observer.com Open in urlscan Pro
192.0.66.160 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://observer.com/
Effective URL:
https://observer.com/
Submission: On April 29 via api (April 29th 2022, 10:48:09 am UTC) from GB — Scanned from GB

Summary HTTP 208 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 51 IPs in 7 countries across 36 domains to perform 208 HTTP transactions. The main IP is 192.0.66.160, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is observer.com. The Cisco Umbrella rank of the primary domain is 122557.
TLS certificate: Issued by R3 on March 29th 2022. Valid for: 3 months.

This is the only time observer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
44	192.0.66.160 192.0.66.160	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	13.225.80.38 13.225.80.38	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	99.86.7.62 99.86.7.62	16509 (AMAZON-02) (AMAZON-02)
1	13.227.217.72 13.227.217.72	16509 (AMAZON-02) (AMAZON-02)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
7	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	75.2.40.13 75.2.40.13	16509 (AMAZON-02) (AMAZON-02)
1	54.144.144.142 54.144.144.142	14618 (AMAZON-AES) (AMAZON-AES)
8	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
6	18.64.107.176 18.64.107.176	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:226... 2600:9000:2261:f800:11:b309:9100:21	16509 (AMAZON-02) (AMAZON-02)
1	54.231.135.153 54.231.135.153	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:226... 2600:9000:2261:c000:5:82fd:2500:21	16509 (AMAZON-02) (AMAZON-02)
1	46.105.202.126 46.105.202.126	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
2	51.89.42.86 51.89.42.86	16276 (OVH) (OVH)
11	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
1	3.236.169.28 3.236.169.28	14618 (AMAZON-AES) (AMAZON-AES)
1 4	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
3	34.98.72.95 34.98.72.95	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
1	104.102.29.148 104.102.29.148	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	34.120.253.250 34.120.253.250	15169 (GOOGLE) (GOOGLE)
3 4	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
3 5	184.87.213.8 184.87.213.8	16625 (AKAMAI-AS) (AKAMAI-AS)
3 5	185.33.221.50 185.33.221.50	29990 (ASN-APPNEX) (ASN-APPNEX)
33	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
6	34.200.155.146 34.200.155.146	14618 (AMAZON-AES) (AMAZON-AES)
2	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:3175:5196:e3fd:8c1d	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 3	13.32.121.72 13.32.121.72	16509 (AMAZON-02) (AMAZON-02)
1	34.111.8.32 34.111.8.32	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:402... 2a00:1450:4025:401::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:225... 2600:9000:225f:0:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700::68... 2606:4700::6810:9540	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.19.150.54 104.19.150.54	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.241.9.51 35.241.9.51	15169 (GOOGLE) (GOOGLE)
7	34.107.254.252 34.107.254.252	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700:10:... 2606:4700:10::6814:b944	13335 (CLOUDFLAR...) (CLOUDFLARENET)
208	51

44 192.0.66.160 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

observer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.80.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-38.fra2.r.cloudfront.net

htlbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.7.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-62.fra6.r.cloudfront.net

ak.sail-horizon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.217.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-217-72.ams54.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 75.2.40.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa7557bb34ea5624b.awsglobalaccelerator.com

api.sail-personalize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.144.144.142 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-144-142.compute-1.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.64.107.176 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-107-176.txl50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2261:f800:11:b309:9100:21 (United States)

ASN16509 (AMAZON-02, US)

d15kdpgjg3unno.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.231.135.153 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

ams-pageview-public.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2261:c000:5:82fd:2500:21 (United States)

ASN16509 (AMAZON-02, US)

dyv1bugovvq1g.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.202.126 (France)

ASN16276 (OVH, FR)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.42.86 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p26.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.236.169.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-236-169-28.compute-1.amazonaws.com

sqs.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.72.95 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 95.72.98.34.bc.googleusercontent.com

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.102.29.148 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-29-148.deploy.static.akamaitechnologies.com

s.ntv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.226 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 184.87.213.8 (Milan, Italy) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-87-213-8.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.221.50 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.200.155.146 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-155-146.compute-1.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:3175:5196:e3fd:8c1d (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.121.72 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-72.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.8.32 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 32.8.111.34.bc.googleusercontent.com

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4025:401::9d (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225f:0:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.150.54 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.9.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.9.241.35.bc.googleusercontent.com

3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.107.254.252 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 252.254.107.34.bc.googleusercontent.com

api.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	observer.com observer.com — Cisco Umbrella Rank: 122557	375 KB
33	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 247	763 KB
26	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 123	139 KB
18	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 166 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 191 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 277 stats.g.doubleclick.net — Cisco Umbrella Rank: 71	213 KB
9	permutive.com cdn.permutive.com — Cisco Umbrella Rank: 2305 api.permutive.com — Cisco Umbrella Rank: 1801	92 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 32	77 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 465	114 KB
6	postrelease.com jadserve.postrelease.com — Cisco Umbrella Rank: 1016	4 KB
6	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 279	42 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 217	5 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 503	4 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 368	112 KB
5	bounceexchange.com assets.bounceexchange.com — Cisco Umbrella Rank: 1928 tag.bounceexchange.com — Cisco Umbrella Rank: 2200 api.bounceexchange.com — Cisco Umbrella Rank: 2253	105 KB
5	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 61 www.google.com — Cisco Umbrella Rank: 2	2 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 127	2 KB
3	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1455 id5-sync.com — Cisco Umbrella Rank: 635	12 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 101	428 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 131	114 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 867 pixel.quantserve.com — Cisco Umbrella Rank: 393	10 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 158	74 KB
2	google.co.uk adservice.google.co.uk — Cisco Umbrella Rank: 5284 www.google.co.uk — Cisco Umbrella Rank: 3402	1 KB
2	amazonaws.com ams-pageview-public.s3.amazonaws.com — Cisco Umbrella Rank: 18286 sqs.us-east-1.amazonaws.com — Cisco Umbrella Rank: 4477	1 KB
2	cloudfront.net d15kdpgjg3unno.cloudfront.net dyv1bugovvq1g.cloudfront.net	21 KB
2	sail-personalize.com api.sail-personalize.com — Cisco Umbrella Rank: 2474	474 B
2	wp.com stats.wp.com — Cisco Umbrella Rank: 2415 pixel.wp.com — Cisco Umbrella Rank: 2324	3 KB
2	parsely.com cdn.parsely.com — Cisco Umbrella Rank: 2512 p1.parsely.com — Cisco Umbrella Rank: 1976	21 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 53	134 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 730	452 B
1	prmutv.co 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co — Cisco Umbrella Rank: 368930	392 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 807	354 B
1	ntv.io s.ntv.io — Cisco Umbrella Rank: 3202	115 KB
1	gstatic.com fonts.gstatic.com	27 KB
1	sail-horizon.com ak.sail-horizon.com — Cisco Umbrella Rank: 2580	43 KB
1	htlbid.com htlbid.com — Cisco Umbrella Rank: 15774	115 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 39	996 B
0	atdmt.com Failed ad.atdmt.com Failed
208	36

	Domain	Requested by
44	observer.com	observer.com
33	s0.2mdn.net	observer.com s0.2mdn.net
13	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
11	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com observer.com 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com s0.2mdn.net
8	securepubads.g.doubleclick.net	htlbid.com securepubads.g.doubleclick.net observer.com www.googletagservices.com
7	api.permutive.com	cdn.permutive.com
7	www.google-analytics.com	observer.com www.google-analytics.com www.googletagmanager.com
6	cdn.cookielaw.org	observer.com cdn.cookielaw.org
6	jadserve.postrelease.com	s.ntv.io
6	c.amazon-adsystem.com	htlbid.com c.amazon-adsystem.com
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net cdn.permutive.com
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	www.google.com	1 redirects tpc.googlesyndication.com 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
3	sb.scorecardresearch.com	1 redirects observer.com
3	googleads.g.doubleclick.net	2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com observer.com
3	assets.bounceexchange.com	securepubads.g.doubleclick.net tag.bounceexchange.com assets.bounceexchange.com
2	www.facebook.com
2	cdn.permutive.com	observer.com cdn.permutive.com
2	connect.facebook.net	observer.com connect.facebook.net
2	googleads4.g.doubleclick.net	observer.com
2	www.googletagservices.com	securepubads.g.doubleclick.net 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
2	id5-sync.com	cdn.id5-sync.com
2	2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	api.sail-personalize.com	ak.sail-horizon.com
2	www.googletagmanager.com	observer.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co	cdn.permutive.com
1	pixel.quantserve.com
1	rules.quantcount.com	secure.quantserve.com
1	www.google.co.uk
1	stats.g.doubleclick.net	www.google-analytics.com
1	api.bounceexchange.com	assets.bounceexchange.com
1	secure.quantserve.com	www.googletagmanager.com
1	tag.bounceexchange.com	assets.bounceexchange.com
1	s.ntv.io	observer.com
1	sqs.us-east-1.amazonaws.com	d15kdpgjg3unno.cloudfront.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.co.uk	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	observer.com
1	dyv1bugovvq1g.cloudfront.net	htlbid.com
1	ams-pageview-public.s3.amazonaws.com
1	d15kdpgjg3unno.cloudfront.net	htlbid.com
1	pixel.wp.com	observer.com
1	p1.parsely.com	observer.com
1	fonts.gstatic.com	fonts.googleapis.com
1	stats.wp.com	observer.com
1	cdn.parsely.com	observer.com
1	ak.sail-horizon.com	observer.com
1	htlbid.com	observer.com
1	fonts.googleapis.com	observer.com
0	ad.atdmt.com Failed	2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
208	53

This site contains links to these domains. Also see Links.

Domain
www.observer.com
artobserved.observer.com
observermedia.com
www.facebook.com
twitter.com
www.linkedin.com
instagram.com
privacyportal.onetrust.com
wpvip.com
onetrust.com

Subject Issuer	Validity	Valid
observer.com R3	`2022-03-29` - `2022-06-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
htlbid.com Amazon	`2021-11-21` - `2022-12-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
ak.sail-horizon.com Amazon	`2022-01-06` - `2023-02-02`	a year	crt.sh
*.parsely.com Amazon	`2021-07-05` - `2022-08-03`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
api.sail-personalize.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.s3.amazonaws.com Amazon	`2021-12-15` - `2022-12-03`	a year	crt.sh
cdn.id5-sync.com R3	`2022-04-13` - `2022-07-12`	3 months	crt.sh
*.google.co.uk GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
queue.amazonaws.com Amazon	`2021-10-15` - `2022-10-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2022-04-14` - `2022-07-13`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.ntv.io DigiCert SHA2 Secure Server CA	`2021-12-04` - `2022-12-06`	a year	crt.sh
tag.bounceexchange.com R3	`2022-03-23` - `2022-06-21`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.postrelease.com Amazon	`2021-12-28` - `2023-01-25`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-02-05` - `2022-05-06`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
*.wunderkind.co R3	`2022-04-15` - `2022-07-14`	3 months	crt.sh
www.google.co.uk GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
permutive.com Cloudflare Inc ECC CA-3	`2022-02-26` - `2023-02-25`	a year	crt.sh
*.prmutv.co R3	`2022-04-12` - `2022-07-11`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
api.permutive.com R3	`2022-02-18` - `2022-05-19`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh

This page contains 13 frames:

Primary Page: https://observer.com/
Frame ID: E38B0A842E11C7BBEFC277A1A315D143
Requests: 128 HTTP requests in this frame

Frame: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 365199AD0D736C975AC82CF676CB87A5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0ECA80AF573374C4D8D5319878577DFB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BC27092E13F2D7C35F70B368A6BDB69A
Requests: 2 HTTP requests in this frame

Frame: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3861C50E5C0BA207C102A8C36089BC58
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstrVsN2hsTDI4RyoFXCy10_INQiNb_PNJh6pw0SPyfcTxzBozb33ad-7JWISnq7tDHcc88JWeG4FEs09agTbv8Dtr4T6eU4SQuCHds8xN2QD1x2A_Ho0726p9mGsLJ-G7rN3pxXQY2cmJiDXCrMj6XyWK4K1OmypVeV8AllY9JWqtbHeJ3xzNTPtAfFMDfipvCSaKAMTrbYgYyodDLr7eQ4zT3YQ9hhXNiDgy2qOVZlHL78NMZzq0EpUBOi3f-WJn1Oj9yJ6Oaci75ar8wZoGnS4_bj91wLrk92OT9XPl61LlebFfgAOczT&sai=AMfl-YQ_i7ksQKWwI70ZuCCVk098kAf-ioESov8bBaOg8L7oPeJxOAxzfswqQYE85DG0B2HbLpaCgkA-KlswohmiKXwhDGlkhXMrHBG_YyGbMbcmFLYHw3UjLwtmgl9Ndeg&sig=Cg0ArKJSzHDXpwnVMnqLEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 74395D43A43F1B154872B735D54A6BA0
Requests: 4 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs
Frame ID: C23A0D01135F0EE9108282F8BB818826
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSJ2QEQxKHxARilnOzBATAB&v=APEucNUl0M7sc9MuGliSJCnwBVHefTHZVmw4AY0BRaAeWyhBPfEms8e4AvdPUaSo7rvlyc2NRPGQy9pWCm6iHBZOU09x7w0lLmZsXP9Jgh7KmFSRvWZpVdLKJ9CQufO9N9UYEyoStmK4Z-yHQTfIugxPmuOQ6BNM_zCqIYHomO8eb06zaOLq240
Frame ID: BEE0A093B444BDB482C396B80E7A610D
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 492FF1977815038F4F04E98425A74DCB
Requests: 3 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Frame ID: AA489A93525DA6258B80341C524718F1
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
Frame ID: E35CCF714F7B0C3984D0BEEC6916629E
Requests: 34 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js
Frame ID: BDFC479463C38AFB6BE4B278B808077B
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: D8B73846EBD16D94E94425240EE72D0A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Latest News and Trends | ObserverBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

http://observer.com/ HTTP 307
https://observer.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Backbone.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

backbone.*\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

208
Requests

96 %
HTTPS

48 %
IPv6

36
Domains

53
Subdomains

51
IPs

7
Countries

2737 kB
Transfer

7847 kB
Size

29
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.observer.com/music
Title: Music

Search URL Search Domain Scan URL

URL: https://www.observer.com/lifestyle
Title: Lifestyle

Search URL Search Domain Scan URL

URL: https://artobserved.observer.com/home
Title: Events

Search URL Search Domain Scan URL

URL: http://observermedia.com/contact/
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.facebook.com/observer

Search URL Search Domain Scan URL

URL: https://twitter.com/observer

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/observer-media

Search URL Search Domain Scan URL

URL: https://instagram.com/observer

Search URL Search Domain Scan URL

URL: http://observermedia.com/privacy-policy
Title: Privacy

Search URL Search Domain Scan URL

URL: http://observermedia.com/terms
Title: Terms

Search URL Search Domain Scan URL

URL: https://privacyportal.onetrust.com/webform/8bf444f2-ddd6-41ff-8e24-b69ac0176e05/19c22396-023a-465c-a9c0-d9f831d1d9cd
Title: Do not sell my data

Search URL Search Domain Scan URL

URL: https://wpvip.com/?utm_source=vip_powered_wpcom&utm_medium=web&utm_campaign=VIP%20Footer%20Credit&utm_term=observer.com
Title: WordPress VIP

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://observer.com/ HTTP 307
https://observer.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 106

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ7pkQyRzwPcUslK7UN2bf4&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ7pkQyRzwPcUslK7UN2bf4&google_cver=1&C=1

Request Chain 108

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YmvCZs9Yc2dszW5hQk0KagAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ7pkQyRzwPcUslK7UN2bf4&google_cver=1

Request Chain 109

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELoE15imaeVYb3BBQnvMfR0&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELoE15imaeVYb3BBQnvMfR0%26google_cver%3D1

Request Chain 110

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMyODU4MDE2Njk0MTAzMDIyOQ%3D%3D

Request Chain 140

https://sb.scorecardresearch.com/b?c1=2&c2=13507040&ns__t=1651229286957&ns_c=UTF-8&cv=3.5&c8=Latest%20News%20and%20Trends%20%7C%20Observer&c7=https%3A%2F%2Fobserver.com%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=13507040&ns__t=1651229286957&ns_c=UTF-8&cv=3.5&c8=Latest%20News%20and%20Trends%20%7C%20Observer&c7=https%3A%2F%2Fobserver.com%2F&c9=

208 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
observer.com/
Redirect Chain

http://observer.com/
https://observer.com/

184 KB
31 KB

133ms
41ms

Document
text/html

192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx / WordPress VIP <https://wpvip.com>

Resource Hash

cd68eb5bb9a8dd7259da2aa5995caf0ee453fffdc7de30c5b1ece9d9f3653144

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 1768
cache-control: max-age=300, must-revalidate
content-encoding: gzip
content-length: 31018
content-type: text/html; charset=UTF-8
date: Fri, 29 Apr 2022 10:48:04 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://observer.com/wp-json/>; rel="https://api.w.org/" <http://nyob.co/N5PKir>; rel=shortlink
server: nginx
strict-transport-security: max-age=31536000;includeSubdomains;preload
vary: Accept-Encoding
x-cache: hit
x-frame-options: SAMEORIGIN
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: lhr2 0 4 9980

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://observer.com/
Non-Authoritative-Reason: HSTS

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
996 B 139ms
49ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Libre+Franklin:wght@400;600;700&display=swap

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

551a581425db56200ae928c59b86aabfb3853ff609411cd763c6044244a7ad49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 29 Apr 2022 10:48:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 29 Apr 2022 10:48:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 29 Apr 2022 10:48:04 GMT

GET
H2 200 flexslider-icon.woff2
observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/ 748 B
940 B 41ms
40ms Font
font/woff2 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/flexslider-icon.woff2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6eb7a18174bf6a3ba003999e45eecbb81059c52b2c7b2da91b85e944e948c6e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

Referer: https://observer.com/
Origin: https://observer.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
content-encoding: gzip
vary: X-Mobile-Class
age: 14
x-cache: hit
content-length: 771
x-rq: lhr2 0 4 9980
last-modified: Wed, 27 Apr 2022 16:27:01 GMT
server: nginx
etag: W/"62696ed5-2ec"
strict-transport-security: max-age=31536000;includeSubdomains;preload
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 jquery.min.js Show response
observer.com/wp-includes/js/jquery/ 87 KB
30 KB 42ms
41ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 18:58:42 GMT
server: nginx
age: 153299
etag: W/"6266ef62-15db1"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 30953
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 main.min.css
observer.com/wp-content/themes/newyorkobserver-2014/dist/css/ 69 KB
12 KB 70ms
70ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=04282032

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c8625070b52b3c85fa180484198ab129c32b8e6d6135c34ff52791c940818106

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Thu, 28 Apr 2022 16:37:45 GMT
server: nginx
age: 65267
etag: W/"626ac2d9-11292"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 12476
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 htlbid.js Show response
htlbid.com/v3/observer.com/ 497 KB
115 KB 162ms
47ms Script
application/javascript 13.225.80.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.80.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-80-38.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: edb6ba9a0e9a4d34eb07285a13b3e44e649020fed6eb8a6e4abb40c9e8b6fca5

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:47:04 GMT
content-encoding: br
last-modified: Wed, 27 Apr 2022 19:47:44 GMT
server: AmazonS3
age: 61
etag: W/"4b53fab728089a02330f80b28a9a2b40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
cache-control: max-age=600
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: w-JMhQnkqRUGTJQWx_nwzFoZfnb8h3gLXMFzzC8KrDlKRZCLR2rfpg==

GET
H2 200 default.min.css
observer.com/wp-content/themes/newyorkobserver-2014/dist/css/ 67 KB
10 KB 46ms
43ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/default.min.css?ver=04282032

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2b25c43e8c0976e2628a53a3381870fd810f7065a72f736148e59092e93e7c7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Thu, 28 Apr 2022 16:37:45 GMT
server: nginx
age: 65267
etag: W/"626ac2d9-10c8c"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 10065
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 print.min.css
observer.com/wp-content/themes/newyorkobserver-2014/dist/css/ 143 B
196 B 51ms
49ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/print.min.css?ver=04282032

