-uWZo9xlcTlSWK_cSVXw2vGSdV8ciblzpperbWshDhjh7-KCRUAxzhentf6roLelewWqswJs83mVuWtsLKkzxZjhx-lsUw4kKZS6CKxthrBjRjOq63lFueytixOSBGCc6b0-VM0PDFA7SUWpQ2BT80fnAFfrn8hcx&cid=CAASJeRoWWk9eau6EKy-rDm9JtwJqxVSKQffNaRNk2hrz5iXWdXTtaA&rfl=1%2Chttps%253A%252F%252Freto-bucher.ch%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:32:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 365
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3181
x-xss-protection: 0
server: cafe
etag: 18418590997839133011
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:32:53 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220822/r20110914/ Frame E345 30 KB
12 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220822/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:35:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11819
x-xss-protection: 0
server: cafe
etag: 10563440404697844360
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 12 Sep 2022 12:35:40 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E345 41 KB
15 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 11:23:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 522941
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Aug 2023 11:23:17 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8637 1 KB
749 B 25ms
24ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 79614
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 28 Aug 2022 14:32:04 GMT
etag: 48472445140208031
expires: Mon, 29 Aug 2022 14:32:04 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame E345 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 996a1f5a0ba0e8a95b8115136f86e341fd20bf7481adcf39488dad69e36621dd

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 lottie_light.min.js Show response
s0.2mdn.net/sadbundle/14842159294890010616/200x200/banner/ Frame 9B0F 140 KB
39 KB 27ms
25ms Script
application/x-javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14842159294890010616/200x200/banner/lottie_light.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14842159294890010616/200x200/banner/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

975493b36ff51cc1a52bb40cb7249b2b742b04be006435d698c2651562f1e513

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14842159294890010616/200x200/banner/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 01:26:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 558758
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40229
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 17:43:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 23 Aug 2023 01:26:20 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C7B1 22 KB
8 KB 27ms
24ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 430243
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 13:08:15 GMT
expires: Thu, 24 Aug 2023 13:08:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8637
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEM9WE6rBRHIHMh1zi9Egj_c&google_cver=1&google_push=AehlK4DXRFawxw0IogxFv7_xn0bk0wiRMxgjcmV5dOEnqvgau5wysW4yDX...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AehlK4DXRFawxw0IogxFv7_xn0bk0wiRMxgjcmV5dOEnqvgau5wysW4yDXVxxs3jcYrATni--1xnlGqWdXdVy0LL-_lm6-KDzLJ6sR4q3amRMfafU6xy2WUDeN_...

170 B
188 B

41ms
40ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AehlK4DXRFawxw0IogxFv7_xn0bk0wiRMxgjcmV5dOEnqvgau5wysW4yDXVxxs3jcYrATni--1xnlGqWdXdVy0LL-_lm6-KDzLJ6sR4q3amRMfafU6xy2WUDeN_SmaE-XQ-7kTOtV76aCBUevRsFGxxUcPo&google_hm=kVBZ1_WCvgS_Ay2Jon5QzQ

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AehlK4DXRFawxw0IogxFv7_xn0bk0wiRMxgjcmV5dOEnqvgau5wysW4yDXVxxs3jcYrATni--1xnlGqWdXdVy0LL-_lm6-KDzLJ6sR4q3amRMfafU6xy2WUDeN_SmaE-XQ-7kTOtV76aCBUevRsFGxxUcPo&google_hm=kVBZ1_WCvgS_Ay2Jon5QzQ
pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 8637 43 B
356 B 123ms
32ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEGiBZf8IOTeNTzFeIgrt7tE&google_push=AehlK4BW3AQ5ecbTzLpBuDy7eZpbsMdrnZHeIGMBe7RQa2SiHyRJOaAtNovNCx8WIxrJzE8tI-AY_3Y3D4MlNkzxriac4KTa1CwFFXy6wMPCKqgJ8AoOizO7C1lhi1gtGmAhEN1xujdidYRQhI9pCvcd_5w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=600&adk=769560160&adf=3452407923&pi=t.aa~a.3108187763~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x600&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=2&bdt=1241&idt=-M&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0&nras=2&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1778&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l7n7n7GeGr&p=https%3A//reto-bucher.ch&dtd=11
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame 8637 43 B
64 B 48ms
25ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESENEJiKs4VSOF5Ieiicu31qA&google_cver=1&google_push=AehlK4Ak0rnLY93DUgu2lP7O19yR6xkkTrjbsK7HNCZB4MPH8LXbTYhw6BS-hlg-HUGgGKT4IQJ0Z3_MCPIa6z4YdQT-K0wjiwp6hnPVXXiDzQRVRtAGrPNnDyeG0Xta9uXEnqgr1o3BvMVxQNHj-12_hQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=600&adk=769560160&adf=3452407923&pi=t.aa~a.3108187763~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x600&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=2&bdt=1241&idt=-M&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0&nras=2&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1778&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l7n7n7GeGr&p=https%3A//reto-bucher.ch&dtd=11
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:57 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: tbo43t0m5doullb6c35tahggv4pcvd9v