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c0eb09d747f4cb0d61057afe50609d7419873b0bdbc56f6965f3098a1cf6d975

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:36 GMT
server: nginx
age: 65315
etag: "6266b938-8f"
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 143
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
observer.com/wp-includes/js/mediaelement/ 11 KB
3 KB 84ms
81ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 18:58:42 GMT
server: nginx
age: 153298
etag: W/"6266ef62-2bf8"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 2592
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 wp-mediaelement.min.css
observer.com/wp-includes/js/mediaelement/ 4 KB
1 KB 84ms
82ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.9.3

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 18:58:42 GMT
server: nginx
age: 153298
etag: W/"6266ef62-105a"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 1156
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 style.css
observer.com/wp-content/themes/newyorkobserver-2014/nyo-plugins/dist/css/ 15 KB
2 KB 84ms
82ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/nyo-plugins/dist/css/style.css?ver=1.2.1-1651076821

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b390a5952e79c49c5fb91f3493424e85464747544fe1ccadef9e21dfece884c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Wed, 27 Apr 2022 16:27:01 GMT
server: nginx
age: 65315
etag: W/"62696ed5-3d25"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 2220
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 lasso-live.css
observer.com/wp-content/plugins/lasso/admin/assets/css/ 26 KB
4 KB 93ms
91ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/lasso/admin/assets/css/lasso-live.css?v=1651076821&ver=253

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

36e24dc06e51fdd9b13497039bf3c286b61476669c715a274b9a6703b4000a2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:35 GMT
server: nginx
age: 65315
etag: W/"6266b937-698a"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 4005
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 jetpack.css
observer.com/wp-content/mu-plugins/jetpack-10.8/css/ 86 KB
17 KB 85ms
83ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/mu-plugins/jetpack-10.8/css/jetpack.css?ver=10.8

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

420033f9eaf95478a450e558f93ae6d7a5ad950c3e78f38832b47f9e2164418a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Thu, 31 Mar 2022 20:08:13 GMT
server: nginx
age: 153298
etag: W/"62460a2d-15854"
vary: Accept-Encoding
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 16957
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 media-credit.css
observer.com/wp-content/plugins/media-credit/css/ 109 B
158 B 91ms
89ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/media-credit/css/media-credit.css?ver=2.7.5

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f8c75a1076576464dd8faee80f57812b9a20f9d53977c896824ec1bd58614aa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:36 GMT
server: nginx
age: 153298
etag: "6266b938-6d"
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-cache: hit
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 109
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 180 KB
67 KB 142ms
50ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-T9PLB60R8S

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

59cb6859f782d767beb9b2ccfa211485d6bf8ef34c2ade5d06d3ba8e9d87ad6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67706
x-xss-protection: 0
expires: Fri, 29 Apr 2022 10:48:04 GMT

GET
H2 200 spm.v1.min.js Show response
ak.sail-horizon.com/spm/ 121 KB
43 KB 148ms
45ms Script
application/javascript 99.86.7.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.sail-horizon.com/spm/spm.v1.min.js?ver=5.5.1
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-62.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:42:34 GMT
content-encoding: gzip
last-modified: Tue, 08 Jun 2021 04:22:34 GMT
server: AmazonS3
age: 331
etag: W/"b22b4f4738e8722be1636447be239da2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f2ee8ec5deee40e44013272a9c7aa35c.cloudfront.net (CloudFront)
cache-control: max-age=600; must-revalidate
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: 4dYSzKepKRzPEfZawXWSa-MFm3tzh4uvEHaVetzws5otuSs8fAAwag==

GET
H2 200 sailthru.js Show response
observer.com/wp-content/plugins/hc-sailthru/assets/js/ 761 B
509 B 46ms
41ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/hc-sailthru/assets/js/sailthru.js?ver=20211026

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b6cf23ed282a5cb25c43c5923908a43cc8c4c9e92b23a1f73eb7b0af46ef6534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:35 GMT
server: nginx
age: 153256
etag: W/"6266b937-2f9"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 428
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 helpers.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 922 B
576 B 46ms
42ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/helpers.js?ver=2021.07.14

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c0472ab03b5cc819b6f3a01c3d0519af30215aed943bd77a11d9625f93b4ab55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:36 GMT
server: nginx
age: 153298
etag: W/"6266b938-39a"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 495
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 jquery.flexslider.min.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/vendor/ 21 KB
6 KB 52ms
48ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/vendor/jquery.flexslider.min.js?ver=2.2.2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d747bc0ec8a549bb25f0bab199d8e3019bcea7cfaf1438d55da2fabcff48f2c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:36 GMT
server: nginx
age: 153298
etag: W/"6266b938-5429"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 6343
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 theme.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 5 KB
2 KB 46ms
42ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/theme.js?ver=1.2.1.2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0ca4a39fb2730917c3573fe56f7641651ab7b4af1937779f60cd57728f0c009d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:36 GMT
server: nginx
age: 153298
etag: W/"6266b938-144e"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 2011
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 sailthru-widget.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 1 KB
611 B 46ms
42ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/sailthru-widget.js?ver=2021.10.26

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e9e8d4d98627ac65b51911ef77ca7ebe7a69f09c71e6bab01b5c5b01a4c3d297

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:36 GMT
server: nginx
age: 153298
etag: W/"6266b938-437"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 559
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 delay-load.js Show response
observer.com/wp-content/plugins/xcurrent/assets/js/ 3 KB
1 KB 46ms
42ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/xcurrent/assets/js/delay-load.js?ver=8f7693010179fc5007dacef632d329a6

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ef5f8d6a9ea52bd9b20497b837b74bde31586062d5b0e16be75f8bbdffc29840

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:36 GMT
server: nginx
age: 153298
etag: W/"6266b938-b50"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 1237
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 lazy-load.js Show response
observer.com/wp-content/plugins/xcurrent/assets/js/ 8 KB
4 KB 53ms
50ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/xcurrent/assets/js/lazy-load.js?ver=6bd186b35f60946321703040eae7bccf

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6c05e433ca10b433edfc856fd903cb5f2da848a54e4507642a48981deed8bb05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:36 GMT
server: nginx
age: 153298
etag: W/"6266b938-214a"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 3784
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 script-queue.js Show response
observer.com/wp-content/plugins/xcurrent/assets/js/ 3 KB
2 KB 54ms
51ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a384a78bc8bee6afceab3ff107315b1bdcc0fd2622246826d16b503e742a8cdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:36 GMT
server: nginx
age: 153298
etag: W/"6266b938-dd9"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 1492
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 p.js Show response
cdn.parsely.com/keys/observer.com/ 56 KB
21 KB 129ms
35ms Script
application/javascript 13.227.217.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/observer.com/p.js?ver=2.6.1
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.227.217.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-227-217-72.ams54.r.cloudfront.net
Software: nginx /
Resource Hash: c46b033d7688f2f46e87a04634a1389db91ceea1be9cb70d1ae9205819739a7e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: public
date: Fri, 29 Apr 2022 02:39:51 GMT
content-encoding: gzip
last-modified: Thu, 24 Mar 2022 17:02:52 GMT
server: nginx
age: 30947
etag: W/"623ca43c-e05a"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 38f6d324a75dff585b0ce25920fd4bda.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-pop: AMS54-C1
x-amz-cf-id: dL3okKqcectVn4o72UtoUi79Nhv4ByBy6TqdHPpwrdAQoNBthQVIbA==
expires: Sat, 30 Apr 2022 02:12:17 GMT

GET
H2 200 e-202217.js Show response
stats.wp.com/ 9 KB
3 KB 130ms
41ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202217.js
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-nc: HIT lhr
date: Fri, 29 Apr 2022 10:48:04 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 16 Apr 2023 23:34:10 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 133ms
40ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 1853
date: Fri, 29 Apr 2022 10:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 29 Apr 2022 12:17:11 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 search-ffffff.svg
observer.com/wp-content/themes/newyorkobserver-2014/images/ 2 KB
1 KB 85ms
85ms Image
image/svg+xml 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/images/search-ffffff.svg

Requested by

Host: observer.com
URL: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=04282032

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d17298826b7b7ed19af4942adf03fbcea7a7cd9cd5f25a5b9fb0674c71828c87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=04282032
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
content-encoding: gzip
x-rq: lhr2 0 4 9980
last-modified: Wed, 27 Apr 2022 16:27:01 GMT
server: nginx
age: 97
etag: W/"62696ed5-960"
vary: X-Mobile-Class
x-cache: hit
content-type: image/svg+xml
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 1039
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 observer-logo-white-2015.png
observer.com/wp-content/themes/newyorkobserver-2014/images/ 3 KB
3 KB 83ms
83ms Image
image/png 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/images/observer-logo-white-2015.png

Requested by

Host: observer.com
URL: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=04282032

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

74e72473f970d838c52ed8c8fadf1c25883dd561d66df3856bfc137b9da2fea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=04282032
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:36 GMT
server: nginx
age: 153298
etag: W/"6266b938-b7d"
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-cache: hit
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 2949
expires: Sat, 29 Apr 2023 10:48:04 GMT

GET
H2 200 jizDREVItHgc8qDIbSTKq4XkRiUf2zc.woff2
fonts.gstatic.com/s/librefranklin/v12/ 27 KB
27 KB 131ms
41ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/librefranklin/v12/jizDREVItHgc8qDIbSTKq4XkRiUf2zc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Libre+Franklin:wght@400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fedcdc389419bfa88ed3f2c226b9d043fa6d6ea927cadd49c833cbfcf0de3efb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://observer.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 17:51:54 GMT
x-content-type-options: nosniff
age: 233770
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27240
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:00:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 Apr 2023 17:51:54 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 92 KB
36 KB 50ms
49ms Script
application/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-NXSTMDF&cid=1044140522.1651229284

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f4d65809c5a2fbf5aa52c922cf5022be0a3962b0e2ecd85e63689de9f6e7b32c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36859
x-xss-protection: 0
last-modified: Fri, 29 Apr 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Apr 2022 10:48:04 GMT

OPTIONS
H2 200 simple
api.sail-personalize.com/v1/personalize/ Frame 0
0 361ms
114ms Preflight
text/plain 75.2.40.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.40.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-lib-version,x-referring-url
Access-Control-Request-Method: GET
Origin: https://observer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL
access-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE
access-control-allow-origin: https://observer.com
access-control-max-age: 1800
allow: HEAD,GET,OPTIONS
content-length: 18
content-type: text/plain
date: Fri, 29 Apr 2022 10:48:04 GMT

GET
H2 200 simple Show response
api.sail-personalize.com/v1/personalize/ 257 B
474 B 134ms
133ms Fetch
application/json 75.2.40.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Requested by: Host: ak.sail-horizon.com
URL: https://ak.sail-horizon.com/spm/spm.v1.min.js?ver=5.5.1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.40.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash: 84b5c03f217418806f3e831095b561d4a478fd37a94eb026ddf58200d34a7e4b

Request headers

x-lib-version: v1.0.1
accept-language: en-GB,en;q=0.9
authorization: Bearer eddd21a32bf5284abd9bc8ac7ddeec34
content-type: application/json
accept: application/json
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
x-referring-url: https://observer.com/

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:04 GMT
content-encoding: gzip
allowedorigins: *
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-store
access-control-allow-credentials: true
allowedheaders: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin
content-length: 173
allowedmethods: GET,OPTIONS
expires: -1

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
257 B 472ms
116ms Image
image/gif 54.144.144.142
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1651229284512&plid=91678123&idsite=observer.com&url=https%3A%2F%2Fobserver.com%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fobserver.com%2F&sref=&sts=1651229284508&slts=0&title=Latest+News+and+Trends+%7C+Observer&date=Fri+Apr+29+2022+10%3A48%3A04+GMT%2B0000+(GMT)&action=pageview&pvid=31573387&u=pid%3D625228f2e9ab0de52f6fc27a31011b45
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.144.144.142 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-144-144-142.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 29 Apr 2022 10:48:04 GMT
Cache-Control: no-cache
Last-Modified: Friday, 29-Apr-2022 10:48:04 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 41ms
40ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.8&blog=168679389&post=0&tz=-4&srv=observer.com&hp=vip&host=observer.com&ref=&fcp=293&rand=0.6099883945233047
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 29 Apr 2022 10:48:04 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 GettyImages-1230189217.jpeg
observer.com/wp-content/uploads/sites/2/2022/04/ 21 KB
21 KB 41ms
40ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/GettyImages-1230189217.jpeg?quality=80&w=970&h=375&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4f6ce8c320a409a7dcc375de74ce0c4c8f46f3f36a84581a9bedf44e10724156

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 109 32 443
last-modified: Thu, 28 Apr 2022 22:03:43 GMT
server: nginx
etag: "3fc58e625b21a47a"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 21626
expires: Fri, 28 Apr 2023 22:03:43 GMT

GET
H2 200 Square-Product-Collage-1.jpg
observer.com/wp-content/uploads/sites/2/2022/04/ 7 KB
7 KB 48ms
47ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/Square-Product-Collage-1.jpg?quality=80&w=300&h=225&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a2cb85858a82c5f7dd774025609b2865ea61f9c8c8429741084c46322110e88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 109 84 443
last-modified: Tue, 26 Apr 2022 12:32:18 GMT
server: nginx
etag: "49855178dfb01edd"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 7250
expires: Wed, 26 Apr 2023 12:32:18 GMT

GET
H2 200 GettyImages-1388006731-e1650865269830.jpg
observer.com/wp-content/uploads/sites/2/2022/04/ 11 KB
11 KB 55ms
54ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/GettyImages-1388006731-e1650865269830.jpg?quality=80&crop=0px%2C415px%2C3906px%2C2930px&resize=300%2C225&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9e72da32095ad1744a1cceaa506aba89e016f599dc1d6c1610ae4e05c93b5705

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 109 28 443
last-modified: Mon, 25 Apr 2022 08:10:54 GMT
server: nginx
etag: "5e217650d0359a23"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 11460
expires: Tue, 25 Apr 2023 08:10:54 GMT

GET
H2 200 meta-gov.png
observer.com/wp-content/uploads/sites/2/2022/04/ 53 KB
53 KB 56ms
55ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/meta-gov.png?crop=390px%2C31px%2C3204px%2C2403px&resize=300%2C225&quality=80&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

69fe947381440f4578916c2873d1b9265ea646133bd3f7596c00b5f07d390f56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 109 88 443
last-modified: Wed, 20 Apr 2022 16:12:59 GMT
server: nginx
etag: "e40f2538851d925f"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 54438
expires: Thu, 20 Apr 2023 16:12:59 GMT

GET
H2 200 RussianDoll_Season2_Episode1_00_21_43_18R.jpeg
observer.com/wp-content/uploads/sites/2/2022/04/ 8 KB
9 KB 55ms
55ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/RussianDoll_Season2_Episode1_00_21_43_18R.jpeg?quality=80&w=300&h=225&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

60ff5eddf6d5138be922750b05e6fea90405cd9dc2dbf8d16a6fe705473564a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 109 196 443
last-modified: Wed, 13 Apr 2022 14:42:04 GMT
server: nginx
etag: "a8014f31d035a802"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 8646
expires: Thu, 13 Apr 2023 14:42:04 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 84 KB
29 KB 147ms
55ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: htlbid.com
URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

72c47cf501e7ec69da0a142c9c696f0b9c9d8f90a4d3d86bb72f6226f2bd7386

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28748
x-xss-protection: 0
server: sffe
etag: "1199 / 634 of 1000 / last-modified: 1651183671"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 29 Apr 2022 10:48:04 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 135 KB
37 KB 179ms
62ms Script
application/javascript 18.64.107.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: htlbid.com
URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.107.176 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-107-176.txl50.r.cloudfront.net
Software: Server /
Resource Hash: 1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-amz-version-id: STlSjRvyyTgJyl_raxUeHIFBn6F5DqB3
content-encoding: gzip
etag: 4abd427e43cd6822329a2c05539e321f
age: 345
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 0H4MAHMQZHYERA95ZWCB
date: Fri, 29 Apr 2022 10:44:18 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1a620bb236f3df5588fc787c47ccfafa.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: TXL50-P4
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: _Y3JXtmRR0A8GGrU7_AMwT79wVg8bRU-ugbUMfEYMCU6wFOB26JGmg==

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 48ms
48ms Ping
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-T9PLB60R8S&gtm=2oe4r0&_p=1289312543&_z=ccd.NbB&cid=1044140522.1651229284&ul=en-us&sr=1600x1200&_s=1&sid=1651229284&sct=1&seg=0&dl=https%3A%2F%2Fobserver.com%2F&dt=Latest%20News%20and%20Trends%20%7C%20Observer&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-T9PLB60R8S
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Zelle.jpg
observer.com/wp-content/uploads/sites/2/2022/04/ 6 KB
6 KB 42ms
41ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/Zelle.jpg?quality=80&w=300&h=225&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3c006b0a8a0817c2e1c0dfcdf36fca1af8f19218834645901f8c701312383332

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 109 140 443
last-modified: Thu, 28 Apr 2022 17:00:25 GMT
server: nginx
etag: "ea69691c3db22eb8"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 5762
expires: Fri, 28 Apr 2023 17:00:25 GMT

GET
H2 200 GettyImages-1239915488.jpg
observer.com/wp-content/uploads/sites/2/2022/04/ 8 KB
8 KB 42ms
41ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/GettyImages-1239915488.jpg?quality=80&w=300&h=225&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ebda2eddc29f1a84f8e856e5ee06104ee4c0065ac503fbd0cfc829aaff60cbdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 109 27 443
last-modified: Thu, 28 Apr 2022 16:24:37 GMT
server: nginx
etag: "55ead492b1952d5b"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 8266
expires: Fri, 28 Apr 2023 16:24:37 GMT

GET
H2 200 GettyImages-1239996247.jpeg
observer.com/wp-content/uploads/sites/2/2022/04/ 5 KB
5 KB 42ms
42ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/GettyImages-1239996247.jpeg?quality=80&w=300&h=225&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a87c383ed64170fec4c39d04e4b430d1da7dc378de2186b1a8c8817b5f6a7e44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 109 140 443
last-modified: Thu, 28 Apr 2022 15:40:19 GMT
server: nginx
etag: "a260a88f0025ddb0"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 4976
expires: Fri, 28 Apr 2023 15:40:19 GMT

GET
H2 200 GettyImages-1393577051.jpeg
observer.com/wp-content/uploads/sites/2/2022/04/ 10 KB
10 KB 42ms
42ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/GettyImages-1393577051.jpeg?quality=80&w=300&h=225&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

93a37d05ef89ef166a22f0b82b3fea5eb084e5e4c2fadfc817a2e7170acc363e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 109 142 443
last-modified: Thu, 28 Apr 2022 09:32:14 GMT
server: nginx
etag: "521ffa919ea42465"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 10070
expires: Fri, 28 Apr 2023 09:32:14 GMT

GET
H3 200 pubads_impl_2022042601.js Show response
securepubads.g.doubleclick.net/gpt/ 367 KB
125 KB 126ms
41ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

43700b9800ddc7b26ee1bf46a878b942908a720bd48a1809163d3a26de2944c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 09:55:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3147
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127613
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 08:34:12 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 29 Apr 2023 09:55:37 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 170 B
137 B 133ms
50ms XHR
application/json 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=observer.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

eea109f674e7c935e683c2f18c8c9cee3a4496a8d84c2644c6ada70886d8f6b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 29 Apr 2022 10:48:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 0
expires: Fri, 29 Apr 2022 10:48:04 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 157ms
52ms XHR
application/javascript 18.64.107.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.107.176 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-107-176.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-amz-version-id: aaJeHz3g2a7aWr9hYquBq.aDaObnNoK3
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 32688
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 28 Apr 2022 01:41:20 GMT
server: AmazonS3
date: Fri, 29 Apr 2022 02:30:51 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 bc66fd12bea603144bf0b6c1578cb3e0.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: TXL50-P4
x-amz-cf-id: XjfGgK2zDsiJzTCqN9aagvtuAG9CwmFc89KrQL4ePQJsNhn1kOxtdg==

GET
H2 200 GettyImages-1240145488.jpg
observer.com/wp-content/uploads/sites/2/2022/04/ 5 KB
5 KB 41ms
41ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/GettyImages-1240145488.jpg?quality=80&w=300&h=225&crop=1&strip

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d6d8d6e3fe251df0a8cebc512e9fa8e1835d3a6f972693cf1d7e5c78a0644666

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:04 GMT
x-rq: lhr2 109 28 443
last-modified: Thu, 28 Apr 2022 21:24:36 GMT
server: nginx
etag: "07481cb538d00dbd"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 4810
expires: Fri, 28 Apr 2023 21:24:36 GMT

GET
H2 200 underscore.min.js Show response
observer.com/wp-includes/js/ 19 KB
7 KB 41ms
41ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/underscore.min.js

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4f6366518c3d992d6a9a3aee342675532822d6b1d66217df7b284bb450dbb99a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:05 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 18:58:42 GMT
server: nginx
age: 153071
etag: W/"6266ef62-4a7d"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 7316
expires: Sat, 29 Apr 2023 10:48:05 GMT

GET
H2 200 api-request.min.js Show response
observer.com/wp-includes/js/ 1 KB
675 B 42ms
41ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/api-request.min.js

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

243d0318292081b26db69dad7403b07a4f8c302076bad5ff2f51ce135e19390e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:05 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 18:58:42 GMT
server: nginx
age: 153071
etag: W/"6266ef62-401"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 589
expires: Sat, 29 Apr 2023 10:48:05 GMT

GET
H2 200 backbone.min.js Show response
observer.com/wp-includes/js/ 23 KB
8 KB 42ms
42ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/backbone.min.js

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f2c4a355f2a88ce6793b73c3a6cddb3703355d2b74a6cff0dc2ff81383480a01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:05 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 18:58:42 GMT
server: nginx
age: 153071
etag: W/"6266ef62-5cf2"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 7888
expires: Sat, 29 Apr 2023 10:48:05 GMT

GET
H2 200 wp-api.min.js Show response
observer.com/wp-includes/js/ 14 KB
4 KB 42ms
41ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/wp-api.min.js

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

062d8167bc405094e000b7d3af11deba7a4ecff663aff087d7b19ef51c05ff6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:05 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 18:58:42 GMT
server: nginx
age: 153071
etag: W/"6266ef62-395e"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 4130
expires: Sat, 29 Apr 2023 10:48:05 GMT

GET
H2 200 / Show response
observer.com/wp-json/wp/v2/ 250 KB
11 KB 42ms
42ms XHR
application/json 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-json/wp/v2/

Requested by

Host: observer.com
URL: https://observer.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f7aba86b2e16ca59866af9859a321e80ef22400042b9b60b0f7cc492fe475aef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://observer.com/
X-Requested-With: XMLHttpRequest
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
x-cache: hit
vary: Accept-Encoding, Origin
content-length: 11381
x-rq: lhr2 0 4 9980
allow: GET
server: nginx
strict-transport-security: max-age=31536000;includeSubdomains;preload
content-type: application/json; charset=UTF-8
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex
link: <https://observer.com/wp-json/>; rel="https://api.w.org/"

GET
H2 200 oPS.js Show response
d15kdpgjg3unno.cloudfront.net/ 95 KB
20 KB 250ms
87ms Script
application/javascript 2600:9000:2261:f800:11:b309:9100:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=79
Requested by: Host: htlbid.com
URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2261:f800:11:b309:9100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e69578c9516ce22df16f6ccd6a1ccda79d578ae0916ec0cd1e2ed5a3b1bd82d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-amz-version-id: 1ORwb._r87j7mUV5YrpBVqGXu0.zPifJ
content-encoding: gzip
last-modified: Wed, 27 Apr 2022 17:18:52 GMT
server: AmazonS3
age: 64748
etag: W/"fbb480ed48b0a79f89035e9fe6efddc0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 cb643617ee4bca09492409ac12401bfc.cloudfront.net (CloudFront)
cache-control: max-age=84600
date: Thu, 28 Apr 2022 16:48:58 GMT
x-amz-cf-pop: TXL50-P4
x-amz-cf-id: MsXUs_BH8iXwZq4RjQGOpk9s9OT2S4_engKU0qwHulMRahW2uU8omw==

GET
H/1.1 200
OK 1x1-pixel.png
ams-pageview-public.s3.amazonaws.com/ 68 B
448 B 486ms
130ms Image
image/png 54.231.135.153
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ams-pageview-public.s3.amazonaws.com/1x1-pixel.png?id=1e511584efcb
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.135.153 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 29 Apr 2022 10:48:06 GMT
Last-Modified: Mon, 26 Oct 2020 16:52:19 GMT
Server: AmazonS3
x-amz-request-id: Z0DSN12HDCX3YRGA
ETag: "91e42db1c66c0b276abf6234dc50b2eb"
Content-Type: image/png
Cache-Control: no-store
Accept-Ranges: bytes
Content-Length: 68
x-amz-id-2: FPi2C13/VLZe9m+6eIFAtJjOl2MYG/RbJqhWqJzn7XLDbd6UxsdcqjW/lRaa1gXrhcbJb5yLLPs=

GET
H2 200 .js Show response
dyv1bugovvq1g.cloudfront.net/79/observer.com/ 3 KB
956 B 566ms
444ms XHR
application/json 2600:9000:2261:c000:5:82fd:2500:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dyv1bugovvq1g.cloudfront.net/79/observer.com/.js
Requested by: Host: htlbid.com
URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2261:c000:5:82fd:2500:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: da06c80891495d267c8ef7b9c57fea39f0145dd08c1732e2430cef3b5d0ef81e

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-pop: TXL50-P4
x-cache: Miss from cloudfront
content-length: 419
access-control-allow-origin: https://observer.com
last-modified: Fri, 29 Apr 2022 02:41:54 GMT
server: AmazonS3
etag: "9a4ad3a9feacc4f02d0cf3e743032f30"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
via: 1.1 64d18a7c557f9140c04169b7191025f8.cloudfront.net (CloudFront)
cache-control: max-age=300
access-control-allow-credentials: true
accept-ranges: bytes
x-amz-cf-id: _ynttJST1gtmr5PqLMlFHwFwKjrUMyzRomlXGm_r49jj4BmS-7GhzQ==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 385 B
741 B 53ms
53ms XHR
application/json 18.64.107.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fobserver.com&pubid=30787d05-7895-471e-9cdf-d931d7b5ea5d
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.107.176 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-107-176.txl50.r.cloudfront.net
Software: Server /
Resource Hash: 4ad12603989e23ddf239f228255bcffc77fb8e9503829993b6d01c80cddd8d3f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 05:42:26 GMT
via: 1.1 1a620bb236f3df5588fc787c47ccfafa.cloudfront.net (CloudFront)
server: Server
age: 18338
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://observer.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: TXL50-P4
content-length: 385
x-amz-cf-id: 8cudq5chtNxrG7MS-eZjFXko9SwVBcfFK1FB-p7j-8bm4Qpyf2pABw==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
490 B 96ms
96ms XHR
text/javascript 18.64.107.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fobserver.com%2F&pid=7fZOPs2TbadfO&cb=0&ws=1600x1200&v=7.75.0&t=1000&slots=%5B%7B%22sd%22%3A%22htlad-1-gpt%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%22%2F22133348250%2Fobserver_leaderboard_atf%22%7D%5D&schain=1.0%2C1!hashtag-labs.com%2C1010%2C1%2C%2C%2C&pubid=30787d05-7895-471e-9cdf-d931d7b5ea5d&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.64.107.176 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-64-107-176.txl50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:05 GMT
via: 1.1 1a620bb236f3df5588fc787c47ccfafa.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: TXL50-P4
x-amz-rid: 52K457MRGHNVADTH6BF9
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 8MSaeaMkY6c7TB1ACJwv1DMhmRdxmZcCBkScaz3blHAjit4HHhY9kw==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 385 B
741 B 70ms
70ms XHR
application/json 18.64.107.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fobserver.com&pubid=30787d05-7895-471e-9cdf-d931d7b5ea5d
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.107.176 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-107-176.txl50.r.cloudfront.net
Software: Server /
Resource Hash: 4ad12603989e23ddf239f228255bcffc77fb8e9503829993b6d01c80cddd8d3f

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 05:42:26 GMT
via: 1.1 1a620bb236f3df5588fc787c47ccfafa.cloudfront.net (CloudFront)
server: Server
age: 18338
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://observer.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: TXL50-P4
content-length: 385
x-amz-cf-id: SKopK480AYpevuy-yfZnt-AqB1l34qVEGIHIWQv9aJmH-vcOd5IU9g==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
491 B 93ms
92ms XHR
text/javascript 18.64.107.176
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fobserver.com%2F&pid=7fZOPs2TbadfO&cb=1&ws=1600x1200&v=7.75.0&t=1000&slots=%5B%7B%22sd%22%3A%22htlad-2-gpt%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22133348250%2Fobserver_river%22%7D%5D&schain=1.0%2C1!hashtag-labs.com%2C1010%2C1%2C%2C%2C&pubid=30787d05-7895-471e-9cdf-d931d7b5ea5d&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.64.107.176 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-64-107-176.txl50.r.cloudfront.net

Software

Server /

Resource Hash

89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:05 GMT
via: 1.1 1a620bb236f3df5588fc787c47ccfafa.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: TXL50-P4
x-amz-rid: S2XJXQWKWYPTA0J3GKAB
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: gwiVTJiBFf3daHMxQrjgVEIDCnHkBetEZxzpWnuJI1UwN_C_wfZzeA==

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 40 KB
11 KB 151ms
74ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 09:51:42 GMT
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 51.254.41.128/25
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: rbx1
content-disposition: attachment;filename="id5-api.js"
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 11181
x-request-id: 526779140

GET
H2 200 integrator.js Show response
adservice.google.co.uk/adsid/ 107 B
792 B 142ms
52ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/adsid/integrator.js?domain=observer.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 29 Apr 2022 10:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 138ms
49ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=observer.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 29 Apr 2022 10:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 34 KB
14 KB 363ms
363ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4077771301896262&correlator=46986032405678&eid=31067278%2C31067331%2C44761482%2C31067167%2C44752586&output=ldjh&gdfp_req=1&vrg=2022042601&ptt=17&impl=fifs&iu_parts=22133348250%2Cobserver_leaderboard_atf%2Cobserver_1x1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=728x90%7C970x90%7C970x250%2C1x1&ifi=1&adks=456377231%2C2864702765&didk=1622125026~302492128&sfv=1-0-38&ecs=20220429&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%7C&eri=1&cust_params=permutive%3D%26is_testing%3Dno%26is_home%3Dyes%26pagetype%3Dhome%26url%3Dhttps%253A%252F%252Fobserver.com%26tag%3D%26author%3D%26articleID%3Dsection_home%26brandsafe%3Dyes%26section%3Dsection_home%26servead%3Dyes%26htlbidid%3D9818&sc=1&cookie_enabled=1&abxe=1&dt=1651229285705&lmt=1651229285&dlt=1651229284165&idt=827&biw=1600&bih=1200&adxs=436%2C-12245933&adys=215%2C-12245933&ucis=1%7C2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fobserver.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x0%7C0x0&msz=728x0%7C0x0&fws=4%2C132&ohw=1600%2C1600&ga_vid=1044140522.1651229284&ga_sid=1651229286&ga_hid=1289312543&ga_fc=true&btvi=0%7C-1&topics=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

514e925c9581a9dc7d5495c9901922c5ed18e9e1e81812eb15bb5955f790c46e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14796
x-xss-protection: 0
google-lineitem-id: -1,5658459797
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,138344978924
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://observer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 144ms
54ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022042601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84e6005ca165af1ab01ceafb2216948e696589701f94d5f630b1f12abfad24d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 29 Apr 2022 10:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10573
x-xss-protection: 0

GET
H2 200 container.html Show response
2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3651 6 KB
4 KB 179ms
49ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 29 Apr 2022 10:48:05 GMT
expires: Sat, 29 Apr 2023 10:48:05 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 40 KB
10 KB 380ms
380ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4077771301896262&correlator=3959622252672292&eid=31067278%2C31067331%2C44761482%2C31067167%2C44752586&output=ldjh&gdfp_req=1&vrg=2022042601&ptt=17&impl=fifs&iu_parts=22133348250%2Cobserver_river&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=3&adks=3454895282&didk=356144529&sfv=1-0-38&ecs=20220429&fsapi=false&prev_scp=amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&eri=1&cust_params=permutive%3D%26is_testing%3Dno%26is_home%3Dyes%26pagetype%3Dhome%26url%3Dhttps%253A%252F%252Fobserver.com%26tag%3D%26author%3D%26articleID%3Dsection_home%26brandsafe%3Dyes%26section%3Dsection_home%26servead%3Dyes%26htlbidid%3D9818&sc=1&cookie_enabled=1&abxe=1&dt=1651229285724&lmt=1651229285&dlt=1651229284165&idt=827&biw=1600&bih=1200&adxs=985&adys=1035&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fobserver.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&fws=4&ohw=1600&ga_vid=1044140522.1651229284&ga_sid=1651229286&ga_hid=1289312543&ga_fc=true&btvi=0&topics=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

996de994e242993a7db62bf7136fdb7de07a2897fe48170d99ca3d5227a09efe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10393
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://observer.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 517.json Show response
id5-sync.com/g/v2/ 213 B
619 B 172ms
43ms XHR
application/json 51.89.42.86
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/517.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.42.86 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p26.id5-sync.com

Software

Resource Hash

e8441e2ebdc6b15eec3aff3eec7764b5bf4ad5f3d3040fe990cad73ea4803ffb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://observer.com
Date: Fri, 29 Apr 2022 10:48:05 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

POST
H/1.1 200 517.json Show response
id5-sync.com/g/v2/ 213 B
619 B 171ms
44ms XHR
application/json 51.89.42.86
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/517.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.42.86 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p26.id5-sync.com

Software

Resource Hash

f468cb9f569b4fdddd62f92c731521cdf2fe2269f4ef2ba95d96d7b31bd4580c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://observer.com
Date: Fri, 29 Apr 2022 10:48:05 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 144ms
55ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 29 Apr 2022 10:48:05 GMT

POST
H/1.1 200
OK Test_oPS_Script_Loads Show response
sqs.us-east-1.amazonaws.com/397719490216/ 378 B
658 B 508ms
122ms XHR
text/xml 3.236.169.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sqs.us-east-1.amazonaws.com/397719490216/Test_oPS_Script_Loads?Action=SendMessage&MessageBody=cid%3D79%26bt%3Dnull
Requested by: Host: d15kdpgjg3unno.cloudfront.net
URL: https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=79
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.236.169.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-236-169-28.compute-1.amazonaws.com
Software: /
Resource Hash: 808b65ae7ea01fb03e2a00762b96ef68aeedb43308b23841028beb88133306a7

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
x-amzn-RequestId: f27f6ef1-75e9-50c2-9894-3414b14f7317
Date: Fri, 29 Apr 2022 10:48:06 GMT
Content-Length: 378
Content-Type: text/xml

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0ECA 13 KB
5 KB 126ms
41ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 489
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 29 Apr 2022 10:39:57 GMT
expires: Sat, 29 Apr 2023 10:39:57 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BC27 783 B
1 KB 139ms
50ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

041a3c7131c7c5d2a16b7c0a53e0c95f8bf07ec450dc291337af20ed74ade183

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UHxtmCtdvmo7KXoNbz6jiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://observer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-UHxtmCtdvmo7KXoNbz6jiA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 29 Apr 2022 10:48:06 GMT
expires: Fri, 29 Apr 2022 10:48:06 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 container.html Show response
2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3861 6 KB
3 KB 126ms
43ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 29 Apr 2022 10:48:05 GMT
expires: Sat, 29 Apr 2023 10:48:05 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7439 0
0 78ms
77ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstrVsN2hsTDI4RyoFXCy10_INQiNb_PNJh6pw0SPyfcTxzBozb33ad-7JWISnq7tDHcc88JWeG4FEs09agTbv8Dtr4T6eU4SQuCHds8xN2QD1x2A_Ho0726p9mGsLJ-G7rN3pxXQY2cmJiDXCrMj6XyWK4K1OmypVeV8AllY9JWqtbHeJ3xzNTPtAfFMDfipvCSaKAMTrbYgYyodDLr7eQ4zT3YQ9hhXNiDgy2qOVZlHL78NMZzq0EpUBOi3f-WJn1Oj9yJ6Oaci75ar8wZoGnS4_bj91wLrk92OT9XPl61LlebFfgAOczT&sai=AMfl-YQ_i7ksQKWwI70ZuCCVk098kAf-ioESov8bBaOg8L7oPeJxOAxzfswqQYE85DG0B2HbLpaCgkA-KlswohmiKXwhDGlkhXMrHBG_YyGbMbcmFLYHw3UjLwtmgl9Ndeg&sig=Cg0ArKJSzHDXpwnVMnqLEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 29 Apr 2022 10:48:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 29 Apr 2022 10:48:06 GMT

GET
H2 200 iframebuster.js Show response
assets.bounceexchange.com/assets/bounce/ Frame 7439 1 KB
1 KB 154ms
31ms Script
text/javascript 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/iframebuster.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 10079154e527bdf6a403e0b5ad9ac73e95ac886c5caf47e8b37b5c9147cd7d76

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:19:13 GMT
content-encoding: gzip
age: 1733
x-guploader-uploadid: ADPycdvUA2fVE7kpRbTOL3W_UPNU6HEg8t-AycUIxCNDrHTkcmjHYS87QO1Kl4fmkdiPZhTj5ihkEw9Ky-8_nFjQdoFpJi1E4Grt
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 539
last-modified: Thu, 25 Jul 2019 15:10:59 GMT
server: UploadServer
etag: "0cfef24c569b42826ee2e88465d4bfb6"
vary: Accept-Encoding
x-goog-hash: crc32c=DjYwig==, md5=DP7yTFabQoJu4uiEZdS/tg==
x-goog-generation: 1564067459897939
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public, max-age=1800
x-goog-stored-content-length: 539
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 29 Apr 2022 10:49:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7439 120 KB
37 KB 152ms
54ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4debaa04d2f904fbafbc99c074e1f43c082e9d25e400140aa97eac11989dd82e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37288
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1651059573277210"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 29 Apr 2022 10:48:06 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012203150226000/ Frame C23A 222 KB
62 KB 144ms
41ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 1008
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62084
x-xss-protection: 0
server: sffe
date: Fri, 29 Apr 2022 10:31:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "fa1474a6dd6481f4"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 29 Apr 2023 10:31:18 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame C23A 16 KB
6 KB 215ms
112ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 1008
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
server: sffe
date: Fri, 29 Apr 2022 10:31:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d91e62368f79b48d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 29 Apr 2023 10:31:18 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame C23A 96 KB
29 KB 219ms
117ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 1008
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29618
x-xss-protection: 0
server: sffe
date: Fri, 29 Apr 2022 10:31:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9a9baa9802fa29d2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 29 Apr 2023 10:31:18 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame C23A 5 KB
2 KB 236ms
133ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 1008
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1900
x-xss-protection: 0
server: sffe
date: Fri, 29 Apr 2022 10:31:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3393210d007db9ca"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 29 Apr 2023 10:31:18 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame C23A 42 KB
13 KB 236ms
134ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022042601.js?cb=31067331

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 1008
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13669
x-xss-protection: 0
server: sffe
date: Fri, 29 Apr 2022 10:31:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "565eca32a909292d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 29 Apr 2023 10:31:18 GMT

GET
DATA 200
OK truncated
/ Frame C23A 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3fb7fdfa2bfd198450099c0d51c6dbbf7f2ef04c83038d1fed17ff8b7abac282