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 8637 0
41 B 21ms
18ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGLMGNdVUD32tT81a4Q4xTk&google_cver=1&google_push=AehlK4AYDctXprWKMJAh4q0fbWLFSjBy87R9p7VUgV2awhc64zMV5uNVCZdqLyn6cqqkhNEmmxB9roIUY8g3zRQ54rKgXNoGhBnID2pAa1vJIafkV_ovtKADYX2yC532SArKjShd0156uXp1aA-8RwiR8h8
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9452625998653244&output=html&h=600&adk=769560160&adf=3452407923&pi=t.aa~a.3108187763~rp.4&w=255&fwrn=4&fwrnh=100&lmt=1661776737&rafmt=1&to=qs&pwprc=2835990950&psa=0&format=255x600&url=https%3A%2F%2Freto-bucher.ch%2F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661776737274&bpp=2&bdt=1241&idt=-M&shv=r20220822&mjsv=m202208240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dc0386e92e66eef07-22a6c65a0bce009f%3AT%3D1661776736%3ART%3D1661776736%3AS%3DALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew&prev_fmts=0x0&nras=2&correlator=5242293138153&frm=20&pv=1&ga_vid=1302826601.1661776737&ga_sid=1661776737&ga_hid=1412218535&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1100&ady=1778&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C21066428%2C31069171%2C31062931&oid=2&pvsid=2710049549763662&tmod=399680614&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=l7n7n7GeGr&p=https%3A//reto-bucher.ch&dtd=11
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:57 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8637
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBan6uOsfyd7-OJz6dU0Yd0&google_cver=1&google_push=AehlK4A4f769BC2m6oftoVe5RIeA7DdM80_xcUQwZFGIRJBdTEXiF7Hn_gXEtybbTF1UWE1_utw...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDdFUVlQTUotQi1LTjRH&google_push=AehlK4A4f769BC2m6oftoVe5RIeA7DdM80_xcUQwZFGIRJBdTEXiF7Hn_gXEtybbTF1UWE1_utwcn0O_-RHukT5eocisrfLN6TeDwDQJj...

170 B
188 B

40ms
40ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDdFUVlQTUotQi1LTjRH&google_push=AehlK4A4f769BC2m6oftoVe5RIeA7DdM80_xcUQwZFGIRJBdTEXiF7Hn_gXEtybbTF1UWE1_utwcn0O_-RHukT5eocisrfLN6TeDwDQJjq28k1kv0FwADvoefGe_z_gzPWHrb8zbSmvjhiQ8iiTwYOBRRQ

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDdFUVlQTUotQi1LTjRH&google_push=AehlK4A4f769BC2m6oftoVe5RIeA7DdM80_xcUQwZFGIRJBdTEXiF7Hn_gXEtybbTF1UWE1_utwcn0O_-RHukT5eocisrfLN6TeDwDQJjq28k1kv0FwADvoefGe_z_gzPWHrb8zbSmvjhiQ8iiTwYOBRRQ
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8637
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEGYr4rptqsSekEQVEyBDM2Y&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGYr4rptqsSekEQVEyBDM2Y&google_hm=YwyzYkPxFDaDpLTiNL1twwAABJkAAAAB&google_nid=index&google_push=AehlK4Bym9ZUDqLuKsRpx_CTO_6UgjCOvymZ2...

170 B
188 B

35ms
35ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGYr4rptqsSekEQVEyBDM2Y&google_hm=YwyzYkPxFDaDpLTiNL1twwAABJkAAAAB&google_nid=index&google_push=AehlK4Bym9ZUDqLuKsRpx_CTO_6UgjCOvymZ2nM3uGELNZU1_pugCxwyUp4lvP1s8lxDyngXvhrA76No7Xhyv8GKpNfh8ACSmW2_pMrW6AIvskQtgkx8AdP0ciMin5lA0wyLHNtNXtbNLT_iGZlnV7IDFYk

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WJ6u5hXjDe8AIwvPYU6fm2Mp%2FOpTHwYiHvkzFPXNn%2FL0Mp%2FSlJtrw%2B9APE6MvfWQjWUexxUSiNvVSGnBhm81tjkVEqgj%2BV3RHoe%2FYYUG19qN3ky4Bp2aP%2Fd0KaF1Mp88e35eMNqGuYvhIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEGYr4rptqsSekEQVEyBDM2Y&google_hm=YwyzYkPxFDaDpLTiNL1twwAABJkAAAAB&google_nid=index&google_push=AehlK4Bym9ZUDqLuKsRpx_CTO_6UgjCOvymZ2nM3uGELNZU1_pugCxwyUp4lvP1s8lxDyngXvhrA76No7Xhyv8GKpNfh8ACSmW2_pMrW6AIvskQtgkx8AdP0ciMin5lA0wyLHNtNXtbNLT_iGZlnV7IDFYk
cache-control: no-cache
cf-ray: 742558c6bab9d558-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET googleredir
googlecm.hit.gemius.pl/ Frame 8637 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8637 0
12 B 36ms
34ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LACAbQXIU0nCWU-5SHfRbyXZLUI2A8Cakl0C3TAgtqnbiVxSaUM04zVNOAkhAlzTvPx6PfdA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:58 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3AFA 0
20 B 69ms
68ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BDLznYbMMY-vxOKjc7_UPzK-x2AcAAAAAOAHgBAI&bg=!-vml-b3NAAYUOm8VNDo7ACkAdvg8WowDUOqvFl2WtlQbc0AgmzqjRUVSlsrLRYZBzuyLtTm3vPFZigIAAACBUgAAAAJoAQeZAySWFFs8O16H8fqA9fPm7dZqKyPihzavgYYyu24glDVOe4rBPUWHmvrZDT5tEo4i-2lH3HVPKXyAPFBx_CeBe43ryJlb-Bo-UlS0vuiZtUTH0OwPzxmk_VF8k-9i-r2ss3xg4RexSvj9k5t9JGpVFdGbUTz1ODb_v31f9AZeGY4WiGdMHYz15CCTDiPUc6VEpVeWfo-T0Ua4kNtus2RowTpKcRk0Z2NCq4Uqh4dKLMwcT8UR-ANIsNW5hua5vOJtRWetAUsrKHzlXHwOyvVPsahN9NT_VxrhjVwWYQWlK3jbzBNdM-5F0NnuBTSK1Er3gY38cOB_5fSzXkQTjoen1ACk2V4EL17EYGLhvKV3fW-HS8iWwvVukIElv0tkIEKRjGPeQkBz3Vhv1zuHz4bzQHg95os3dLm5nGUirCIzdH_j4ppGTCdNxBBy0CA_Vx3hAjv0f92P3VnvJTm8JfmxSpY0Ys97Zw4QuRnx0x8CYgda9AbyWE24FohYAFRZaiLCN_oRKxstJ-8PKJG9J4BpOkgl6T8SLktAPe0x-kM1AKfmQs0HP233bVxuz49j4AA5NjsPib9-A29Y94MyTE2fyn_wn1ZmyUGvSdAF-DitPd-f_XrybjWH6yIAdeKNQXYzS6bA-ZBxuQcy5-TYW2g2KBm3EWehe_maZvVmvbz0ZwjiJCbRDHKr0bjQaKVhUTLD-Hr6HOCfFPSoSRtn5B2U8K2NSv1rg24jMHZHjw4bPWf8_B51rdWquE8C_ShKSM-YjwvPGAf-0Ya3wTnMztD5EYAmVsuu__luFw6t1tU7ZNejHWWwAPbtvvulMpxuAnBoIU0CJKtytWCM4il0RgTcyzm8Jos6hpo8ug8Xys9A-q5RoINWI8sek0MLpi0V6HMRpbNRmGoosIm7-fJjmFp8xzQM-i3IQFYo1fcXPtujHbkMhQlbJF0Q1wOumyK0Bgk8aFAm-6Qe1dcRWSUHlxqYnW6vFRNSeQE8EhMyhvwF9uO48pzK1rGXGKtckYR-DhKEfJvR3BT5t4BM3lq_Vb4YCluBhhTwId0dNZLC7hVCQfQ4YD8oEnk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9896891265765320067/160x600/banner/ Frame C92F 4 KB
2 KB 26ms
25ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9896891265765320067/160x600/banner/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