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4527365775998406394
tpc.googlesyndication.com/simgad/ Frame C23A 12 KB
12 KB 45ms
44ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4527365775998406394?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnpj0jF6XY2wBeaT-57W5bofsXx8w

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8207f87b2833fd401308de4414539568d0ee6e2aa48d4937dbcf4d7779a652e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 04:07:58 GMT
x-content-type-options: nosniff
age: 283208
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12073
x-xss-protection: 0
last-modified: Tue, 23 Nov 2021 19:30:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 26 Apr 2023 04:07:58 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C23A 2 KB
2 KB 55ms
54ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 09:41:38 GMT
x-content-type-options: nosniff
server: cafe
age: 3988
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 30 Apr 2022 09:41:38 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C23A 295 B
319 B 55ms
54ms Image
image/png 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 3301
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 30 Apr 2022 09:53:05 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C23A 0
0 84ms
83ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CJ-3yZcJrYt7PL9SArATUl7jICMz49ulp_PWS1qQPzJTVkL4rEAEg3LbYfmC7hoCA0AqgAcmdqfcDyAEC4AIAqAMByAMIqgTnAU_QzYWG7Fp51pCH_EMVojDfQjNSoAgvWE5AHCTYbrsxSy-hxqTXenbX6uANNSSUMN7CRPtco7-5QEpYppcieFjRaBjl4za9i4AuFOLaxGNL1VeaB-vPfOuz6xmHyEnZJEfzyKF9242ndjOqlYlFPwK7buEVwiXTPIj-3uawusW69zh3AdMjo8EcrAeiuKoxpyembeWqBS4NA-Pp-XuWJqLMcBBSdxOyfJH2ik35xPAGamRXsn9qVMF-OkNEJo1fS-YtbB-W4ytveknzuZzqU7UmWQfVqw6-2dHR7bk0312g9CZpuk-lVsAEgdjM9ukD4AQBkgUECAQYAZIFBAgFGASgBgKAB5_i1gioB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDQhiXSCAkIiOGAEBABGB2ACgPICwHYEwzQFQGYFgGAFwGyFx4KHAgAEhRwdWItMzk5ODgyNDQwMjEyMTYwMhjO_nY&sigh=qxvzrQ-uD7k&uach_m=[UACH]
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

GET
H2 200 Picard_209_TP_00341_RT.jpeg
observer.com/wp-content/uploads/sites/2/2022/04/ 5 KB
5 KB 42ms
40ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/Picard_209_TP_00341_RT.jpeg?quality=80&w=300&h=225&crop=1&strip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8ef33e3bc622f0c91572ede52b5246d297563e4533254188a0e054037f964d13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
x-rq: lhr2 109 139 443
last-modified: Thu, 28 Apr 2022 13:02:04 GMT
server: nginx
etag: "48f44920b95f0318"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 5456
expires: Fri, 28 Apr 2023 13:02:04 GMT

GET
H2 200 MCH_0351.jpg
observer.com/wp-content/uploads/sites/2/2022/04/ 4 KB
5 KB 41ms
41ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/MCH_0351.jpg?quality=80&w=300&h=225&crop=1&strip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

aa4b8617d9dd67e7b280e546e983ae2ec12d96fa259e46b32e8b31a0ae28de8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
x-rq: lhr2 109 86 443
last-modified: Wed, 27 Apr 2022 23:00:53 GMT
server: nginx
etag: "240c10b8ecbddbdf"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 4528
expires: Thu, 27 Apr 2023 23:00:53 GMT

GET
H2 200 zb-2.jpg
observer.com/wp-content/uploads/sites/2/2022/04/ 22 KB
22 KB 42ms
41ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/zb-2.jpg?resize=300,225

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3e42a9368eee4dc6cc68718fcec776c4b2748c6b70731f88c4c2ef6911c6197f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
x-rq: lhr2 109 84 443
last-modified: Wed, 27 Apr 2022 17:51:11 GMT
server: nginx
etag: "536342521dd867a0"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 22564
expires: Thu, 27 Apr 2023 17:51:11 GMT

GET
H/1.1 200
OK load.js Show response
s.ntv.io/serve/ 394 KB
115 KB 191ms
68ms Script
application/x-javascript 104.102.29.148
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/serve/load.js?ver=1.0.0
Requested by: Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.102.29.148 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-148.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2be8a335f1c123656c3becf260436dc05941f744ab714686d70df5574a198ec9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Fri, 29 Apr 2022 10:48:06 GMT
Content-Encoding: gzip
x-amz-request-id: G49A571AR8N1P7BP
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
x-amz-id-2: Qlkek6O8+bW4LaRHcae7UvXo/3F40rTgDPCPLicdAaCpXwzk37nnP56kQd775351c689tCYcU6c=
Last-Modified: Thu, 28 Apr 2022 22:29:19 GMT
Server: AmazonS3
ETag: "d6ae33b53b9bbabfdb872df380b09c5a"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BC27 0
0 189ms
106ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022042601&jk=4077771301896262&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

GET
H3 200 e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js Show response
pagead2.googlesyndication.com/bg/ Frame 0ECA 35 KB
13 KB 123ms
41ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bc59c486f78be433dde47b94a3176f5c4848e6caaeef7ebcba10bd37c2db92e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 20:50:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50231
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13654
x-xss-protection: 0
last-modified: Mon, 25 Apr 2022 12:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 28 Apr 2023 20:50:55 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BEE0 624 B
733 B 140ms
50ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSJ2QEQxKHxARilnOzBATAB&v=APEucNUl0M7sc9MuGliSJCnwBVHefTHZVmw4AY0BRaAeWyhBPfEms8e4AvdPUaSo7rvlyc2NRPGQy9pWCm6iHBZOU09x7w0lLmZsXP9Jgh7KmFSRvWZpVdLKJ9CQufO9N9UYEyoStmK4Z-yHQTfIugxPmuOQ6BNM_zCqIYHomO8eb06zaOLq240

Requested by

Host: 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
URL: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 29 Apr 2022 10:48:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3861 82 KB
32 KB 167ms
79ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AsH_1tscess9BbitEIj6QS7V_zhWD2F7QtgyovO0Pduf-2j869WmuXLVCE0PL5LpDF_rrya7VnQ81tST2ZntrmbTPrIw&cry=1&dbm_d=AKAmf-AKA5VhcJTWadgHsl6lwlr5rG-SF8R4RfXtgshNuz1EhROkHNFIR1OgUD4ts-8W_pwqUpQNLdKLSb3e1aN5s-9uBD-nIrURj7jcHUiyTTiPtMoOI7goXI4AR8WMI1zQrRZwQjy55UQRL1xWj2KdeDdPHkZq_dXKpQRwucPiN6PNWhG_N_zjnS_3g-ODj0f28QeakmuRPgCFKEhD-TanfRlUo5rGJmxY89FATAl3YIRCx5Xq3ry3goaIPrqfKruW4TFXa9cMEvW3NVUm4mYomY8GUxcmOrk10-3LgWpUDWHLyDZ6v499Xh43WKQNI6FqLngk4C__5_uXeFtYio5gns9RTjnun71BUbTfwpAUGNPN6iASt9qmc7zphCyQX5ZT7-Fyg9ZPr6NQC3DO0n09w7fKEra0JH8A3bAvieUuhNaGkr2KsIZ0ZPygiEvnLRKi4S6FjoqYpblOe_4NrtfYhHFQCIjgQXcZ608kG2Uz4YBl8jGjcMoWOL603YvSVkSrGTl1sNuRKPrPcWl9PoygECSgYjn2cJ_yn3ZlPgrl2P35K9x0l3Pg9oYwA5bTz2KjZU5pZ7AIZABAi9t-RAPMzkCRzUx452cAnktmJ0QychCJPGkVM_HMqrutnsGhQ0jczlcRd6qi8l0cHXPU_lK4JlrkrTzxafEGCHMJXk5fHGCbHbBxOOcbsmE8q1BuTvGjWzTIuPjE3GMPfByluegeoNwNZWUb9QgwOfZ3tpHtWbwWYLnkn-GiJzIDWCKJQOwBqmmi_HoLhaZJU1azZ-zl6txV-_z7rPIVmFL0c_idbK9SO0lbs0TYLLhnRA_y0zjML5BBCIEAW-p4aZ3uKkQa6NaqQyu7O44BPXUgAxaE9IxDiEt_AIDRbyxR2BhfTg3hMkCb4pw18ioS0FIQr0hwZCV9BnOICKQtKfXYmzIth30B9h-mGumamGO8VP_Hv3FR46lYLl0VPt3u_MgZt-KoSyiY6sZuoO1kytJj_LHUjRyBDeKy2Ti_j4mKgpVr_yc1PwbWU49BTOLGylWsaXGfUwdz0mxnzMQD7YjAsiwl6f2FHRS86D_ZGntmoFdlUecfnppXmocs0J1l9aqn8IXUbHHwY5jLIBRVMvuXnV72AEfzmgnyk_Ozmq9I6vU4S2GW8bGZTWFXQf6UVel7qMYUxzItu2_2xYgVGbaEo_FMHnUwNw8IjDUQG5YWaeRc1zNmfg33SSz7CDC2flp4eUHWDdSMhp5a1VWA94FGJ6Juoy7hI8bxXVxLIAsaEDhc43I0H5frILR6B1SCgOh3Ysr-NJj3sjHQuFDKcaYpNraU0FFuOntJ0wj4MTYsdF91bPAmOL8xdZBRjO0d5NUYpq-DuC7sJ7ccb7j08vE6t6V0z92j0zQEFvoBO9iq2cqgGKp_Tw9o4vHk3skbRbJC9rfUZC5YAvuzB3XKCVv9ITLDJ7uJFG8MrA_ux5Yw_G7Uc3ZCz_E6-_KSbOTEpiwRwYe3VYb7B0twzdsIZpzoY0G7gj5r95y1OZIqz1TmcXYsIkvRiufJXWwi5CLoV4mnwBWqhik737JBCBgHKPZ01K4bPZ06ja8-7fwvbV__zLoQsApy-0ai7KzHRhPuoJs2zIDMAxigVDSnu6Fyf__w-iSYw9bwrhIEd3yGcaGhFxrNe-nRlZLCiOQYor7838oCNE2Fioh68Q_RNgXoGeJsT-MYZx6Z9npWZJgzMVRkZjx0_qvSVMDx7r5MTNEx8vvGg40zkhqA1kcVdsOVfSus4LAEoyNBSDFo_y1tDndhAuUdAlxBg-M3O0w6ixHG5rC1ohm9DY75oKMrIGkvjY8_xmiY6q6bLhSBbiIIN1IRU--wMnUJYumdTIesGj-Bj9wJixwkO21sWzWG-Qv_gA9YQVOjfo_1r069Rm8nRQsXKKrHeN3tkaNoTJw8GjEXMrem-RjIusxtuFe4VjCjKk9HmWMoou7EKg2RYptiu1v-wqiOa6UOEeGgpW9m1nx5tMNLEPtPSY2FWYmodhybzI7eGw5_EC3sxz0N73w03p7RgAco6WBN2-a4F2PuaOZXTcQHM6j-w39ZgvKf8nxz_kuD1vD4vvVP-KK3rahb0GmoQNlOKYmX20KX7W9GI6B5x9Jm_D3A3-cv_AIEwTlXeUmPkYd1SuQngDw02S_u0TANcGObQAICSkYoMhZ5d1RZPJQmf1Gpm7jxh91B9Wz_0NPVXUuXLKxg9m3kpJ7euu_fovN9zRixrF4Kj0LmGu1x67YeZJJjkZCh6sR2nJ2rtPnCpKS1VfdFBDRUBmUmCPkRa-21HIw2CVyk5S-pcCm4aodaHZNKz1FeFP0H76VK60RWSLEMKxoxM0aCt977nLv0RrGRLKTUNWTeohjV0fz13cktBAjQduAzU3y5xwO-I_KS63DVNHwZ_a2yn-cfQTyebYdGNzI9Y91z6SIqJfOu-iC-3D4lFcgFmjRYv4bkhkFtU_1IeZ-qV5t-c4_uOXebbqjtZ1ZCfbxWzCS2hN-eIcUj1kC1jNy54LOJizTdt0x-YODAgy9gzYxQXdKY1Q3G_nClsufssM9tpUbHC0MDfkSp-mbkKKg2_GDs-czdknBS1J1mdv6mmzT-2nsW25N8g-uQPuB1E0P3VeRUAKE_w5txEjN1DPPgFsFTakMl6WPy1XFUkzKz6nBTPuTUET6-XjDoq7T8w0KB7h46Waahb3dDkAORSpwSiQOHRm6mcWC_hC0Wre2J4yyG6DRuB1nlfJF1eDwuorpW4sAgfG3i4Kasx2eOBnsYTNOOpVr6nuzT8lzJ6VZTouOCF0CUMG-f-GBi_lv6Bm4NLqLmGA8B9z23XVItSHAC7kCy1ylGCunNTX97p-X5v1jLQ1zG3LFt_2P8-L82XBmTSO3Y3dkwUIOI5m0yOdvQ5YnBUWbu89QoVoRxBAQ_5rostuopmLxjTtQYyuzt0hj1759cG2OXz5LJLlpzWN9_tiYHc-wG_k90wOMaZ9qO1_K8M0gGpRG_eVe0Is8BpC6YtWy0&cid=CAASJ-Rokbz0brJ0DiNnOw8-ZbyV_oISdaJXWUPMqSxcpyYk4qzh3G4rzQ&rfl=1%2Chttps%253A%252F%252Fobserver.com%252F%240

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

727c6fe5c43532ecafb78ea4e7722028d01878b7306f5b96e137cbbe8b38f0af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33023
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3861 42 B
63 B 126ms
75ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CYMDYItNFzEGjzMJLDBb8nzNkEBe8XjrVKRzi3EyJ5oK7gdmXLRl4wMowWtZ-xXOCixixHtEFXbh9iQtxvvYGgJa7kV0oLcAkSruhJu0Ug9uPq_v0

Requested by

Host: 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
URL: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/ Frame 3861 3 KB
1 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
URL: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:46:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 May 2022 10:46:51 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3861 120 KB
37 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
URL: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4debaa04d2f904fbafbc99c074e1f43c082e9d25e400140aa97eac11989dd82e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37288
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1651059573277210"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 29 Apr 2022 10:48:06 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/ Frame 3861 15 KB
6 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220427/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
URL: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:47:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6415
x-xss-protection: 0
server: cafe
etag: 567849196274905959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 May 2022 10:47:37 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3861 0
0 132ms
48ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRmt9l-Wlhj2NmZPvGKlwsFI0x98SRaAzBtpGMFZZ5_pQdcplKHYH7W0EExvVKMaD4Nj9KJ05mq4tZpy2mUUFPA7HjV_g
Requested by: Host: 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
URL: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

GET
H2 200 i.js Show response
tag.bounceexchange.com/4256/ 3 KB
2 KB 173ms
30ms Script
text/plain 34.120.253.250
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.bounceexchange.com/4256/i.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/iframebuster.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: 1504e36b2ae7111b93abcbf9c7e37b9a400d4e892b83c2f50730594f972f8455

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:46:56 GMT
content-encoding: gzip
server: istio-envoy
age: 70
etag: a5f9532dd8ea41
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
via: 1.1 google
cache-control: public,max-age=60
x-envoy-upstream-service-time: 0
x-region: us-central1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1438
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect

GET
H2 200 Ozark__Season_4_Part_1__Ellie__1971168__00_03_46_09__226622R.jpg
observer.com/wp-content/uploads/sites/2/2022/04/ 6 KB
6 KB 42ms
41ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2022/04/Ozark__Season_4_Part_1__Ellie__1971168__00_03_46_09__226622R.jpg?quality=80&w=300&h=225&crop=1&strip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f6cbce25f5877f36edea7cb7ac4c57690e615731fd7bc9c0abe3b870c31e3bd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
x-rq: lhr2 109 83 443
last-modified: Thu, 28 Apr 2022 21:13:42 GMT
server: nginx
etag: "6d840e1a1a75254d"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=2592000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-length: 6252
expires: Fri, 28 Apr 2023 21:13:42 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7439 0
0 78ms
77ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsulMY0gIXzhorLBAPWTc0pkViUB43W0ocYognAgNoA1MiT0FCLw8aKDci1QXSd9uhPlzIHVE0V-LJNcVARit5ezxGEsJm19FClLuipS6EOplISCknz4SykgSKdpFcnvIq5fosszTrcK_akPokd-4KXzAFuQ9BVnFAmuLt9MVRTP5eV6OOl3sfebUfQ2xDLzkHIHpedes7Uz33oVb4dZCdIlMqsWNV-_VTNfE1SAv-ijsbY28JtmHPoomOeEWv1Di_j3XfI8LEO0bock7DBe4Fgp5z6IbGKmkHokc5i4meYprsjQJTirkERh_v8&sai=AMfl-YRuASE2RLTKgH5RJGLUFggSn8cPBfFttQlbv8XFSHX3WocsOH32fvoHYaqqKnkCF_EjKXqhasrKnn-evWb4_Vuoz9QSgRANJXTLTGh2Ze1mYG8YP1ObmX9829jYUiY&sig=Cg0ArKJSzKjT-AfREjjwEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 29 Apr 2022 10:48:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 29 Apr 2022 10:48:06 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame C23A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

210ms
126ms

Image
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H3
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Redirect headers

date: Fri, 29 Apr 2022 10:48:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BEE0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ7pkQyRzwPcUslK7UN2bf4&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ7pkQyRzwPcUslK7UN2bf4&google_cver=1&C=1

43 B
1013 B

137ms
136ms

Image
image/gif

184.87.213.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ7pkQyRzwPcUslK7UN2bf4&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSJ2QEQxKHxARilnOzBATAB&v=APEucNUl0M7sc9MuGliSJCnwBVHefTHZVmw4AY0BRaAeWyhBPfEms8e4AvdPUaSo7rvlyc2NRPGQy9pWCm6iHBZOU09x7w0lLmZsXP9Jgh7KmFSRvWZpVdLKJ9CQufO9N9UYEyoStmK4Z-yHQTfIugxPmuOQ6BNM_zCqIYHomO8eb06zaOLq240
Protocol: HTTP/1.1
Server: 184.87.213.8 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-87-213-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 29 Apr 2022 10:48:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 29 Apr 2022 10:48:06 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 29 Apr 2022 10:48:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ7pkQyRzwPcUslK7UN2bf4&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Fri, 29 Apr 2022 10:48:06 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BEE0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YmvCZs9Yc2dszW5hQk0KagAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ7pkQyRzwPcUslK7UN2bf4&google_cver=1

43 B
1013 B

127ms
126ms

Image
image/gif

184.87.213.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ7pkQyRzwPcUslK7UN2bf4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSJ2QEQxKHxARilnOzBATAB&v=APEucNUl0M7sc9MuGliSJCnwBVHefTHZVmw4AY0BRaAeWyhBPfEms8e4AvdPUaSo7rvlyc2NRPGQy9pWCm6iHBZOU09x7w0lLmZsXP9Jgh7KmFSRvWZpVdLKJ9CQufO9N9UYEyoStmK4Z-yHQTfIugxPmuOQ6BNM_zCqIYHomO8eb06zaOLq240
Protocol: HTTP/1.1
Server: 184.87.213.8 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-87-213-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 29 Apr 2022 10:48:07 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 29 Apr 2022 10:48:07 GMT

Redirect headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ7pkQyRzwPcUslK7UN2bf4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame BEE0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELoE15imaeVYb3BBQnvMfR0&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELoE15imaeVYb3BBQnvMfR0%26google_cver%3D1

43 B
1 KB

35ms
35ms

Image
image/gif

185.33.221.50
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELoE15imaeVYb3BBQnvMfR0%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLSJ2QEQxKHxARilnOzBATAB&v=APEucNUl0M7sc9MuGliSJCnwBVHefTHZVmw4AY0BRaAeWyhBPfEms8e4AvdPUaSo7rvlyc2NRPGQy9pWCm6iHBZOU09x7w0lLmZsXP9Jgh7KmFSRvWZpVdLKJ9CQufO9N9UYEyoStmK4Z-yHQTfIugxPmuOQ6BNM_zCqIYHomO8eb06zaOLq240

Protocol

HTTP/1.1

Server

185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 29 Apr 2022 10:48:06 GMT
X-Proxy-Origin: 217.138.196.100; 217.138.196.100; 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9d3dd41a-5334-4bb2-a3ce-dcc9727b6dec
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 29 Apr 2022 10:48:06 GMT
X-Proxy-Origin: 217.138.196.100; 217.138.196.100; 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 86bef42a-2722-4d1b-baca-32d75ef58f4c
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELoE15imaeVYb3BBQnvMfR0%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BEE0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMyODU4MDE2Njk0MTAzMDIyOQ%3D%3D

170 B
188 B

138ms
53ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMyODU4MDE2Njk0MTAzMDIyOQ%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 29 Apr 2022 10:48:06 GMT
X-Proxy-Origin: 217.138.196.100; 217.138.196.100; 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 11e732b6-b34e-4d66-9765-e571c39557b3
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzMyODU4MDE2Njk0MTAzMDIyOQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 3861 170 KB
59 KB 144ms
42ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
Origin: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:47:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 30 Apr 2022 10:47:42 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/elements/html/ Frame 3861 8 KB
3 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AsH_1tscess9BbitEIj6QS7V_zhWD2F7QtgyovO0Pduf-2j869WmuXLVCE0PL5LpDF_rrya7VnQ81tST2ZntrmbTPrIw&cry=1&dbm_d=AKAmf-AKA5VhcJTWadgHsl6lwlr5rG-SF8R4RfXtgshNuz1EhROkHNFIR1OgUD4ts-8W_pwqUpQNLdKLSb3e1aN5s-9uBD-nIrURj7jcHUiyTTiPtMoOI7goXI4AR8WMI1zQrRZwQjy55UQRL1xWj2KdeDdPHkZq_dXKpQRwucPiN6PNWhG_N_zjnS_3g-ODj0f28QeakmuRPgCFKEhD-TanfRlUo5rGJmxY89FATAl3YIRCx5Xq3ry3goaIPrqfKruW4TFXa9cMEvW3NVUm4mYomY8GUxcmOrk10-3LgWpUDWHLyDZ6v499Xh43WKQNI6FqLngk4C__5_uXeFtYio5gns9RTjnun71BUbTfwpAUGNPN6iASt9qmc7zphCyQX5ZT7-Fyg9ZPr6NQC3DO0n09w7fKEra0JH8A3bAvieUuhNaGkr2KsIZ0ZPygiEvnLRKi4S6FjoqYpblOe_4NrtfYhHFQCIjgQXcZ608kG2Uz4YBl8jGjcMoWOL603YvSVkSrGTl1sNuRKPrPcWl9PoygECSgYjn2cJ_yn3ZlPgrl2P35K9x0l3Pg9oYwA5bTz2KjZU5pZ7AIZABAi9t-RAPMzkCRzUx452cAnktmJ0QychCJPGkVM_HMqrutnsGhQ0jczlcRd6qi8l0cHXPU_lK4JlrkrTzxafEGCHMJXk5fHGCbHbBxOOcbsmE8q1BuTvGjWzTIuPjE3GMPfByluegeoNwNZWUb9QgwOfZ3tpHtWbwWYLnkn-GiJzIDWCKJQOwBqmmi_HoLhaZJU1azZ-zl6txV-_z7rPIVmFL0c_idbK9SO0lbs0TYLLhnRA_y0zjML5BBCIEAW-p4aZ3uKkQa6NaqQyu7O44BPXUgAxaE9IxDiEt_AIDRbyxR2BhfTg3hMkCb4pw18ioS0FIQr0hwZCV9BnOICKQtKfXYmzIth30B9h-mGumamGO8VP_Hv3FR46lYLl0VPt3u_MgZt-KoSyiY6sZuoO1kytJj_LHUjRyBDeKy2Ti_j4mKgpVr_yc1PwbWU49BTOLGylWsaXGfUwdz0mxnzMQD7YjAsiwl6f2FHRS86D_ZGntmoFdlUecfnppXmocs0J1l9aqn8IXUbHHwY5jLIBRVMvuXnV72AEfzmgnyk_Ozmq9I6vU4S2GW8bGZTWFXQf6UVel7qMYUxzItu2_2xYgVGbaEo_FMHnUwNw8IjDUQG5YWaeRc1zNmfg33SSz7CDC2flp4eUHWDdSMhp5a1VWA94FGJ6Juoy7hI8bxXVxLIAsaEDhc43I0H5frILR6B1SCgOh3Ysr-NJj3sjHQuFDKcaYpNraU0FFuOntJ0wj4MTYsdF91bPAmOL8xdZBRjO0d5NUYpq-DuC7sJ7ccb7j08vE6t6V0z92j0zQEFvoBO9iq2cqgGKp_Tw9o4vHk3skbRbJC9rfUZC5YAvuzB3XKCVv9ITLDJ7uJFG8MrA_ux5Yw_G7Uc3ZCz_E6-_KSbOTEpiwRwYe3VYb7B0twzdsIZpzoY0G7gj5r95y1OZIqz1TmcXYsIkvRiufJXWwi5CLoV4mnwBWqhik737JBCBgHKPZ01K4bPZ06ja8-7fwvbV__zLoQsApy-0ai7KzHRhPuoJs2zIDMAxigVDSnu6Fyf__w-iSYw9bwrhIEd3yGcaGhFxrNe-nRlZLCiOQYor7838oCNE2Fioh68Q_RNgXoGeJsT-MYZx6Z9npWZJgzMVRkZjx0_qvSVMDx7r5MTNEx8vvGg40zkhqA1kcVdsOVfSus4LAEoyNBSDFo_y1tDndhAuUdAlxBg-M3O0w6ixHG5rC1ohm9DY75oKMrIGkvjY8_xmiY6q6bLhSBbiIIN1IRU--wMnUJYumdTIesGj-Bj9wJixwkO21sWzWG-Qv_gA9YQVOjfo_1r069Rm8nRQsXKKrHeN3tkaNoTJw8GjEXMrem-RjIusxtuFe4VjCjKk9HmWMoou7EKg2RYptiu1v-wqiOa6UOEeGgpW9m1nx5tMNLEPtPSY2FWYmodhybzI7eGw5_EC3sxz0N73w03p7RgAco6WBN2-a4F2PuaOZXTcQHM6j-w39ZgvKf8nxz_kuD1vD4vvVP-KK3rahb0GmoQNlOKYmX20KX7W9GI6B5x9Jm_D3A3-cv_AIEwTlXeUmPkYd1SuQngDw02S_u0TANcGObQAICSkYoMhZ5d1RZPJQmf1Gpm7jxh91B9Wz_0NPVXUuXLKxg9m3kpJ7euu_fovN9zRixrF4Kj0LmGu1x67YeZJJjkZCh6sR2nJ2rtPnCpKS1VfdFBDRUBmUmCPkRa-21HIw2CVyk5S-pcCm4aodaHZNKz1FeFP0H76VK60RWSLEMKxoxM0aCt977nLv0RrGRLKTUNWTeohjV0fz13cktBAjQduAzU3y5xwO-I_KS63DVNHwZ_a2yn-cfQTyebYdGNzI9Y91z6SIqJfOu-iC-3D4lFcgFmjRYv4bkhkFtU_1IeZ-qV5t-c4_uOXebbqjtZ1ZCfbxWzCS2hN-eIcUj1kC1jNy54LOJizTdt0x-YODAgy9gzYxQXdKY1Q3G_nClsufssM9tpUbHC0MDfkSp-mbkKKg2_GDs-czdknBS1J1mdv6mmzT-2nsW25N8g-uQPuB1E0P3VeRUAKE_w5txEjN1DPPgFsFTakMl6WPy1XFUkzKz6nBTPuTUET6-XjDoq7T8w0KB7h46Waahb3dDkAORSpwSiQOHRm6mcWC_hC0Wre2J4yyG6DRuB1nlfJF1eDwuorpW4sAgfG3i4Kasx2eOBnsYTNOOpVr6nuzT8lzJ6VZTouOCF0CUMG-f-GBi_lv6Bm4NLqLmGA8B9z23XVItSHAC7kCy1ylGCunNTX97p-X5v1jLQ1zG3LFt_2P8-L82XBmTSO3Y3dkwUIOI5m0yOdvQ5YnBUWbu89QoVoRxBAQ_5rostuopmLxjTtQYyuzt0hj1759cG2OXz5LJLlpzWN9_tiYHc-wG_k90wOMaZ9qO1_K8M0gGpRG_eVe0Is8BpC6YtWy0&cid=CAASJ-Rokbz0brJ0DiNnOw8-ZbyV_oISdaJXWUPMqSxcpyYk4qzh3G4rzQ&rfl=1%2Chttps%253A%252F%252Fobserver.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:46:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 117
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 May 2022 10:46:09 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/ Frame 3861 25 KB
10 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220427/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36998456859e35cf76812894575b0203d48ad8ac11d3165c5449d1fa73f19800

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:45:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9783
x-xss-protection: 0
server: cafe
etag: 9821519945299111448
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 13 May 2022 10:45:04 GMT

GET
H3 200 br-ijs_all_modules_5f03807057e2f4e478c96f1b753cf6ff.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 538 KB
101 KB 91ms
31ms Script
text/javascript 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/br-ijs_all_modules_5f03807057e2f4e478c96f1b753cf6ff.js
Requested by: Host: tag.bounceexchange.com
URL: https://tag.bounceexchange.com/4256/i.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 1e570cb477029bed02a997eda316a7e0d50052e2043258c9c953e77b08586674

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 17:21:53 GMT
content-encoding: br
age: 235573
x-guploader-uploadid: ADPycduYH7yvv08l8hUA5azFL8rQWuyU2I-Ic-VNjhT4VJ2Qa2-wqvrYEUn4LR2NlF101eee2idh2g0IcljC_LweRCCy3w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103300
last-modified: Tue, 26 Apr 2022 17:21:40 GMT
server: UploadServer
etag: "964d47ae4be3ac1d55c6702fd14997ee"
x-goog-hash: crc32c=tckQaQ==, md5=lk1HrkvjrB1VxnAv0UmX7g==
x-goog-generation: 1650993700793014
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 103300
accept-ranges: bytes
content-type: text/javascript
expires: Wed, 26 Apr 2023 17:21:53 GMT

GET
H2 200 t Show response
jadserve.postrelease.com/ 3 KB
1 KB 534ms
125ms Script
text/javascript 34.200.155.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fobserver.com%2F&ntv_mvi
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js?ver=1.0.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.155.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-155-146.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: b557703f81b748650c0496fe6300d76a76586504e42607327267a4f9dcc927fe

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:06 GMT
content-encoding: gzip
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/javascript;charset=UTF-8
content-length: 1051
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 217 KB
68 KB 133ms
50ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5BPNP6

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

79123893dd8739f6a65652fb71e6721d3c44240389744a38e019e83e7bb912c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69284
x-xss-protection: 0
last-modified: Fri, 29 Apr 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 29 Apr 2022 10:48:06 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0ECA 0
9 B 40ms
40ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?xnfiQA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3861 41 KB
15 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
URL: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 13:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161614
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Apr 2023 13:54:32 GMT

GET
DATA 200
OK truncated
/ Frame 3861 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16dedf29fe6530a3ff0eeee3273ce09f387a092219df1f8f33e631226609c0a1

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 app.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 5 KB
2 KB 41ms
40ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/app.js?ver=5.9.3

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

14118b6ece3be9c4fe5b369f5f4c5589ef4eaa228e41bb29b91961d58bcce024

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:36 GMT
server: nginx
age: 153298
etag: W/"6266b938-15f6"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 1711
expires: Sat, 29 Apr 2023 10:48:06 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 492F 22 KB
8 KB 40ms
40ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 97681
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 28 Apr 2022 07:40:05 GMT
expires: Fri, 28 Apr 2023 07:40:05 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 local_storage_frame16.min.html Show response
assets.bounceexchange.com/assets/bounce/ Frame AA48 2 KB
1 KB 32ms
32ms Document
text/html 34.98.72.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame16.min.html
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/br-ijs_all_modules_5f03807057e2f4e478c96f1b753cf6ff.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60

Request headers

Referer: https://observer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
age: 11852
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public,max-age=31536000
content-encoding: gzip
content-length: 1055
content-type: text/html; charset=UTF-8
date: Fri, 29 Apr 2022 07:30:34 GMT
etag: "a3a2b1efefa9dfa89e018263f95a6acb"
expires: Sat, 29 Apr 2023 07:30:34 GMT
last-modified: Mon, 25 Apr 2022 15:07:07 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1650899227833761
x-goog-hash: crc32c=loC7ow== md5=o6Kx7++p36ieAYJj+Vpqyw==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1055
x-guploader-uploadid: ADPycdsjwtVA-yy-x7ybJ32t87VfYN6z0s8CKeXiswdxyc1izN7QIM00PUhvlngr94MoWlh8UQ6R1OwFFlHXHTH7vbYQCvAu_YEl

GET
H3 200 dreamgirls-2022-02-11-tour-728x90.html Show response
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/ Frame E35C 7 KB
3 KB 131ms
49ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69f015086a5f31adcbb81e1235b6c5a4bda89f7fbf21f3fde35e70ac900b7cd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2822
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 29 Apr 2022 10:48:06 GMT
expires: Sat, 29 Apr 2023 10:48:06 GMT
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3861 0
622 B 286ms
87ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuZDcNgOhx5fZyPhLbyjcD7aYozn5oWvEhw-3twUnRJ8te6QXDAusZFN5fQlNF6pavHMj93BLvyvHW8gwssAsHiC4r1BtWFomyQ_9YFLc6Q0oZqIf6H5bJUW1W8bgZKHuwUMIj78GeJtlPcI5bE3Rp8jyGl0wPrG8upi5Hi2qUn_2waVAVnZd4GjDogO6CWoNzjqd5t2JGsNU4ZfOyAwZcP1iXfXZd4ghWZS3EcRKzBNziP7ypAhQI6n6h0Z685olsKymXAfcWqnI-JSSnydnbGMNqKHJIsLmqgnmh9Wct6U1qhUJOBC6KhysMqpMw0IKorJCYl2OBxJFMEk42M9Ap-7_J9WCGY7aUP5HR6r1kpKhz59FWTjnjU5acKR-6rIqiqO7REW65L2q-H118mxXEQ5TUqlVWqvbwSK4BnoydoTunQuwdrLBV6Af5KXLoNUMtoHMLN6Cyil6v3oyid_eLdcTSuIPW225agauymH7SS8TmDOH3cUElEgAljDn6EOnhHKTEDoQZrJDMUfYmbrPhev0_La5dvhQ_2Szn0lL7yLmdRD9gv-m51IbzDr3wtS9l1SnSeSqTQTWsS6hAi4anirrz99quk19S7mY6dG59zx28piWEMyszQtZhKHyh8h9CuJmb-BvWlody95rAt2CiUk_axS_cKug-KMtlYc7LSMOupOLa3A7AmRpwbDai4K-tnzLjqJkHtaa1Z06J2OnLnIPqE1Vsn63MKUhYDcBcq0jEQvkNsl5xeIUcbAi3yt_rsVB3ZI9dSsjVWw4Te7tQ_QvwblI8HeTnJ3pXO2glDYuHKXtFZzvf6lR92rFYV5tm7SNS6T9R-WeyY-NreG0Tsg95kFb13V_I0qSFMCkpOn4sarMlSdE_-SA7cX8a0pxfCBjiYLErU1Dmpg_59ezCT4c8RIceMNNRbo1D78d5pyDMVkz-j6GOqXVfS8ozTLMmmN3zflDuozov4m8Vh714lmF8QjXoa1lTz28whY1UPJ37EIKYjxNt9BO3LDnJqvkiJg9xca_Em8IKf4j8qJU39Pi7aDbGIlFPGXJ3APrghviJ6K_wBNtgiRVDzi0EeE6xLWfgswEq6tjWl7luRCooxyVdTDdgoziw6xVJNclkuB3wZqJlv_H47MSvyA-z7bKJgxE_cZkqFkLuSaoDXDLqnm-Gix20KdLx9MW8&sai=AMfl-YTsF9SajOjyv6x2k1Bg7qdTT0Rns8ZIdJDUqsGbpp1yfU1Q-JwNOquZvjML7l5ukGRqjaBZtmA3KV-BUM9iV9-XV7kLIzKrscHi0BxoYyXVP3tup94RO34WWmcvRccuWzdM4rmkEUV3N2z-zEm0xxTz3EJ1r2lL3FoTQbmAr8Kkn7gXSRStimSEUC0CO3w0XcQufcpkS4cXG4ITTSvJ3An4EqTd51Y&sig=Cg0ArKJSzHbGOmDD0KdtEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=251&cbvp=1&cstd=242&cisv=r20220427.60069&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Fri, 29 Apr 2022 10:48:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET img;adv=11222240113293;ec=11222262632660;adv.a=8846290;c.a=27259707;s.a=5215700;p.a=328340739;a.a=522556436;cache=1938200904;
ad.atdmt.com/i/ Frame 3861 0
0

GET
H3 200 e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js Show response
pagead2.googlesyndication.com/bg/ Frame 492F 35 KB
13 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bc59c486f78be433dde47b94a3176f5c4848e6caaeef7ebcba10bd37c2db92e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 20:50:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50231
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13654
x-xss-protection: 0
last-modified: Mon, 25 Apr 2022 12:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 28 Apr 2023 20:50:55 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 206ms
44ms Script
application/javascript 2620:116:800d:21:3175:5196:e3fd:8c1d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5BPNP6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
content-encoding: gzip
etag: "u2JtyZzqnTXwzBUswy2r+w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Fri, 06 May 2022 10:48:06 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 201ms
41ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: wCQzW6DdbMN8TBLsbZ7kHH4VbDSMHqavQpsdVbJHjA2Z+hYOUXHfCc2jn0mu5Yg4nxjTStOvtNZjkye2+wSSuQ==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Fri, 29 Apr 2022 10:48:06 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 203ms
43ms Script
application/javascript 13.32.121.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-72.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 04:14:36 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 28044
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 11a78ce92a548aac13fb6ee545aff014.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: gfQcNtbTxYsfyQAMkC7akU6dedDidPgyt_BTq3_Pqoqpchjk6wTrog==

GET
H3 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
884 B 41ms
40ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 09:52:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3316
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 29 Apr 2022 10:52:50 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5BPNP6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 1855
date: Fri, 29 Apr 2022 10:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 29 Apr 2022 12:17:11 GMT

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 36 B
342 B 222ms
62ms Script
text/html 34.111.8.32
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklzs=325&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDYBWfAJjIE4yAOQgdkvs2AC8QoAGTAdwFMARjlTA+AfVQATKABYyxQpgBOfHCAA2cNBgKFOnAB7l9yvjD5KVSqNgCG69agQBzMXCXqoAC2DAADjgApADMAIKBZABiEZEgQhYAbhYAdEggALYxmAmowsBiaSAA1qh8UIH0AEIRZOp+NSHhFD7+QfJhEcRRnVFxOIkpaZny3RQRAMI1Sg0dY2P0ACLYIMWl5VUVS4Ul4qAgYuq2Ss5lMPb9mAJ+XJh8-lAA2gC6mH7AeMvpfo62yOIwh2cNgSXlsUCAA
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/br-ijs_all_modules_5f03807057e2f4e478c96f1b753cf6ff.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:06 GMT
via: 1.1 google
x-envoy-upstream-service-time: 20
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

POST
H3 200 collect
www.google-analytics.com/ 35 B
55 B 48ms
48ms Ping
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
443 B 135ms
42ms XHR
text/plain 2a00:1450:4025:401::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-1212249-1&cid=1044140522.1651229284&jid=70357816&uid=1044140522.1651229284&gjid=603877806&_gid=2101929011.1651229284&_u=aGDAgUAjQAAAAE~&z=535251824