060c1e248880c1c961449c7bac542cb62359abc48929363e8c4f43110a5d8c9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 444269
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1729
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 09:14:29 GMT
expires: Thu, 24 Aug 2023 09:14:29 GMT
last-modified: Mon, 12 Jul 2021 17:27:52 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E345 0
64 B 69ms
68ms Ping
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstFn0R7WD4_hBR4vFTlvMAjDHDW7j4ccigpFx_REb8WfXaakBrd6wKkwByl1A8IodfyeRpDUqw4oZtREurRPvKHsDfbv7rAZx-qZSRRTWxKe-LGd6NO5ruW-CmbAW_Z2vlqTHP5y9l-okvqx7WOslZNxpZGjaDJjWglqnSvBgVi2EF_FQvuD-EyFNYEJtXQIvS1LPCIF98lka4vaFVnNe8aVbxu3f-nXhMK4wHbrLzPqmBFh23WU-bY9hkwgS7oZycda8kqyTk0ZoPHLyEDjAn2GeQAcblxVp5sWdZiB6niMeRd0yiYAa3tKEWpLuFr8ke2xgZWFdT2TtGXKwOpYaXXlQU4HPDxBNKyssBvDi3G40rd3SGQMaAW_RZMONOKF7RoTBK_OJW9YaczpyRRsMsxz7CsWmA_9AvZLmDmhbEoDt9sdHKVBPKmPs1MvcCvdMBIMlUga9ew4lhcM16cbRWMtI-5kVch3wWam-0958C8BniVvhfJpu-ecUrIgNvFWZ8vkfrM3Gywvg3TAYlgJl3PZSfIeXVHwumWMxfUwflULTEjJGgsCHcXztwRLVlsQBiF2-Zo4-1TvyQ0Dt3SPz8zG6f9yGF-u5JH6xySe1J1vvdkn5xBEjf8EN_8Rpb8ckN0cuKrwc1MgfbYEep0bJKJdm9hdgHoDUHUTB5NI3yoZmuKv-fZfSxpWdqlcljw0BXmpchDGeXmGkCXnyCa5SHKsncH8b4dEXQ4hCYNvvITjg8UXLiV8T9lNEMeHxAMQP5jngJA0HWfBTwh36cdm2zhsLaDW2rtdahVHSbmJ--Oml2lZu6ktfJXxYVyiEpTkp1aL4KxHpxXvyVL-zvHV78D_28zK8qmkKNQA2RJJxdawH0SqGSbARNhMJaKa1DpELNX_h_G0WqKcn1I57uxKPf710dYpyA6yeRySANt-nQOVvRhI0smdN3iM9Df-jxl1NMtYdlIJTaxcyGxYC7QW1eOyZ1HL3i6SY5sLz4vO2l96uTCkbmePJ1Bnm7dpjSc2tJtn1bwiChR3iWo49EGt7tb6VrCV90tyTs_2mjPK9bS94_4k3TNUl2bQlcXXtFfYRpCyE1qitiFex7qKPgcOoDOvcgMcOyarh9ptH_ng_6fH-2FTJBiuU2kcnV54UU7J502nTsJBrHecg-Qt5tCCjgsZm_dLZW9TVMPzJLsqOog6ol9o9sSMe8_6fU9gQZ5197bqIIc4GXGTKe49nGr6X3-1HkW_bo&sai=AMfl-YSzg-RoMiJ4j4nLbP2DyKVaS-vB1TOU-8ymxd01OXui4FtnzJm-Tq5ZTgKyfovbZxukU0lkec-nrcYEEYUIKofv45yZKas0EDOZsX1KJwCgPTPZadsQQdMOoXvxViJwncSPaRLVbXJ4FcGrlOfYZ2cDfhtXRoBulskd9EdybUdnKMVvqH6ADI-1o05A45pcwIMp7fPt_j3Ls0iBjwLI_GqC&sig=Cg0ArKJSzCaxwHvXWHb7EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=98&cbvp=1&cstd=96&cisv=r20220822.63352&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: reto-bucher.ch
URL: https://reto-bucher.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Mon, 29 Aug 2022 12:38:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET img;adv=11122207570744;ec=11122226302456;adv.a=6266241;c.a=26163783;s.a=3213511;p.a=307934702;a.a=500490566;cache=3104329210;
ad.atdmt.com/i/ Frame E345 0
0