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:401::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 29 Apr 2022 10:48:06 GMT
content-type: text/plain
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect
www.google-analytics.com/ 35 B
55 B 48ms
48ms Ping
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 492F 0
20 B 76ms
76ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BEjzHZsJrYtG3FZWOjuwPhZ2TyAMAAAAAOAHgBAI&bg=!19Sl1JDNAAZNIUvJbSE7ACkAdvg8WoAuiC19by4ntzFeGzIixxULEJ5w58Iqul0TSoab9w14surYRwIAAABhUgAAAAFoAQcKAAyTjXVWc_ndmE-uS72ZAySwkiCJ0n5WBmAz3UeWvv4c0KFQN5M7pAJ4c4mG1eBm3AlhCutbcM5V_uX7n64BrkzloNMnCYT5vr4D2W1j_BIVYkcSr8OGYNANZhDo0bZCaNp9it7D0WQMsqTXCdYDkiSuRW106V2pf6IE8X9LmaP6dllG9JX6rvXzT124NB75e8dRKstWT2ppIJli3yJ8af6DH1-dcy_jbhwrLx-2nzPCy4ZTVzdhqLRooqQVgTqFecpXK135RRGbsZU2zUu2920BEV-AX3QB0O14neKbxU8ErzNLyONBPDE_zniNZYGgDfKx6vIkQpWGeEC_ipwPZZZcKIMVz0ZTDuoVIrzkc-_s0gIjQ2YqCZgS9jeMBcyeCSxju7P7c5bHI2v6nzvSP4ITSzQISMGRbWAeS7-rqm5tkuRBSaQhmiQyo-dIfVEtt_LDAEaW8M1wM4_4fMxn3VPMusbljKAWKbpY3qfMmAqNkUBVApj_bzLKU8F-He8yJ9XT8o4p608tDzPjYbEOWVxIF23oKOjrK_m4ELiIwflftzYT4HburCN5zW_tJ878i_Bb0ucny89iSa_nDkQO1vqnwRL-UKU6XV5vZdyMG3ubQI5XPa7XMFpKkvyrQW324kyYcgg7SHZgZ4vy_zwuKD0lOsKIceFNSXuxyUSo0679JQ-h1WlA6gQn2docTG1Zx5v8SfyZgjrnwdjpxUr0fxpnwsUSpiWXeIQpFpm7tjSp4YsoXrsnvqMHqXxmB8boG7PoPMj_2QT1Q4XWaXbmRwvxNmJIgTbNHJAcBLDb6v_9HDotcaYNlM6TqXrsZrzRTlMTWKZGNoJ2Hxu8-ww52NvPGvYgqo8AQayCD7NLYRVsbd4DTQivcKaAxappDxW4AITS_OKNEnAqWZGk3jD6z_kKgfdoV4DIJPcAiXdUpdm6L3gdsxhhjwNcNpjD2aYPjTqLc30FepR6ft9DYfTkcan2xNGogKzs03bIycP0JRwlCoNPjCEJXPJWwLnMceHDtZoB6tj3YM8W4GTj3QvtUfkZ8UvLu8HUxV8X1IuA1PzrM22H1qSeSQgxi5OVudkn-Xjrx9k

Requested by

Host: 2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
URL: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame E35C 118 KB
40 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 18:54:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57197
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Apr 2022 18:54:49 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 67ms
66ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1212249-1&cid=1044140522.1651229284&jid=70357816&_u=aGDAgUAjQAAAAE~&z=1607836871

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
501 B 179ms
89ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1212249-1&cid=1044140522.1651229284&jid=70357816&_u=aGDAgUAjQAAAAE~&z=1607836871

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=13507040&ns__t=1651229286957&ns_c=UTF-8&cv=3.5&c8=Latest%20News%20and%20Trends%20%7C%20Observer&c7=https%3A%2F%2Fobserver.com%2F&c9=
https://sb.scorecardresearch.com/b2?c1=2&c2=13507040&ns__t=1651229286957&ns_c=UTF-8&cv=3.5&c8=Latest%20News%20and%20Trends%20%7C%20Observer&c7=https%3A%2F%2Fobserver.com%2F&c9=

0
190 B

54ms
54ms

Image
text/plain

13.32.121.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=13507040&ns__t=1651229286957&ns_c=UTF-8&cv=3.5&c8=Latest%20News%20and%20Trends%20%7C%20Observer&c7=https%3A%2F%2Fobserver.com%2F&c9=
Protocol: H2
Server: 13.32.121.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-72.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
via: 1.1 11a78ce92a548aac13fb6ee545aff014.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: 5GxytWYvyoA8VpN61u89fnR5qU8xRwOzUUn9oviwARrUjCkZgAQvfA==
x-cache: Miss from cloudfront

Redirect headers

location: /b2?c1=2&c2=13507040&ns__t=1651229286957&ns_c=UTF-8&cv=3.5&c8=Latest%20News%20and%20Trends%20%7C%20Observer&c7=https%3A%2F%2Fobserver.com%2F&c9=
date: Fri, 29 Apr 2022 10:48:06 GMT
via: 1.1 11a78ce92a548aac13fb6ee545aff014.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
content-length: 0
x-amz-cf-id: ZHDtIhilSRBhorKouS1-QS_pdDdmyJtfurONvJoNFkHwK7ea-ZRAZQ==
x-cache: Miss from cloudfront

GET
H3 200 832096553515722 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 229ms
177ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/832096553515722?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7fc041bc5f1651002fd0d07b673384c76beead1b8fa4e812f1635f17b325dd70

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 3WoHwaub2nFwv5rClZVuTax48vLiQvT1fkmq3e3AEqBf7mgMgDFSdgJXhOfn47fc/qpsn1TO+EN41ZeLVFtRlA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 29 Apr 2022 10:48:07 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1651229287177
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 rules-p-UtaLhd9K6h6Mf.js Show response
rules.quantcount.com/ 2 B
354 B 171ms
54ms Script
application/javascript 2600:9000:225f:0:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-UtaLhd9K6h6Mf.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225f:0:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:09:49 GMT
via: 1.1 086613b3103277577d231678b44747c2.cloudfront.net (CloudFront)
server: AmazonS3
age: 2297
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
x-amz-cf-pop: TXL50-P2
content-length: 2
x-amz-cf-id: FGXkV4UdkpkYup0Gle73ugvTRUylkRT_udgjIJRXwGYo0oMe2m6fRQ==

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 3861 0
26 B 163ms
78ms Ping
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuZDcNgOhx5fZyPhLbyjcD7aYozn5oWvEhw-3twUnRJ8te6QXDAusZFN5fQlNF6pavHMj93BLvyvHW8gwssAsHiC4r1BtWFomyQ_9YFLc6Q0oZqIf6H5bJUW1W8bgZKHuwUMIj78GeJtlPcI5bE3Rp8jyGl0wPrG8upi5Hi2qUn_2waVAVnZd4GjDogO6CWoNzjqd5t2JGsNU4ZfOyAwZcP1iXfXZd4ghWZS3EcRKzBNziP7ypAhQI6n6h0Z685olsKymXAfcWqnI-JSSnydnbGMNqKHJIsLmqgnmh9Wct6U1qhUJOBC6KhysMqpMw0IKorJCYl2OBxJFMEk42M9Ap-7_J9WCGY7aUP5HR6r1kpKhz59FWTjnjU5acKR-6rIqiqO7REW65L2q-H118mxXEQ5TUqlVWqvbwSK4BnoydoTunQuwdrLBV6Af5KXLoNUMtoHMLN6Cyil6v3oyid_eLdcTSuIPW225agauymH7SS8TmDOH3cUElEgAljDn6EOnhHKTEDoQZrJDMUfYmbrPhev0_La5dvhQ_2Szn0lL7yLmdRD9gv-m51IbzDr3wtS9l1SnSeSqTQTWsS6hAi4anirrz99quk19S7mY6dG59zx28piWEMyszQtZhKHyh8h9CuJmb-BvWlody95rAt2CiUk_axS_cKug-KMtlYc7LSMOupOLa3A7AmRpwbDai4K-tnzLjqJkHtaa1Z06J2OnLnIPqE1Vsn63MKUhYDcBcq0jEQvkNsl5xeIUcbAi3yt_rsVB3ZI9dSsjVWw4Te7tQ_QvwblI8HeTnJ3pXO2glDYuHKXtFZzvf6lR92rFYV5tm7SNS6T9R-WeyY-NreG0Tsg95kFb13V_I0qSFMCkpOn4sarMlSdE_-SA7cX8a0pxfCBjiYLErU1Dmpg_59ezCT4c8RIceMNNRbo1D78d5pyDMVkz-j6GOqXVfS8ozTLMmmN3zflDuozov4m8Vh714lmF8QjXoa1lTz28whY1UPJ37EIKYjxNt9BO3LDnJqvkiJg9xca_Em8IKf4j8qJU39Pi7aDbGIlFPGXJ3APrghviJ6K_wBNtgiRVDzi0EeE6xLWfgswEq6tjWl7luRCooxyVdTDdgoziw6xVJNclkuB3wZqJlv_H47MSvyA-z7bKJgxE_cZkqFkLuSaoDXDLqnm-Gix20KdLx9MW8&sai=AMfl-YTsF9SajOjyv6x2k1Bg7qdTT0Rns8ZIdJDUqsGbpp1yfU1Q-JwNOquZvjML7l5ukGRqjaBZtmA3KV-BUM9iV9-XV7kLIzKrscHi0BxoYyXVP3tup94RO34WWmcvRccuWzdM4rmkEUV3N2z-zEm0xxTz3EJ1r2lL3FoTQbmAr8Kkn7gXSRStimSEUC0CO3w0XcQufcpkS4cXG4ITTSvJ3An4EqTd51Y&sig=Cg0ArKJSzHbGOmDD0KdtEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=545&vt=11&dtpt=294&dett=3&cstd=242&cisv=r20220427.60069&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 29 Apr 2022 10:48:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E35C 7 KB
5 KB 135ms
52ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3dce8f194024f4b012659a07210bfa1525c872a909e372adb049622f1bb27c65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5492
x-xss-protection: 0

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
426 B 120ms
119ms Image
image/gif 34.200.155.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_at=394&ntv_usid=3876976&ntv_pl=1092087
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.155.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-155-146.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:07 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
426 B 120ms
119ms Image
image/gif 34.200.155.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_ui=a1ad57bb-9340-4f62-ba91-5a95a1c64dd7&ntv_fl=CF4se3gYGjAPzQcMJoAeWbt9Edl0Z3l9q9WDcci28eJ4srGTW0gLq8U1Lnp1YUWzb3l1xIGh2j5zAUxai5a4AS2agxqpdbcg-ey5wjtVPBinxMaQXjuOnd3wEo6GCgM6Iyu9_Qn1UDgFUFn1wQfqfDW2L64-z1p6nPo37XJr1CIPNV5bD99BpCwjknu66gx2fPduSiceqb6IKrMriwkyqotrOkykjT1jOtuj_zOKuMQ=&ntv_ht=ZsJrYgA&ntv_at=303,302&ntv_a=AAAAAAAAAAJTMRA&ord=1651229287040&ntv_it
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.155.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-155-146.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:07 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
426 B 120ms
119ms Image
image/gif 34.200.155.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_ui=94e57435-c77f-46bf-bc0b-662ef64b1b79&ntv_fl=CF4se3gYGjAPzQcMJoAeWTLunWOKm480ihA5hwo2yCfPb_Bx7w_way_Jn-VESUS4GGgtdkZ4NZrxf1ZTdS0RCTyFr6ZQP6WWEA4B-4GawLr-jreTSgdnqI-Bhyc0KvCfx34Jj8KPADamaIMYOfJVUqvQeoSulFOQWFBd3hh1BOxiwv_bKXFfAAh6pyXnrPUhg1T4iL3xUluo8KWRTQ5tW8WARxsPeGR9alzil6jNchk=&ntv_ht=ZsJrYgA&ntv_at=303&ntv_a=AAAAAAAAAA96kQA&ord=1651229287043&ntv_it
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.155.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-155-146.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:07 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 gdprConsent
jadserve.postrelease.com/ 43 B
426 B 119ms
118ms Image
image/gif 34.200.155.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/gdprConsent?ntv_pl=1127205&ntv_gdpr_consent=&ntv_it
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.155.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-155-146.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:07 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 92ms
92ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022042601&jk=4077771301896262&bg=!JySlJGDNAAZNIUvJbSE7ACkAdvg8WlAeqF9Kzl-PzEGK4pi8DElG3YbwVTF4On3gu7LvFQ7epuGjggIAAADEUgAAAAJoAQcKAAhZJzzzOMsV55kC4mP5jgGe4YKTRBHz-76Y7erh7lAfwiBpXdggbCH38KH752rMpcxaeasm1YyzU91Rssw0qxCCQSVbphzEPRaDT-cE9Ob8eGhU-M54b4V3psVu-PREKD51Ww_XlWoUO_EzqjXutp9ZNTVPZBpZIIOB36OkAlOyZ3cCKwyqu2mlTO8vrTMA18T3_rcbjidQNWQs29PvG4D5U5t2YiAywmJ1HLZFKGhq3CGxYRYQqDXITyok-YgEV71-OtOTV7CnTGALGh7JbDhEtlDH9AC8yR294NHNMa9XgfUkEK4TurfrWcaC1SeV9uTvNCqB8h6oxzSrJFYaHGLpjVDxxz5Gxj6SpwOoTCeSBWSRJBuMfIgAeCTjBhlwkNrF9BeLLz30KVod6DxgSphqm1eyp-4IV3UBoZAD63cqPXjB0oY9mkQld8LxSK_Hzct_8-PJ474IOkQhlh0nANT319kPprca5hEKusI6cQVYM-MzKAYbFHu-u_rVc68-dpbEIQy2u1CvwDYn_cEZlVf8Uwk7IJGjTjI8C5d9Gmwq0y0pkPz3R0tuMMj2L5Q0YmmclQQt8kYtp3NffFaLZ9ZUY_OcH7VSLRNuBwcs0cLlRT4IxzWTNdNwDDYxIsIY-0Wus4HYfxkIOLir7dkVXH1honWuOQ2uMgKqG3at5UEZu1P-sGVd4yxSHIV2M4MxWpy3XA0BsK6EP276uTuI7Zq2fgs6PIuCUAHlqBib0EDIbwr7OxwKwRI-wlYCk_RsBMt8tKr7avaA2VN_vuA4BY3wc6s8OHNl5zVR2ntm5o6EOGLDNuA9Yek4Kn5yj77LLezQBVaPT90rAzxm8JMqJRwF1CcL2ofnjdy4MslI_QJCXjU3VLZkuknsGoMQ2Ncr0PBR2DpPUcaDe2Y0ep4DVJRoCY9IsPROgP7R7a0eGEb46j-z3cA9dlvMRpdfARksIPI5aYMhhIYe4kax5KBMrzfBZ09Mfb2ztF42-zJhrg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

GET
H2 200 infinite-scroll.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 2 KB
1 KB 42ms
40ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/infinite-scroll.js

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

84625259993c050f663fa3f6ab38832e32ace2145bd0a8ebcc075d1114ad3526

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
x-rq: lhr2 0 4 9980
last-modified: Mon, 25 Apr 2022 15:07:36 GMT
server: nginx
age: 152717
etag: W/"6266b938-911"
vary: Accept-Encoding
x-cache: hit
content-type: application/javascript
cache-control: max-age=31536000
strict-transport-security: max-age=31536000;includeSubdomains;preload
accept-ranges: bytes
content-encoding: gzip
content-length: 1139
expires: Sat, 29 Apr 2023 10:48:07 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 20 KB
7 KB 148ms
53ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03aa6fcac2902227e1b66a01b87824692f708bbf9bfe441784f8ed22d677f6de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: +q2Bd0SvXowDeesSOf+0yw==
age: 8963
vary: Accept-Encoding
content-length: 6782
x-ms-lease-status: unlocked
last-modified: Tue, 19 Apr 2022 16:48:44 GMT
server: cloudflare
etag: 0x8DA222477B64739
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 1cc45f15-201e-00e0-512a-543e6e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 703776a52ea223c7-ZRH

GET
H2 200 3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js Show response
cdn.permutive.com/ 312 KB
88 KB 135ms
63ms Script
application/javascript 104.19.150.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.150.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18a3a91605a7eb2227f34894ec63ff07cafdb12cc3a1a58080e14863134e2987

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: br
cf-cache-status: HIT
x-goog-meta-oid: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d
age: 1193
x-guploader-uploadid: ADPycdtLOQ64dmiuYJzcLWOFXt8L4O1O_y3j7EooKD8deaSzjIjclDk0i21R6mUZIHRX2mkmrf6y4n425G6AmUwMfCXsMg
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-type: application/javascript
last-modified: Thu, 14 Apr 2022 21:09:31 GMT
server: cloudflare
etag: W/"8ebe31bb7a41b753f67e2cef571ee359"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=wrq+Zw==, md5=jr4xu3pBt1P2fizvVx7jWQ==
x-goog-generation: 1649970571018226
cache-control: public, max-age=900
x-goog-stored-content-length: 91555
cf-ray: 703776a4fa5ce58f-MAN
expires: Fri, 29 Apr 2022 11:03:07 GMT

GET
H3 200 createjs_2019.11.15_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame E35C 236 KB
63 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64275
x-xss-protection: 0
last-modified: Fri, 15 Nov 2019 19:16:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 29 Apr 2022 10:48:07 GMT

GET
H2 200 pixel;r=2119085180;source=gtm;rf=0;a=p-UtaLhd9K6h6Mf;url=https%3A%2F%2Fobserver.com%2F;uht=2;fpan=1;fpa=P0-1330853523-1651229287148;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d...
pixel.quantserve.com/ 35 B
371 B 55ms
44ms Image
image/gif 2620:116:800d:21:3175:5196:e3fd:8c1d
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=2119085180;source=gtm;rf=0;a=p-UtaLhd9K6h6Mf;url=https%3A%2F%2Fobserver.com%2F;uht=2;fpan=1;fpa=P0-1330853523-1651229287148;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d=observer.com;je=0;sr=1600x1200x24;dst=0;et=1651229287148;tzo=0;ogl=type.website%2Ctitle.Latest%20News%20and%20Trends%20%7C%20Observer%2Cdescription.Observer%20covers%20the%20top%20stories%20and%20all%20of%20the%20latest%20trends%20in%20lifestyle%252C%20arts%252C%2Curl.https%3A%2F%2Fobserver%252Ecom%2F%2Csite_name.Observer%2Cimage.https%3A%2F%2Fs0%252Ewp%252Ecom%2Fi%2Fblank%252Ejpg%2Cimage%3Aalt.%2Clocale.en_US

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:07 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 posts Show response
observer.com/wp-json/wp/v2/ 183 KB
35 KB 432ms
431ms XHR
application/json 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-json/wp/v2/posts?page=2&nyo_post_hidden=213498167&offset=21&sticky=false

Requested by

Host: observer.com
URL: https://observer.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e86ea7c798209c95af3c20ec234f04262adfd22c4ff30affe714d886b8f6c463

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://observer.com/
X-Requested-With: XMLHttpRequest
accept-language: en-GB,en;q=0.9
X-WP-Nonce: 9f15bb9c71
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-cache: pass
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
x-rq: lhr2 0 4 9980
allow: GET
server: nginx
x-wp-totalpages: 10430
strict-transport-security: max-age=31536000;includeSubdomains;preload
content-type: application/json; charset=UTF-8
link: <https://observer.com/wp-json/wp/v2/posts?page=1&nyo_post_hidden%5B0%5D=213498167&offset=21&sticky>; rel="prev", <https://observer.com/wp-json/wp/v2/posts?page=3&nyo_post_hidden%5B0%5D=213498167&offset=21&sticky>; rel="next"
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
cache-control: max-age=60
x-wp-total: 104292
accept-ranges: bytes
x-robots-tag: noindex
x-wp-nonce: 9f15bb9c71

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E35C 17 KB
6 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 29 Apr 2022 10:48:07 GMT

GET
H3 200 dreamgirls-2022-02-11-tour-728x90.js Show response
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/ Frame E35C 32 KB
6 KB 41ms
41ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5d0175e1eb04eb4bf21c993a5e838eeed6a8c53861a0ce3eb540af9bb269a03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 242605
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5880
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:24:42 GMT

GET
H3 200 e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js Show response
pagead2.googlesyndication.com/bg/ Frame BDFC 35 KB
13 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/e8WcSG94vkM93ke5SjF29cSEjmyq7vfry6EL03wtuS4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bc59c486f78be433dde47b94a3176f5c4848e6caaeef7ebcba10bd37c2db92e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 20:50:55 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13654
x-xss-protection: 0
last-modified: Mon, 25 Apr 2022 12:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 28 Apr 2023 20:50:55 GMT

GET
H2 200 6a95224d-e53b-4c23-b2a6-31faa3db3cc4.json Show response
cdn.cookielaw.org/consent/6a95224d-e53b-4c23-b2a6-31faa3db3cc4/ 3 KB
2 KB 148ms
53ms XHR
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6a95224d-e53b-4c23-b2a6-31faa3db3cc4/6a95224d-e53b-4c23-b2a6-31faa3db3cc4.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cc8f8f131774a8405d79658e64366f7044e6f439cfccaf977aecf0deb4c052e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 0CCuNb2oi4MBXRI3Igqd4w==
age: 11211
vary: Accept-Encoding
content-length: 1135
x-ms-lease-status: unlocked
last-modified: Thu, 12 Nov 2020 16:47:25 GMT
server: cloudflare
etag: 0x8D8872AA28370D2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 85d73eb8-e01e-007e-5c17-b64729000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 703776a61d3a233d-ZRH
expires: Fri, 29 Apr 2022 14:48:07 GMT

GET
H3 200 btnbooknow_off.png
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 10 KB
10 KB 41ms
41ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/btnbooknow_off.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1db60ba82b881d9af3697e233a6f02276713c2b375b19c2579ed53eda722f8a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:43 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10721
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:43 GMT

GET
H2 200 pxid Show response
3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co/v2.0/ 46 B
392 B 146ms
37ms XHR
application/json 35.241.9.51
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co/v2.0/pxid?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.9.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.9.241.35.bc.googleusercontent.com
Software: Permutive /
Resource Hash: b500ebf1e1b75e4d81729b1745b089ff0d7fd8679865cfb5488fb08ca3f966fd

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: text/plain

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66
via: 1.1 google

GET
H/1.1 200
OK getuidj Show response
ib.adnxs.com/ 29 B
875 B 35ms
35ms XHR
application/json 185.33.221.50
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e6895a1fda5147ca06b552327555925b77f87091b45b809d874b7ad1f08d2c9b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 29 Apr 2022 10:48:07 GMT
X-Proxy-Origin: 217.138.196.100; 217.138.196.100; 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: a014f82c-22a8-4d22-b99d-26a2eb3a9515
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://observer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 29
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 3b5c18b9-96b7-48e4-a3ef-011eb84a970d-models.bin Show response
cdn.permutive.com/models/v2/ 4 KB
3 KB 94ms
41ms XHR
application/x-binary 104.19.150.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/models/v2/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-models.bin
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.150.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21949b41d8bcf15d7f1ddab0c4e305329a10ffc5355134e669c44771d17076bc

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: text/plain

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
cf-cache-status: HIT
x-goog-meta-oid: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d
age: 1192
x-guploader-uploadid: ADPycdtb3i7FLBNXCs68O1Y317EQgbUev9IeLjXcxnPZhWYtN70fvzo02AMaLNriYzp311YKaRwCoC32O5lsmKSQeBf6hepS4Ser
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-type: application/x-binary
content-length: 2686
last-modified: Fri, 29 Apr 2022 06:02:02 GMT
server: cloudflare
etag: "26dd95762629f8ff9462d92a4fad091a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=NpwB4Q==, md5=Jt2VdiYp+P+UYtkqT60JGg==
x-goog-generation: 1651212122530322
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=900, no-transform
x-goog-stored-content-length: 2686
accept-ranges: bytes
cf-ray: 703776a61d93362e-MAN
expires: Fri, 29 Apr 2022 09:44:42 GMT

GET
H2 200 geoip Show response
api.permutive.com/v2.0/ 258 B
235 B 122ms
38ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 7c585543eb96408d6e90889b9edcaa9d3b612b23ab38d8c0d52c79365876f1ca

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: text/plain

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
via: 1.1 google

POST
H2 200 watson Show response
api.permutive.com/v2.0/ 307 B
411 B 121ms
38ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/watson?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 90d614055473a8d8bca4a7934c3b3cf482c6b8a021fdac29317880e499286eb5

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: text/plain

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 219
via: 1.1 google

GET
BLOB 200
OK 04f33d5b-22a0-479d-8585-ccbe0c6f02bf
https://observer.com/ 80 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://observer.com/04f33d5b-22a0-479d-8585-ccbe0c6f02bf
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63d21989bcd6291da7f4f03e2c996f5a72275e8b692f9b29a01f6de5c48259d0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Length: 81629

GET
BLOB 200
OK 2128614d-ab34-43e1-9d6f-2cdeb12d5873
https://observer.com/ 19 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://observer.com/2128614d-ab34-43e1-9d6f-2cdeb12d5873
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1aa5961e26d975142f3d6fdc02f690af7190eeedcb92da8358da60f8cb36771f

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Length: 19782

GET
H2 200 /
www.facebook.com/tr/ 44 B
410 B 132ms
40ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=832096553515722&ev=PageView&dl=https%3A%2F%2Fobserver.com%2F&rl=&if=false&ts=1651229287342&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1651229287340.1123225332&it=1651229286967&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Fri, 29 Apr 2022 10:48:07 GMT

GET
H3 200 btnbooknow_over.png
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 10 KB
10 KB 43ms
42ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/btnbooknow_over.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9638307069cbe334e9976df3f7821d8636dbe75ffcbbf88428f43199e93a1988

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:43 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10278
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:43 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 177 B
452 B 187ms
85ms XHR
application/json 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97551120a31b768832ec633d33187a4273e9f4073386de563b0df8ec285a052c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 703776a72f4f0211-ZRH
access-control-allow-headers: Content-Type

GET
H3 200 dglbdreamgirls.png
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 28 KB
28 KB 42ms
42ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dglbdreamgirls.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28330bcd707be0cf81788de1c9f37b3378f9f812cba4d84e8bdfd33d6870a360

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:43 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29036
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:43 GMT

POST
H3 200 identify Show response
api.permutive.com/v2.0/ 50 B
88 B 112ms
50ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/identify?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 2ad26186a2db00f2258a8f58fe00e6f5377f3cfc1b0d191c92e418e6ccff063e

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: text/plain

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70
via: 1.1 google

GET
H3 200 dglbgirls.png
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 28 KB
28 KB 42ms
41ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dglbgirls.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

276120fe65d94ca153a9bda5a5cf039f04a83c49f065bef3df03a8fadf37d71c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:43 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28883
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:43 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame C23A 42 B
64 B 82ms
82ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstF2PLw9a5X7sUzIMAWCoPk-Dp1WGF516T4yGesLyIkNDCkxQ6rJlHI0u-RL5BVcNBGgfpz_W9AhRQgVGrPd-JSCSWrvtwQbPOsuvPHj-PpAa_1nZm2YwoOnqOj5dYre15G0LD1-86gjimYumUaNLc&sai=AMfl-YSsDte1s1oQuyC3M389CqIuMYSMUc0QvgbTmRRlIrLQ_knXCV5v-rT8SEq6hzkEuVO7Ulw3vMJN-j2YL4Cp5zUHL5Sd_pGnl9tp9eG2vGWkStDHvJ0Pc1rVdQtOzao&sig=Cg0ArKJSzPPalsmqMjypEAE&id=ampim&o=995,910&d=280,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,1001,1001,1001&tos=0,0,1001,0,0&tfs=360&tls=1361&g=100&h=100&tt=1361&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=3454895282

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dglbquoteandimtellingyou.png
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 17 KB
17 KB 41ms
41ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dglbquoteandimtellingyou.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48321f0229cffbd1758272a53a07dd76bca1813c470639a9a43e0d282c063b57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:43 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16917
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:43 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3861 42 B
64 B 75ms
75ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssrq4U7I9NZWZsAsPmo-pE4G4LuxkVpRInn24OOueUR0bEWBL3Y8UAqxi6boV1amZwkA_PPAiBtC05gOmyyeFtGNdqcX5UMzSReQd2zl4NAI8D2GvEsfRTZZQJE&sai=AMfl-YRPhqPSO35q5kzgHnw7Yir0KNFxBdUwz07ti1anThn2ZgaaH8j2Tg3XvR3eANkReMB6OxIlukrql781hrjcYCibr14ML4FAgne1TOMBT3lcktsxC0aMj0s_T-OOXy8&sig=Cg0ArKJSzFPHuvqnOGDUEAE&cid=CAASJ-Rokbz0brJ0DiNnOw8-ZbyV_oISdaJXWUPMqSxcpyYk4qzh3G4rzQ&id=lidar2&mcvt=1000&p=170,436,260,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220427&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=456377231&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1651229286088&rpt=457&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dglbquotethedazzlingsoul.png
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 18 KB
18 KB 41ms
41ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dglbquotethedazzlingsoul.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e1dbadfbfa3484a8577de6b69dde3ae9fb0e68bd46a16c78011a88df2e8eb1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:43 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18398
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:43 GMT

POST
H3 200 tpd Show response
api.permutive.com/v2.0/ 2 B
39 B 111ms
51ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/tpd?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: text/plain

Response headers

date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22
via: 1.1 google

POST
H3 200 segment Show response
api.permutive.com/adv/v2/ 14 B
28 B 101ms
45ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/adv/v2/segment?new-session=true&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Fri, 29 Apr 2022 10:48:07 GMT
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14
content-type: application/json

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.9.0/ 341 KB
74 KB 57ms
57ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a13b93c05af6ec6255b737032aa3f5d1f4823ed2d57d12c0735bd2c4adc8efc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 56jOXvghU3RiFIKiZ2Zh+g==
age: 16627327
vary: Accept-Encoding
content-length: 75725
x-ms-lease-status: unlocked
last-modified: Fri, 20 Nov 2020 16:34:12 GMT
server: cloudflare
etag: 0x8D88D721D404CB2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 861b8e1e-f01e-00a6-536c-c4e0f8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 703776a7ba6823c7-ZRH

GET
H3 200 dglbthemultiawardwinning.png
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 14 KB
14 KB 41ms
40ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dglbthemultiawardwinning.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fafb3c75b7dcc2f2f3f85e5c5f97da32440d0a8e07abdc4459c69252db4b577

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:43 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14312
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:43 GMT

GET
H3 200 dgleaderbgloop_00000.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00000.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e47337a15b8ab65f010139720ded635c7a0e7c080d5e0b95db5e2577e2bc536

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:43 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23670
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:43 GMT

GET
H3 200 dgleaderbgloop_00001.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00001.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d4de0e3fd0954b59194f1c508e63b8178ea801a1a0fae2f8a2f97f44efb0681

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242123
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23652
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6a95224d-e53b-4c23-b2a6-31faa3db3cc4/3f4fae5c-af44-4ce7-8f4d-cb1cf522c97c/ 73 KB
13 KB 62ms
61ms Fetch
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6a95224d-e53b-4c23-b2a6-31faa3db3cc4/3f4fae5c-af44-4ce7-8f4d-cb1cf522c97c/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c724c4cb202cda5ac3fc5dd433b3403995f9c2ddd9b45f52713de38a62deedd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: EBsOpg7Elu1REC0UgglQbw==
age: 11210
vary: Accept-Encoding
content-length: 12888
x-ms-lease-status: unlocked
last-modified: Thu, 12 Nov 2020 16:47:33 GMT
server: cloudflare
etag: 0x8D8872AA6D573E5
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: a94624be-a01e-0139-0217-b6de17000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 703776a87947233d-ZRH
expires: Fri, 29 Apr 2022 14:48:07 GMT

GET
H3 200 dgleaderbgloop_00002.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00002.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

380b4b11473c388bbf8f3fc721c4fc25a7338e977e77630d8b5c567eb6c40587

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242123
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23649
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.9.0/assets/ 13 KB
3 KB 57ms
56ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb44400a61edda0b628ad2ff62cb5d299fab4e7a18d586ae7d70481c6c9550b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: nLr4hEi4fuLY/p0DQsLcMA==
age: 16633506
vary: Accept-Encoding
content-length: 3343
x-ms-lease-status: unlocked
last-modified: Fri, 20 Nov 2020 16:34:03 GMT
server: cloudflare
etag: 0x8D88D721792550E
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: aa10571b-101e-00ca-4a6e-c44b2b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 703776a8e9fe233d-ZRH

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.9.0/assets/ 62 KB
15 KB 55ms
54ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e13b47921ee79d3fab38b733e08dc04ca99b25c1880cb25475c9315ddc2146

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 29 Apr 2022 10:48:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ue/MTNcIjSCNWtleQfbrzg==
age: 16633506
vary: Accept-Encoding
content-length: 14986
x-ms-lease-status: unlocked
last-modified: Fri, 20 Nov 2020 16:34:03 GMT
server: cloudflare
etag: 0x8D88D7217E98574
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ceae8cac-001e-00f7-326e-c4fe0d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 703776a8ea01233d-ZRH

GET
H3 200 dgleaderbgloop_00003.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00003.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67cb8600d30531d205f37094cbecfbc80818980fba2289ac596a262bfbe73045

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242123
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23687
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame D8B7 0
18 B 83ms
41ms Document
text/plain 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://observer.com
Referer: https://observer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://observer.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Fri, 29 Apr 2022 10:48:07 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 dgleaderbgloop_00004.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00004.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75da4d0539daa7d209a8f7f7dcbe934cf258e31c9e8671a635ef523e4d81544f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242123
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23697
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 dgleaderbgloop_00005.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00005.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74f9cbbca53b9c55d8b06898a5ef81f8f6f36c81b1a275f3ee9d7c5544e6bf85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242123
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23718
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00006.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00006.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbcf1c032da7bd6c82af25c445ae9e4f39dff4ffc9646791b0f4ca52aec69986

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242123
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23729
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00007.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00007.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

121d0ae80fda296d9745c565494113cada3389dc30440314f8febb497a80d1ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23728
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00008.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00008.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c5b38ee9f007462c83b2d5f73c9a0c6ed35bf3ea4b0585457e1da9789fb309a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23706
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00009.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00009.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ddeba3ee9fe36ab82fdd487aabf1a1e536c22554712d7552f8f8a5fab83ec9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23655
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00010.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00010.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de8c741693fe280acb143395db07491670bec31eb3f346dc0a88b2b594b2b871

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23654
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H2 200 trk.gif
jadserve.postrelease.com/ 43 B
426 B 119ms
118ms Image
image/gif 34.200.155.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/trk.gif?ntv_at=304&ntv_ui=94e57435-c77f-46bf-bc0b-662ef64b1b79&ntv_a=AAAAAAAAAA96kQA&ntv_ht=ZsJrYgA&ntv_fl=CF4se3gYGjAPzQcMJoAeWTLunWOKm480ihA5hwo2yCfPb_Bx7w_way_Jn-VESUS4GGgtdkZ4NZrxf1ZTdS0RCTyFr6ZQP6WWEA4B-4GawLr-jreTSgdnqI-Bhyc0KvCfx34Jj8KPADamaIMYOfJVUqvQeoSulFOQWFBd3hh1BOxiwv_bKXFfAAh6pyXnrPUhg1T4iL3xUluo8KWRTQ5tW8WARxsPeGR9alzil6jNchk=&ord=-886983651&ntv_ift=0&ntv_it
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.155.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-155-146.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 29 Apr 2022 10:48:08 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H3 200 dgleaderbgloop_00011.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00011.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddfb2aa96a02cde12d251663848edc78a9a96835ef3749351f47c83af75c83dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23579
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00012.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00012.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41132953ff612049f9c7cfb96f3919f224991f04bec8f4ab9fb0e0f5653963d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23553
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00013.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 42ms
42ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00013.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6fef7d468b0afeef1156901f01c927e0be3d641b5b97e5d2dd1214001ffa1df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23572
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00014.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00014.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

615262d5111f22a0a9424d01819bd1e251235fbe7cba08a0ba0318f5f37467a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23653
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00015.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 42ms
42ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00015.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6724a0e6d61fb2a7136d5c60e5658c5829bb3f2ce8bc00581677390c887e56da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23666
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00016.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00016.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

880db62d367dc489e3f3b706fc993d33378d1d3d25d3ad42b605755b0d32dc9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23666
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00017.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 42ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00017.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25a789aef9368a83a42bddf61fca01ea06b5ac9983098a17ab1c868b8d180b8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23689
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00018.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00018.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efc23e854b2f8e8decb55eac2047c189acd85513c01cf0118fc7a13f458c22b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23687
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

GET
H3 200 dgleaderbgloop_00019.jpg
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 23 KB
23 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/dgleaderbgloop_00019.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f35777e2957a688bb14618c07aa6275f9f2d0dca45925e8c5cc2e74257da0657

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:44 GMT
x-content-type-options: nosniff
age: 242124
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23653
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:44 GMT

POST
H3 200 events Show response
api.permutive.com/v2.0/batch/ 301 B
184 B 39ms
38ms XHR
application/json 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: bb6da1e2c7c6512459562aed47ea034292b9af0010e47877e54ed03ce2f351bb

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: text/plain

Response headers

date: Fri, 29 Apr 2022 10:48:08 GMT
content-encoding: gzip
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 166
via: 1.1 google

GET
H3 200 logoatgtickets.png
s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/ Frame E35C 3 KB
3 KB 41ms
40ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/images/logoatgtickets.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15bc29f24f0d6bed39a0f91906b52cec8faa9aeff44a3ae7e7d03c2b32bd29cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/1290504694019391488/dreamgirls-2022-02-11-tour-728x90/dreamgirls-2022-02-11-tour-728x90.html?e=69&leftOffset=0&topOffset=0&c=42Le0DN9lz&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 15:32:45 GMT
x-content-type-options: nosniff
age: 242123
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3174
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 14:45:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Apr 2023 15:32:45 GMT

POST
H3 200 state Show response
api.permutive.com/v1.0/ 0
34 B 42ms
42ms XHR
text/plain 34.107.254.252
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v1.0/state?fetch_unseen=true&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://observer.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Fri, 29 Apr 2022 10:48:09 GMT
content-encoding: gzip
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20
via: 1.1 google

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ad.atdmt.com
URL: https://ad.atdmt.com/i/img;adv=11222240113293;ec=11222262632660;adv.a=8846290;c.a=27259707;s.a=5215700;p.a=328340739;a.a=522556436;cache=1938200904;