GET
H3 200 data.json Show response
s0.2mdn.net/sadbundle/14842159294890010616/200x200/banner/ Frame 9B0F 413 KB
51 KB 26ms
25ms XHR
application/json 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14842159294890010616/200x200/banner/data.json

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14842159294890010616/200x200/banner/lottie_light.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a664bc3b0eaf4b99ca764d37afd95cb722f554d3140fe1b9f23fcb58eb2034d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14842159294890010616/200x200/banner/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 15:02:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 596171
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52335
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 17:43:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 22 Aug 2023 15:02:47 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0BB1 0
26 B 116ms
64ms Ping
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvSoUhHOedpQ8XU2UYNJ2DoEVPbTNT3pFaQKliSuEghuPsN_WO6W8coH48bjW7NdpaLIHzEboeA-MMrClc8ve05m7lb9PcQBqsR59rLjN9q1hX01BQVMRO102RFCAzmrcmkZUw9rNowjxybll-uSN9aekkGd_9SZ2Oh2YNrYpJGzFFiRd_dLsQRZctmYjN0cZr4msmdzesjsVjrPbDQgITRlh8aSpONV7kRjAa2QdvFWWkXP4CpA9Mhh8HaoyTd4tMzH7iWxpovq8VBiSwMUWjMHPBY2hb8giRAa5Al6EjCl3OYy5rr7Rt9HpTl1t94F8uZcaGwlfRD4ns54eHwscNVEbgVjBNYRy_mzLGoQrEvsNaE89ypRnQTKN87t4Lck9RF9LMSAi--pwL4140qU1EVodTTVy6Luqk5yt17HOq1Iy89ouD8K8pRvdZUJ3ddVDCm2mU8ZYuHW9lj754_vNJsDMmC5t2vOGapB0aWoCrJ4d8Si_T88JGi0I756c-U-DLvTIKQT7me81ZLfrGSxW57mGU_qWFIQGlydcXp4DbYOC-5qehCnr_cgoeeYHoggYXZAkecstC8dq1h9zHyITGwngR7k7yOi5V5-dF15l8AVfBHcGeMYQT461EO_KzWh7rpkBaQTids-WAdqvYQXhALvB69ICxeQisiAe2RgbTxnM1vUPeALVhMn05NxiAj2RoYthKV7XSepA2rmZqqkGdZ1iwN9QtQbF5l2F1dRsCCE75r_ltgXjDFYIm_qUODcyBKEb8UsUv3N7BBn5TmbC23vNze_Z09sgExX9DQFqm1dm7Yn9uV4LPEnanyLb2D3rr275vHIPxks_ybkMvcUVDvx4UqkUiHBzjoOSA8tNUOwGZAqwT5fBplq3cWys1y6x_N_FCowMR9U9EZ_WshJZKXbBo024BcspUQt3jLkjwX5rIMSfKuC8YU6UVkE1km7pmJeqBWwPWbSKipV_xUImb8oAY1tx35ZDj65uQUlXR4OHyNPe7As7FGyUtAtsxFdcGuUp_OKGj4Bf-dqZvBKz9fzjQ16x8MFiKgAEpRitYfzBZC_BduJLy7UdComvn6nOXtH_guPDZlMW5MHIVXkiUNCbpIK7H1i5TdLFA1_KOpE8y3IbUO0lC4kGEpnVIARyne96hBlZhU0mXAyCSgzkkeGZwIC2fzCmyz6GLy3hyS9a9ibdX8WU0peY4MJghWxzDGAViuqnQHsmIwuujF6P4pC1RdzTQ&sai=AMfl-YSF8xB__cCyFPY7LTM1ru-mdKcr4BoQps3REyS0Gvq59-N1dHMUGYNRv75wB65UHbubWBa8wsfM_emsf8RacE8MAIAvDsqXVBZ6uI2Z2lw6utyGSkCBOhZvwZ9YPPX5mG4BSUy1AT1VeXRgbWFH70PBkg7TgPRCqaiZxvylzCVlvyz04xecgpeNRmiT3NwSfG1mXdE2ozAsNKUzLDD2dr1s&sig=Cg0ArKJSzHX-0cqPyMZrEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=381&vt=11&dtpt=148&dett=3&cstd=230&cisv=r20220822.34911&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: reto-bucher.ch
URL: https://reto-bucher.ch/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Aug 2022 12:38:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js Show response
pagead2.googlesyndication.com/bg/ Frame C7B1 36 KB
14 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sun, 28 Aug 2022 12:21:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 28 Aug 2023 12:21:36 GMT

GET
H3 200 lottie_light.min.js Show response
s0.2mdn.net/sadbundle/9896891265765320067/160x600/banner/ Frame C92F 140 KB
39 KB 28ms
28ms Script
application/x-javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9896891265765320067/160x600/banner/lottie_light.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9896891265765320067/160x600/banner/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

975493b36ff51cc1a52bb40cb7249b2b742b04be006435d698c2651562f1e513

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9896891265765320067/160x600/banner/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 20:09:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 145752
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40229
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 17:27:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 27 Aug 2023 20:09:46 GMT

GET
H3 200 data.json Show response
s0.2mdn.net/sadbundle/9896891265765320067/160x600/banner/ Frame C92F 430 KB
53 KB 26ms
25ms XHR
application/json 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9896891265765320067/160x600/banner/data.json

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9896891265765320067/160x600/banner/lottie_light.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee8402772fdd6c3ad38ec6299050c82d6a1c535f44a6dcc8191bda787f28e931

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9896891265765320067/160x600/banner/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 15:17:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163270
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54422
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 17:27:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 27 Aug 2023 15:17:48 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame E345 0
26 B 64ms
63ms Ping
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstFn0R7WD4_hBR4vFTlvMAjDHDW7j4ccigpFx_REb8WfXaakBrd6wKkwByl1A8IodfyeRpDUqw4oZtREurRPvKHsDfbv7rAZx-qZSRRTWxKe-LGd6NO5ruW-CmbAW_Z2vlqTHP5y9l-okvqx7WOslZNxpZGjaDJjWglqnSvBgVi2EF_FQvuD-EyFNYEJtXQIvS1LPCIF98lka4vaFVnNe8aVbxu3f-nXhMK4wHbrLzPqmBFh23WU-bY9hkwgS7oZycda8kqyTk0ZoPHLyEDjAn2GeQAcblxVp5sWdZiB6niMeRd0yiYAa3tKEWpLuFr8ke2xgZWFdT2TtGXKwOpYaXXlQU4HPDxBNKyssBvDi3G40rd3SGQMaAW_RZMONOKF7RoTBK_OJW9YaczpyRRsMsxz7CsWmA_9AvZLmDmhbEoDt9sdHKVBPKmPs1MvcCvdMBIMlUga9ew4lhcM16cbRWMtI-5kVch3wWam-0958C8BniVvhfJpu-ecUrIgNvFWZ8vkfrM3Gywvg3TAYlgJl3PZSfIeXVHwumWMxfUwflULTEjJGgsCHcXztwRLVlsQBiF2-Zo4-1TvyQ0Dt3SPz8zG6f9yGF-u5JH6xySe1J1vvdkn5xBEjf8EN_8Rpb8ckN0cuKrwc1MgfbYEep0bJKJdm9hdgHoDUHUTB5NI3yoZmuKv-fZfSxpWdqlcljw0BXmpchDGeXmGkCXnyCa5SHKsncH8b4dEXQ4hCYNvvITjg8UXLiV8T9lNEMeHxAMQP5jngJA0HWfBTwh36cdm2zhsLaDW2rtdahVHSbmJ--Oml2lZu6ktfJXxYVyiEpTkp1aL4KxHpxXvyVL-zvHV78D_28zK8qmkKNQA2RJJxdawH0SqGSbARNhMJaKa1DpELNX_h_G0WqKcn1I57uxKPf710dYpyA6yeRySANt-nQOVvRhI0smdN3iM9Df-jxl1NMtYdlIJTaxcyGxYC7QW1eOyZ1HL3i6SY5sLz4vO2l96uTCkbmePJ1Bnm7dpjSc2tJtn1bwiChR3iWo49EGt7tb6VrCV90tyTs_2mjPK9bS94_4k3TNUl2bQlcXXtFfYRpCyE1qitiFex7qKPgcOoDOvcgMcOyarh9ptH_ng_6fH-2FTJBiuU2kcnV54UU7J502nTsJBrHecg-Qt5tCCjgsZm_dLZW9TVMPzJLsqOog6ol9o9sSMe8_6fU9gQZ5197bqIIc4GXGTKe49nGr6X3-1HkW_bo&sai=AMfl-YSzg-RoMiJ4j4nLbP2DyKVaS-vB1TOU-8ymxd01OXui4FtnzJm-Tq5ZTgKyfovbZxukU0lkec-nrcYEEYUIKofv45yZKas0EDOZsX1KJwCgPTPZadsQQdMOoXvxViJwncSPaRLVbXJ4FcGrlOfYZ2cDfhtXRoBulskd9EdybUdnKMVvqH6ADI-1o05A45pcwIMp7fPt_j3Ls0iBjwLI_GqC&sig=Cg0ArKJSzCaxwHvXWHb7EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=330&vt=11&dtpt=232&dett=3&cstd=96&cisv=r20220822.63352&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: reto-bucher.ch
URL: https://reto-bucher.ch/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Aug 2022 12:38:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 132ms
81ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220822&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25b19ba6f20bdbc6c18c397c5b68bc24dfe7fa476734c33567061bbc7448704c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 29 Aug 2022 12:38:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11104
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 29 Aug 2022 12:38:58 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3BE7 42 B
64 B 60ms
60ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssSje8gegdSe22jhUWVbC0hWm4q0XBdMi-ucFCAIaYkWxCXX4CHdCHrmA05pn6i7B3fKe58WBnBtylT8Zp3l8Crs2uWjAHb_4rvwAFsicnYWQOtd2US_wdKiYCQBBevgbU5vwyJjA&sai=AMfl-YRIxSAWeusCPns9B1mAxfBs8ekz_orjWIczN_Bcr_R41hbzLEZWglcsQOKjMVJbgNtBgHbU4Af-CrSX&sig=Cg0ArKJSzPoeOQBX7NxaEAE&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=39,769,1000,1076,1141&tos=39,730,231,76,65&v=20220824&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=318159121&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1661776737383&rpt=239&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C7B1 0
20 B 62ms
62ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bf3OtYrMMY6H8CpiN7_UP6PC40AgAAAAAOAHgBAI&bg=!kZKlktbNAAYUOm8VNDo7ACkAdvg8WjGwIgGrS7vy63b-Nz75Obf6nJG24008-r0NQ4SsyD531pNt-QIAAADMUgAAAAJoAQcKABMuoDdwjjyrQGwi6VeLVi4EZDximQL4E1b9nw50ZLGKuDJtpwOxppcstdd1tBydo35YUzsV0KhTexUR_pRe72nfWcL4WdzLqyfHXCh19DwXjZl1z_WmchPtTA41VIyJOIVSRewxjVk83QbWZzv1n1mP94MObREayhCqXrTs6fXR4JFwfEOS3OSP3XvhV9i46WRXMfU0YJ0QRZkE_NTtToGlvkb_TMItR2skzlp-IUCiRvvqb7sZ_EtZXUA7hjysrduH9JMTW3Yr9K5eixQ48vxzLP4Mk61vipHvDSFtiSl60tCnU2lOlsw6gILzrv2Uy_1iToFs3qxBGvLFtqqFgPjkN7RQ84Sc_NOnTf97ZmR-nx63RSUkIQr9xmmuih5qGgCftQ4enO5HlYkj0nB4P_DC0NykdDGnNKqTjnBuCDfJRbltMcLFWQ0JnOSc8mjNpSWZpNzZ-WRUGLG9kMoaU52a6aY3bHpZbXnfwjj9MnwkdX0FazxFNV_-mz7JzcPm9codkrgUKbI_HLJDtvNUCZqMyFUqbzoT9ftq_T8-avIhMFnkVsGTi1yw3NO_9PcWc3FmSXSwj9WxGuLBNjdsFVqCBDpROA3344s7UiaC-X0tsX6jo2hcBogB0Mr4yNk-3sG5AE46maqnxf6iDHACLfWQ02ZMcSmhQIRhRlVwAfZPHY6UnfBInqcDGPteYJJKTKQU9RLohiWXmfQdQu3d0hVlPsWJ6QUPpdXriqGa18Fv9vMtj29U6faHYpsCUddTkLbh6bnCYyQ9Z-cDKihJQLfasf9QLtuDzzO95hRNDQCXIi6HyjxYECwiDvIC6HnWm-J9uK68X9MH64mvGbOFVMC9m4hrCXUpDduDDQ1ZVPox7-Cw2O3MakDf8zcY68YjZz2_580-MkmyiaxVynRzs4dZ2XRN7l1OQebDhSk36b7mcO16vXNEvVQi5MHrkIKAYsbWcIrz43W8bzU0p9AJKLbsHz5aC2cMsdWEChZ_d7uTzso1sG2Zw87R_yv515hFe3kuil6rOFz5jw4H45TtPA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Aug 2022 12:38:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CED5 13 KB
5 KB 25ms
24ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://reto-bucher.ch/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 3342
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 11:43:16 GMT
expires: Tue, 29 Aug 2023 11:43:16 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3D66 783 B
535 B 37ms
36ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fa6c871c62ea22ed5be29bb97d16d1115899658f093fc510fa38ba835a16d142