Verdicts & Comments Add Verdict or Comment

212 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
observer.com/	1970-01-21 22:28:29	Name: hcpermutive_uuid Value: d142517c-ddbb-44dd-b9ad-19ef07c418ae
.observer.com/	1970-01-20 02:41:55	Name: _gid Value: GA1.2.2101929011.1651229284
observer.com/	1970-01-20 02:40:31	Name: sailthru_pageviews Value: 1
.observer.com/	1970-01-20 02:40:31	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1651229284508%2C%22slts%22:0}
.observer.com/	1970-01-20 12:09:53	Name: _parsely_visitor Value: {%22id%22:%22pid=625228f2e9ab0de52f6fc27a31011b45%22%2C%22session_count%22:1%2C%22last_session_ts%22:1651229284508}
.observer.com/	1970-01-20 20:11:41	Name: _ga_T9PLB60R8S Value: GS1.1.1651229284.1.0.1651229284.0
observer.com/	1970-01-20 11:26:05	Name: sailthru_visitor Value: 9cb0adce-4a04-4abc-88dd-3c28d70ba3eb
.observer.com/	1970-01-20 12:02:05	Name: __gads Value: ID=4cc7b8a9f67b96d6-22b0f45e87cd000d:T=1651229285:S=ALNI_MaA5QYnDs8nvBnYZILfv8jsFSOv6A
.doubleclick.net/	1970-01-20 12:02:05	Name: IDE Value: AHWqTUkd66p99EaADbyZRn9hIJaLlxCy4zYnKPZp63JFcslbnMF6sSTpeNYeCy-i-Vk
.adnxs.com/	1970-01-20 04:50:05	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>xtE58H!@wnfH8K6pQK`!5=E<L5?%K/muu44L1%K25KC#f]NuMgZv/u8nBjlvX6Si%nugO%v4VB%nmq$)xM_@
.adnxs.com/	1970-01-20 04:50:05	Name: uuid2 Value: 2552210321239825955
.doubleclick.net/	1970-01-20 02:40:32	Name: DSID Value: NO_DATA
.observer.com/	1970-01-20 20:11:41	Name: _ga Value: GA1.2.1044140522.1651229284
.casalemedia.com/	1970-01-20 04:50:05	Name: CMPS Value: 706
.observer.com/	1970-01-20 02:40:29	Name: _dc_gtm_UA-1212249-1 Value: 1
.casalemedia.com/	1970-01-20 11:26:05	Name: CMID Value: YmvCZs9Yc2dszW5hQk0KbQAA
.casalemedia.com/	1970-01-20 04:50:05	Name: CMPRO Value: 1832
.scorecardresearch.com/	1970-01-20 19:57:17	Name: UID Value: 12331d12569cbb5cf4c2c181651229286
.postrelease.com/	1970-01-20 11:26:05	Name: opt_out Value: 1
observer.com/	1969-12-31 23:59:59	Name: ntvSession Value: {"id":3876976,"placementID":1092087,"lastInteraction":1651229287038,"sessionStart":1651229287038,"sessionEndDate":1651276800000,"experiment":""}
.casalemedia.com/	1970-01-20 02:41:55	Name: CMST Value: YmvCZmJrwmcA
.casalemedia.com/	1970-01-20 11:26:05	Name: CMRUM3 Value: 2d626bc2672760CAESEJ7pkQyRzwPcUslK7UN2bf4
.quantserve.com/	1970-01-20 12:10:43	Name: mc Value: 626bc267-2cef3-d560a-dcb12
.observer.com/	1970-01-20 12:04:58	Name: __qca Value: P0-1330853523-1651229287148
.observer.com/	1970-01-20 07:04:00	Name: permutive-id Value: 4281bd23-bc1a-4857-988a-c725204cb6d3
.observer.com/	1970-01-20 04:50:05	Name: _fbp Value: fb.1.1651229287340.1123225332
.3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co/	1970-01-20 04:51:31	Name: pxid Value: aa364eea-fb94-4457-87e4-08837c253ec4
.facebook.com/	1970-01-20 04:50:05	Name: fr Value: 0dONkjSUCSrLmbQSi..Bia8Jn...1.0.Bia8Jn.
.observer.com/	1970-01-20 11:26:05	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Fri+Apr+29+2022+10%3A48%3A07+GMT%2B0000+(GMT)&version=6.9.0&hosts=&landingPath=https%3A%2F%2Fobserver.com%2F&groups=C0003%3A1%2CC0001%3A1%2CC0002%3A1%2CC0004%3A1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://ad.atdmt.com/i/img;adv=11222240113293;ec=11222262632660;adv.a=8846290;c.a=27259707;s.a=5215700;p.a=328340739;a.a=522556436;cache=1938200904; Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2b6dd5cb834d6c24dabdf146cd696322.safeframe.googlesyndication.com
3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co
ad.atdmt.com
adservice.google.co.uk
adservice.google.com
ak.sail-horizon.com
ams-pageview-public.s3.amazonaws.com
api.bounceexchange.com
api.permutive.com
api.sail-personalize.com
assets.bounceexchange.com
c.amazon-adsystem.com
cdn.ampproject.org
cdn.cookielaw.org
cdn.id5-sync.com
cdn.parsely.com
cdn.permutive.com
cm.g.doubleclick.net
connect.facebook.net
d15kdpgjg3unno.cloudfront.net
dsum-sec.casalemedia.com
dyv1bugovvq1g.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
htlbid.com
ib.adnxs.com
id5-sync.com
jadserve.postrelease.com
observer.com
p1.parsely.com
pagead2.googlesyndication.com
pixel.quantserve.com
pixel.wp.com
rules.quantcount.com
s.ntv.io
s0.2mdn.net
sb.scorecardresearch.com
secure.quantserve.com
securepubads.g.doubleclick.net
sqs.us-east-1.amazonaws.com
stats.g.doubleclick.net
stats.wp.com
tag.bounceexchange.com
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.googletagservices.com
ad.atdmt.com
104.102.29.148
104.19.150.54
13.225.80.38
13.227.217.72
13.32.121.72
142.250.184.194
142.250.185.194
142.250.185.226
18.64.107.176
184.87.213.8
185.33.221.50
192.0.66.160
192.0.76.3
2600:9000:225f:0:6:44e3:f8c0:93a1
2600:9000:2261:c000:5:82fd:2500:21
2600:9000:2261:f800:11:b309:9100:21
2606:4700:10::6814:b944
2606:4700::6810:9540
2620:116:800d:21:3175:5196:e3fd:8c1d
2a00:1450:4001:802::2001
2a00:1450:4001:803::2001
2a00:1450:4001:803::2003
2a00:1450:4001:813::2004
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:828::2006
2a00:1450:4001:828::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2001
2a00:1450:4001:830::2002
2a00:1450:4001:830::200e
2a00:1450:4001:831::2003
2a00:1450:4025:401::9d
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
3.236.169.28
34.107.254.252
34.111.8.32
34.120.253.250
34.200.155.146
34.98.72.95
35.241.9.51
46.105.202.126
51.89.42.86
54.144.144.142
54.231.135.153
75.2.40.13
99.86.7.62
03aa6fcac2902227e1b66a01b87824692f708bbf9bfe441784f8ed22d677f6de
041a3c7131c7c5d2a16b7c0a53e0c95f8bf07ec450dc291337af20ed74ade183
062d8167bc405094e000b7d3af11deba7a4ecff663aff087d7b19ef51c05ff6c
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ca4a39fb2730917c3573fe56f7641651ab7b4af1937779f60cd57728f0c009d
0e69578c9516ce22df16f6ccd6a1ccda79d578ae0916ec0cd1e2ed5a3b1bd82d
10079154e527bdf6a403e0b5ad9ac73e95ac886c5caf47e8b37b5c9147cd7d76
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
121d0ae80fda296d9745c565494113cada3389dc30440314f8febb497a80d1ae
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14118b6ece3be9c4fe5b369f5f4c5589ef4eaa228e41bb29b91961d58bcce024
1504e36b2ae7111b93abcbf9c7e37b9a400d4e892b83c2f50730594f972f8455
15bc29f24f0d6bed39a0f91906b52cec8faa9aeff44a3ae7e7d03c2b32bd29cc
16dedf29fe6530a3ff0eeee3273ce09f387a092219df1f8f33e631226609c0a1
18a3a91605a7eb2227f34894ec63ff07cafdb12cc3a1a58080e14863134e2987
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0
1aa5961e26d975142f3d6fdc02f690af7190eeedcb92da8358da60f8cb36771f
1db60ba82b881d9af3697e233a6f02276713c2b375b19c2579ed53eda722f8a8
1e570cb477029bed02a997eda316a7e0d50052e2043258c9c953e77b08586674
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
21949b41d8bcf15d7f1ddab0c4e305329a10ffc5355134e669c44771d17076bc
243d0318292081b26db69dad7403b07a4f8c302076bad5ff2f51ce135e19390e
25a789aef9368a83a42bddf61fca01ea06b5ac9983098a17ab1c868b8d180b8d
276120fe65d94ca153a9bda5a5cf039f04a83c49f065bef3df03a8fadf37d71c
28330bcd707be0cf81788de1c9f37b3378f9f812cba4d84e8bdfd33d6870a360
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2ad26186a2db00f2258a8f58fe00e6f5377f3cfc1b0d191c92e418e6ccff063e
2b25c43e8c0976e2628a53a3381870fd810f7065a72f736148e59092e93e7c7d
2be8a335f1c123656c3becf260436dc05941f744ab714686d70df5574a198ec9
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e1dbadfbfa3484a8577de6b69dde3ae9fb0e68bd46a16c78011a88df2e8eb1e
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36998456859e35cf76812894575b0203d48ad8ac11d3165c5449d1fa73f19800
36e24dc06e51fdd9b13497039bf3c286b61476669c715a274b9a6703b4000a2b
380b4b11473c388bbf8f3fc721c4fc25a7338e977e77630d8b5c567eb6c40587
3c006b0a8a0817c2e1c0dfcdf36fca1af8f19218834645901f8c701312383332
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3dce8f194024f4b012659a07210bfa1525c872a909e372adb049622f1bb27c65
3e42a9368eee4dc6cc68718fcec776c4b2748c6b70731f88c4c2ef6911c6197f
3e47337a15b8ab65f010139720ded635c7a0e7c080d5e0b95db5e2577e2bc536
3fb7fdfa2bfd198450099c0d51c6dbbf7f2ef04c83038d1fed17ff8b7abac282
420033f9eaf95478a450e558f93ae6d7a5ad950c3e78f38832b47f9e2164418a
43700b9800ddc7b26ee1bf46a878b942908a720bd48a1809163d3a26de2944c8
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48321f0229cffbd1758272a53a07dd76bca1813c470639a9a43e0d282c063b57
4ad12603989e23ddf239f228255bcffc77fb8e9503829993b6d01c80cddd8d3f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ddeba3ee9fe36ab82fdd487aabf1a1e536c22554712d7552f8f8a5fab83ec9f
4debaa04d2f904fbafbc99c074e1f43c082e9d25e400140aa97eac11989dd82e
4f6366518c3d992d6a9a3aee342675532822d6b1d66217df7b284bb450dbb99a
4f6ce8c320a409a7dcc375de74ce0c4c8f46f3f36a84581a9bedf44e10724156
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
514e925c9581a9dc7d5495c9901922c5ed18e9e1e81812eb15bb5955f790c46e
551a581425db56200ae928c59b86aabfb3853ff609411cd763c6044244a7ad49
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59cb6859f782d767beb9b2ccfa211485d6bf8ef34c2ade5d06d3ba8e9d87ad6b
5c724c4cb202cda5ac3fc5dd433b3403995f9c2ddd9b45f52713de38a62deedd
60ff5eddf6d5138be922750b05e6fea90405cd9dc2dbf8d16a6fe705473564a6
615262d5111f22a0a9424d01819bd1e251235fbe7cba08a0ba0318f5f37467a3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63d21989bcd6291da7f4f03e2c996f5a72275e8b692f9b29a01f6de5c48259d0
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
6724a0e6d61fb2a7136d5c60e5658c5829bb3f2ce8bc00581677390c887e56da
67cb8600d30531d205f37094cbecfbc80818980fba2289ac596a262bfbe73045
69f015086a5f31adcbb81e1235b6c5a4bda89f7fbf21f3fde35e70ac900b7cd4
69fe947381440f4578916c2873d1b9265ea646133bd3f7596c00b5f07d390f56
6a13b93c05af6ec6255b737032aa3f5d1f4823ed2d57d12c0735bd2c4adc8efc
6c05e433ca10b433edfc856fd903cb5f2da848a54e4507642a48981deed8bb05
6eb7a18174bf6a3ba003999e45eecbb81059c52b2c7b2da91b85e944e948c6e6
6fafb3c75b7dcc2f2f3f85e5c5f97da32440d0a8e07abdc4459c69252db4b577
727c6fe5c43532ecafb78ea4e7722028d01878b7306f5b96e137cbbe8b38f0af
72c47cf501e7ec69da0a142c9c696f0b9c9d8f90a4d3d86bb72f6226f2bd7386
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
74e72473f970d838c52ed8c8fadf1c25883dd561d66df3856bfc137b9da2fea0
74f9cbbca53b9c55d8b06898a5ef81f8f6f36c81b1a275f3ee9d7c5544e6bf85
75da4d0539daa7d209a8f7f7dcbe934cf258e31c9e8671a635ef523e4d81544f
79123893dd8739f6a65652fb71e6721d3c44240389744a38e019e83e7bb912c4
7bc59c486f78be433dde47b94a3176f5c4848e6caaeef7ebcba10bd37c2db92e
7c585543eb96408d6e90889b9edcaa9d3b612b23ab38d8c0d52c79365876f1ca
7c5b38ee9f007462c83b2d5f73c9a0c6ed35bf3ea4b0585457e1da9789fb309a
7cc8f8f131774a8405d79658e64366f7044e6f439cfccaf977aecf0deb4c052e
7fc041bc5f1651002fd0d07b673384c76beead1b8fa4e812f1635f17b325dd70
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
808b65ae7ea01fb03e2a00762b96ef68aeedb43308b23841028beb88133306a7
8207f87b2833fd401308de4414539568d0ee6e2aa48d4937dbcf4d7779a652e7
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84625259993c050f663fa3f6ab38832e32ace2145bd0a8ebcc075d1114ad3526
84b5c03f217418806f3e831095b561d4a478fd37a94eb026ddf58200d34a7e4b
84e13b47921ee79d3fab38b733e08dc04ca99b25c1880cb25475c9315ddc2146
84e6005ca165af1ab01ceafb2216948e696589701f94d5f630b1f12abfad24d5
880db62d367dc489e3f3b706fc993d33378d1d3d25d3ad42b605755b0d32dc9d
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8ef33e3bc622f0c91572ede52b5246d297563e4533254188a0e054037f964d13
90d614055473a8d8bca4a7934c3b3cf482c6b8a021fdac29317880e499286eb5
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93a37d05ef89ef166a22f0b82b3fea5eb084e5e4c2fadfc817a2e7170acc363e
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
9638307069cbe334e9976df3f7821d8636dbe75ffcbbf88428f43199e93a1988
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
97551120a31b768832ec633d33187a4273e9f4073386de563b0df8ec285a052c
996de994e242993a7db62bf7136fdb7de07a2897fe48170d99ca3d5227a09efe
9d4de0e3fd0954b59194f1c508e63b8178ea801a1a0fae2f8a2f97f44efb0681
9e72da32095ad1744a1cceaa506aba89e016f599dc1d6c1610ae4e05c93b5705
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a2cb85858a82c5f7dd774025609b2865ea61f9c8c8429741084c46322110e88b
a384a78bc8bee6afceab3ff107315b1bdcc0fd2622246826d16b503e742a8cdf
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a87c383ed64170fec4c39d04e4b430d1da7dc378de2186b1a8c8817b5f6a7e44
aa4b8617d9dd67e7b280e546e983ae2ec12d96fa259e46b32e8b31a0ae28de8b
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b390a5952e79c49c5fb91f3493424e85464747544fe1ccadef9e21dfece884c5
b500ebf1e1b75e4d81729b1745b089ff0d7fd8679865cfb5488fb08ca3f966fd
b557703f81b748650c0496fe6300d76a76586504e42607327267a4f9dcc927fe
b5d0175e1eb04eb4bf21c993a5e838eeed6a8c53861a0ce3eb540af9bb269a03
b6cf23ed282a5cb25c43c5923908a43cc8c4c9e92b23a1f73eb7b0af46ef6534
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb6da1e2c7c6512459562aed47ea034292b9af0010e47877e54ed03ce2f351bb
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bdc0c59701784258f143dfd4201f28353f080e0900a3530a83702e08c9ff353f
c0472ab03b5cc819b6f3a01c3d0519af30215aed943bd77a11d9625f93b4ab55
c0eb09d747f4cb0d61057afe50609d7419873b0bdbc56f6965f3098a1cf6d975
c46b033d7688f2f46e87a04634a1389db91ceea1be9cb70d1ae9205819739a7e
c8625070b52b3c85fa180484198ab129c32b8e6d6135c34ff52791c940818106
cd68eb5bb9a8dd7259da2aa5995caf0ee453fffdc7de30c5b1ece9d9f3653144
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf
d17298826b7b7ed19af4942adf03fbcea7a7cd9cd5f25a5b9fb0674c71828c87
d6d8d6e3fe251df0a8cebc512e9fa8e1835d3a6f972693cf1d7e5c78a0644666
d747bc0ec8a549bb25f0bab199d8e3019bcea7cfaf1438d55da2fabcff48f2c3
da06c80891495d267c8ef7b9c57fea39f0145dd08c1732e2430cef3b5d0ef81e
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dbcf1c032da7bd6c82af25c445ae9e4f39dff4ffc9646791b0f4ca52aec69986
ddfb2aa96a02cde12d251663848edc78a9a96835ef3749351f47c83af75c83dd
de8c741693fe280acb143395db07491670bec31eb3f346dc0a88b2b594b2b871
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41132953ff612049f9c7cfb96f3919f224991f04bec8f4ab9fb0e0f5653963d
e6895a1fda5147ca06b552327555925b77f87091b45b809d874b7ad1f08d2c9b
e6fef7d468b0afeef1156901f01c927e0be3d641b5b97e5d2dd1214001ffa1df
e8441e2ebdc6b15eec3aff3eec7764b5bf4ad5f3d3040fe990cad73ea4803ffb
e86ea7c798209c95af3c20ec234f04262adfd22c4ff30affe714d886b8f6c463
e9e8d4d98627ac65b51911ef77ca7ebe7a69f09c71e6bab01b5c5b01a4c3d297
ebda2eddc29f1a84f8e856e5ee06104ee4c0065ac503fbd0cfc829aaff60cbdd
edb6ba9a0e9a4d34eb07285a13b3e44e649020fed6eb8a6e4abb40c9e8b6fca5
eea109f674e7c935e683c2f18c8c9cee3a4496a8d84c2644c6ada70886d8f6b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5f8d6a9ea52bd9b20497b837b74bde31586062d5b0e16be75f8bbdffc29840
efc23e854b2f8e8decb55eac2047c189acd85513c01cf0118fc7a13f458c22b3
f2c4a355f2a88ce6793b73c3a6cddb3703355d2b74a6cff0dc2ff81383480a01
f2f11e4d45030f1f21ec7d3ae67a65b83c4c67016fe861fbebdff04ca0c8cd60
f35777e2957a688bb14618c07aa6275f9f2d0dca45925e8c5cc2e74257da0657
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f468cb9f569b4fdddd62f92c731521cdf2fe2269f4ef2ba95d96d7b31bd4580c
f4d65809c5a2fbf5aa52c922cf5022be0a3962b0e2ecd85e63689de9f6e7b32c
f6cbce25f5877f36edea7cb7ac4c57690e615731fd7bc9c0abe3b870c31e3bd8
f7aba86b2e16ca59866af9859a321e80ef22400042b9b60b0f7cc492fe475aef
f8c75a1076576464dd8faee80f57812b9a20f9d53977c896824ec1bd58614aa2
fb44400a61edda0b628ad2ff62cb5d299fab4e7a18d586ae7d70481c6c9550b2
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218
fedcdc389419bfa88ed3f2c226b9d043fa6d6ea927cadd49c833cbfcf0de3efb

observer.com Open in urlscan Pro 192.0.66.160 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

208 Requests

96 %HTTPS

48 %IPv6

36 Domains

53 Subdomains

51 IPs

7 Countries

2737 kBTransfer

7847 kBSize

29 Cookies

13 Outgoing links

Page URL History

Redirected requests

208 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

observer.com Open in urlscan Pro
192.0.66.160 Public Scan

Screenshot
Live screenshot

Full Image

208
Requests

96 %
HTTPS

48 %
IPv6

36
Domains

53
Subdomains

51
IPs

7
Countries

2737 kB
Transfer

7847 kB
Size

29
Cookies

208 HTTP transactions
4 data transactions