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-YBV4Gfuy4SiOZ-nXC3emNw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://reto-bucher.ch/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-YBV4Gfuy4SiOZ-nXC3emNw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 12:38:58 GMT
expires: Mon, 29 Aug 2022 12:38:58 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js Show response
pagead2.googlesyndication.com/bg/ Frame CED5 36 KB
14 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/oORtDv9EbGDZJqtoCU6ZUa1h2CU5mRmZpTeRJMx0_5U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sun, 28 Aug 2022 12:21:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 87442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14118
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 28 Aug 2023 12:21:36 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3D66 0
0 59ms
58ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220822&jk=2710049549763662&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame CED5 0
10 B 24ms
24ms Image
text/plain 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?UJX37g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 12:38:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 63ms
63ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220822&jk=2710049549763662&bg=!5Oel56PNAAYUOm8VNDo7ACkAdvg8WlNoG1W5Jhp8pyxS8JpZyF5HZVqf5N49fmUZYhVE97SzJtCCZAIAAABMUgAAAAJoAQeZAs6oOQxbBRCSk11aBMIbyx15wyAmszaQc9AWJfF-5BYzvUj_ujjhJKm-TmlzOqlyscG82iY9Yam6dy802QnfVK6gtl2e_YGee4t3sbjs2e_WrmSA30VOt6WcqcuSMqPyE10_19jb7hkk7kBG5Hzc42fxtSu6ZRRC_zIshE-KtmKNUaQxjDYOOpBdGNL4AfspUB8tXrupoEvn3rGGsf0tAJ9MZnfFUmGc-HMXHvAd2KOwn-NRWz4vcrtzOzUuOI0Wwz6DYmuGmkbNf_vvdlaZOOwxICHtrSiHWLPu-0JjWGTmQ0kwhnlqPVrTzC4N_hDEtJB6-MTF3jRl5dtMZSbchJgrryrbBQT_2Q3wI6inmjBwEkoS5OVgVV7C4cAtkBpA80bj5rgJlKU-QSvxvkBA9r3N-e9GVYB1FzqAbkjUZlrAMkeTm6xC4-lwVp_yHvECn1k92qw3XSfvQ9WEYkrQ5CPr18AgnCh80qphT4PAwhSLchLVcUUkg2wzK6J-XuzkTHJy7jXPfwHbMrPbuPki_wbTjaT9VNG6P1WSpw-_YnPKahITEQ6SOfXD5e6kKze87ml1_8ElKIcTwKzqfwTVQQb3o5u1fjeQ0xflzbGAoA0Ob8XvRASnyrmJrAc3FMlQQoCyk4tYmblXtJzAmV0YWRNKRUJvAjmZ8p1GMdxfGMgv4sZ686EUt_WmvnFi0eDwrrRQROOu21SOGZY_vChvW43WHKhqf3eNK6mIiC2KbvcaW7BnbwwTT18V1M2dLmvoYW4fzo-fs7BcDbfbpM-oGp6BoTJE7QBUtx6r-zRQnsvCVx5N6L5qp-xJELm7dN1z_Jej9gtoMJisrzVYDzwvZKuyPpbwmAbkQSMkpOnz0WbLILNQ89YwrcQm-bTMluqV76o3vS3U9Vj229E9v8lGyIa8hfbRHFABDUvYgdSXmYBKwoJZ86A_MQa_GuY-P7at
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://reto-bucher.ch/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEN5IGuA2qoQgXIafHFoUQpA&google_cver=1&google_push=AehlK4Ch1Zpe0u4EiTCyPNBgfb3cujSBONRYLSwOslekkgJL7Je6JpLbSAuDftIatUzNtGkxETk5rEpW13Hc0aMbXpapvfRj0jE

Domain: ad.atdmt.com
URL: https://ad.atdmt.com/i/img;adv=11122207570744;ec=11122226302456;adv.a=6266241;c.a=26163783;s.a=3213511;p.a=307934702;a.a=500490566;cache=1269562794;

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEI03-UEx2uJYz9KqJQkHoJM&google_cver=1&google_push=AehlK4AGNZhrxOEHdTXeragxmAG4fU_MuJBkLBQ5ysEb1ATuZxjlrURqEZjet_zBTOFJoTP4TzL0n726mccrnpS0oOX-Ezk0NJlgn1OfVNm-L88DOTU7kpU00iRIQjBUN0dzXIVMihjUZVyXcXoz9uGa9IRx

Domain: ad.atdmt.com
URL: https://ad.atdmt.com/i/img;adv=11122207570744;ec=11122226302456;adv.a=6266241;c.a=26163783;s.a=3213511;p.a=307934702;a.a=500490566;cache=3104329210;

Verdicts & Comments Add Verdict or Comment

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.reto-bucher.ch/	1970-01-20 14:57:52	Name: __gads Value: ID=c0386e92e66eef07-22a6c65a0bce009f:T=1661776736:RT=1661776736:S=ALNI_MZ12kjHSDiSJGRHfeUDqDWBSSD2Ew
.doubleclick.net/	1970-01-20 05:36:20	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 07:45:52	Name: uuid2 Value: 1877715220868010226
.doubleclick.net/	1970-01-20 14:57:52	Name: IDE Value: AHWqTUlv-OoQNTHzVk0j2LCm_PZwxgoUZB0iSwhLX0KQtp2ZocgELr8WeszstX35tsc
.quantserve.com/	1970-01-20 07:45:52	Name: d Value: EEIBCQH8JoEA
.quantserve.com/	1970-01-20 15:06:31	Name: mc Value: 630cb362-2e22c-e5686-3bf68
.casalemedia.com/	1970-01-20 07:45:52	Name: CMPS Value: 5170
.adnxs.com/	1970-01-20 07:45:52	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?ar-hH.!]tbPl1M>e)ZlrFUfJ+tGXxo<M`LY`D?uPg>N$8tE#LMlVYPX*YZR]?VvEqw3If)y3KL9D3I?+[4+EfM
.casalemedia.com/	1970-01-20 14:21:52	Name: CMID Value: YwyzYkPxFDaDpLTiNL1twwAA
.casalemedia.com/	1970-01-20 07:45:52	Name: CMTS Value: 1179
.casalemedia.com/	1970-01-20 07:45:52	Name: CMPRO Value: 1177

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://inspire-publicite.fr/wp-content/themes/fashify/ph/ba2300x250.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEN5IGuA2qoQgXIafHFoUQpA&google_cver=1&google_push=AehlK4Ch1Zpe0u4EiTCyPNBgfb3cujSBONRYLSwOslekkgJL7Je6JpLbSAuDftIatUzNtGkxETk5rEpW13Hc0aMbXpapvfRj0jE Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEI03-UEx2uJYz9KqJQkHoJM&google_cver=1&google_push=AehlK4AGNZhrxOEHdTXeragxmAG4fU_MuJBkLBQ5ysEb1ATuZxjlrURqEZjet_zBTOFJoTP4TzL0n726mccrnpS0oOX-Ezk0NJlgn1OfVNm-L88DOTU7kpU00iRIQjBUN0dzXIVMihjUZVyXcXoz9uGa9IRx Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE
network	error	URL: https://ad.atdmt.com/i/img;adv=11122207570744;ec=11122226302456;adv.a=6266241;c.a=26163783;s.a=3213511;p.a=307934702;a.a=500490566;cache=1269562794; Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
network	error	URL: https://ad.atdmt.com/i/img;adv=11122207570744;ec=11122226302456;adv.a=6266241;c.a=26163783;s.a=3213511;p.a=307934702;a.a=500490566;cache=3104329210; Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.atdmt.com
adservice.google.com
adservice.google.fr
cm.g.doubleclick.net
cms.quantserve.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googlecm.hit.gemius.pl
ib.adnxs.com
image6.pubmatic.com
inspire-publicite.fr
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
reto-bucher.ch
rtb.openx.net
s0.2mdn.net
ssum-sec.casalemedia.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.reto-bucher.ch
ad.atdmt.com
googlecm.hit.gemius.pl
104.18.18.126
104.18.19.126
142.250.186.98
149.13.127.176
172.217.16.194
185.64.190.78
185.89.210.46
199.59.247.73
2620:116:800d:21:e365:4988:e8a7:3270
2a00:1450:4001:80e::2006
2a00:1450:4001:810::2001
2a00:1450:4001:812::2002
2a00:1450:4001:813::2002
2a00:1450:4001:827::2003
2a00:1450:4001:829::2003
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2002
2a00:1450:4001:830::2004
2a00:1450:400e:80d::200a
34.243.174.74
34.98.67.61
35.227.252.103
69.173.144.139
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
060c1e248880c1c961449c7bac542cb62359abc48929363e8c4f43110a5d8c9f
0aa6a7045a55ddcb25bbee4d1edcb864081cf59f7fc9bdc1ada22a32ed4ad3ad
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0eb454a2e6d3e8e6f0acd6597b72403e606ad94a49b67108b773a2e5d1203c36
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
16913734881343d57d35989a4e2021c7c6742cab15c977f921911d47f383ad6f
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b
25b19ba6f20bdbc6c18c397c5b68bc24dfe7fa476734c33567061bbc7448704c
29827c6c6599feb49c9f722db9185ab508fcfe048f1b91dc505074ab13dda8a8
2a664bc3b0eaf4b99ca764d37afd95cb722f554d3140fe1b9f23fcb58eb2034d
2fce2bed692dd86f1e60b48f7c1bae31f2bbc42744204e15f7f2bd082df9d4e8
302f8ae84ad5c019a7a821d1f1a34ecebb7ac620df8e1dfdba25a2dd8bf32083
40b2f0d245aae25a87f465c75c9e453ff5fae29fc9382dcba359ba81edb9bbeb
40b5f6acfe971488e28b4570d0b485406d6a56cbdf45e86f0df9b1f040eb6d0d
40e3f1c2150221dfa157ccc4dd537db5a350de0dc13ee0bb34a3fa41ba7bb9c7
491974e7f02ca42261b4d660073f3498c3a7db8c229b6a7353b3a36284010ea6
4a69d90928a45da50e200b7551b93c7e64f41aaf78f0626da0819b131d12c0ff
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
58f3ac2521e209d4bbd244fc6ebd663226ddf286a72c782d977753232dbb3047
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
628fb9a27802547c32fef63322ce9de4528b057bda8fd569e05571a81d638aea
6aa68b99e95d0356240b62723e6685748bc4e705f0b5817a35e989f0e8343b08
6b0b111ca14c2147a0f0cb51f1317290eb5ec19b4a9bea595a5ad7ffb7d9661a
6ebb4e2ba1cd8f13c82bdee71f61d73fa341b8b03b4bfe496bc9b2e0fc141034
76b97e7b4ea9c5d4d0afc1907d75e7ea98a1b56333e11509d83ee1618caa5f4c
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7c85af7944b72d5b5f21ea0f1e8dd572133b1dae754f1a660eb7e9f53e962afa
8604c2f5fb82387e8dea0db9949f94efc13fd436ca45594225cd89e36b0a0293
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
9091dec867a1dc7341bf0aa79915415e24203019aa46230a6210b98187493570
975493b36ff51cc1a52bb40cb7249b2b742b04be006435d698c2651562f1e513
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
996a1f5a0ba0e8a95b8115136f86e341fd20bf7481adcf39488dad69e36621dd
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e46d0eff446c60d926ab68094e9951ad61d82539991999a5379124cc74ff95
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
aaaf3639b86e87a34de09d470f831de583c4217b607ee3fa1701e5ede95ca588
acfb2f12f1ebabf1d264b26e9ca593c2e239913b729c66239755c98e36d07285
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b17c764df58b6fa16e7ef00dc64de60f4903ff86cb3e40f18dbe28cf56bb0b88
b1b25e73cb484f20e9a1d8b5a735745427d2c86570ab4d294b46b1a34741191d
b38bf480735ea9ba16486c96e38f0048c5a067de8bacadf74b154c496a1ca2b2
b7839bf7ee01bf1298b4c66a7bd3c4f83b92fc8da40dfa8a64550499a3775335
ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
be85c8fcba132a1606675f94532d66901af274126841b08a48e8ef9cc2c907d5
c0d0b5ecf5aa2cd5475929aefcb44d67c5d5cc8cbcdb3991e45f0944f0344619
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c9499ea51a2956fd2c1600591ae117fe9ad81065d625b1b2c593c7720e5b228f
cca59894ce1e7b8db6c74eb354bca5b021fe6e72f059b6b6ab8eef9d0c617ace
d426b9c09455e4b7a8f8779cc3650fb9831f3bca5adc065c57321ea3946c16dd
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e77f3fb3db221080063ae05da7ed2c414390248bc747aa1e83504a961e5f15ba
eac849721dd7a8990e3795d3fba6dbdc760217038f22c9acef5204938790ff0c
eb21efe66e34d71e9267dc094bf2e3d80eebb222f10bc8c24e79d892734b2e87
ee8402772fdd6c3ad38ec6299050c82d6a1c535f44a6dcc8191bda787f28e931
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4ebbbe9e2cb7f812044295bf4773dbd8e6170652eb80e91cba87643fe176ddb
f6a9528dd6c7b67541d724b2c20ca5b3aedc5305719423d589c56abe8ab7675c
f7cc54e11e8803821e89c52c6bf1ddb5f919de11d65bf96bb2fb9f6795e2bf7b
f92a66e939d10f5e5b0e25c00a6066943fceaed359b5db30946732fd8591d99f
f964612ea368ffe1d612a004f0a0e05453155fa7cb27dff624e5ada25c6847fb
fa6c871c62ea22ed5be29bb97d16d1115899658f093fc510fa38ba835a16d142
fffe3f157fb78e4867c3e9f5bf65ccb3b720da64c26fb9c9e5a10d31afb12929

reto-bucher.ch Open in urlscan Pro 149.13.127.176 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

140 Requests

87 %HTTPS

48 %IPv6

21 Domains

28 Subdomains

21 IPs

7 Countries

1455 kBTransfer

4357 kBSize

11 Cookies

13 Outgoing links

Page URL History

Redirected requests

140 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

reto-bucher.ch Open in urlscan Pro
149.13.127.176 Public Scan

Screenshot
Live screenshot

Full Image

140
Requests

87 %
HTTPS

48 %
IPv6

21
Domains

28
Subdomains

21
IPs

7
Countries

1455 kB
Transfer

4357 kB
Size

11
Cookies

140 HTTP transactions
3 data transactions