donation.comicrelief.com Open in urlscan Pro
2600:9000:2251:8e00:4:1536:dd80:93a1  Public Scan

16 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://link.email.comicrelief.com/u/nrd.php?p=f7ZPzJSnn6_581342_2601306_1_5&ems_l=3660619&i=1&d=MjU0NDA0MDYx%7CZjdaUHpKU25uNg%3D%3D%7CNWQ1MGU3NzYxYmMyYjM0NTE%3D%7Cc3IyMl9mdW5kcmFpc2luZ2dlbmVyYWxfZG9uYXRlX25hX25hX25hX3VrX25hX19fbWFya2V0aW5nX2NyMDAwMTE3MQ%3D%3D%7C&_esuh=_11_8da804a5ff713838ed569b8b849ac80f17996adfcf3600fd9f10dbe5466634da Page URL
2. https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30

• https://ad.doubleclick.net/activity;src=9063052;type=enga0;cat=rnd-u0;ord=9987623319990;gtm=2wg880;auiddc=128818294.1660134338 HTTP 302
• https://ad.doubleclick.net/activity;dc_pre=CNiFnKyivPkCFQxCkQUd9uYHcQ;src=9063052;type=enga0;cat=rnd-u0;ord=9987623319990;gtm=2wg880;auiddc=128818294.1660134338 HTTP 302
• https://adservice.google.com/ddm/fls/z/dc_pre=CNiFnKyivPkCFQxCkQUd9uYHcQ;src=9063052;type=enga0;cat=rnd-u0;ord=9987623319990;gtm=2wg880;auiddc=*

Request Chain 31

• https://ad.doubleclick.net/activity;src=9063052;type=enga0;cat=rnd-d00;ord=2329700171759;gtm=2wg880;auiddc=128818294.1660134338 HTTP 302
• https://ad.doubleclick.net/activity;dc_pre=COKGnKyivPkCFQ5JkQUdfb4Nhg;src=9063052;type=enga0;cat=rnd-d00;ord=2329700171759;gtm=2wg880;auiddc=128818294.1660134338 HTTP 302
• https://adservice.google.com/ddm/fls/z/dc_pre=COKGnKyivPkCFQ5JkQUdfb4Nhg;src=9063052;type=enga0;cat=rnd-d00;ord=2329700171759;gtm=2wg880;auiddc=*

Request Chain 43

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1836441&time=1660134338616&url=https%3A%2F%2Fdonation.comicrelief.com%2F%3Futm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171%26sc_eh%3D5d50e7761bc2b3451%26cartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26utm_source%3Dcr_list%26sc_uid%3Df7ZPzJSnn6%26sc_lid%3D254404061%26utm_medium%3Demail%26sc_llid%3D581342 HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1836441%26time%3D1660134338616%26url%3Dhttps%253A%252F%252Fdonation.comicrelief.com%252F%253Futm_campaign%253Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171%2526sc_eh%253D5d50e7761bc2b3451%2526cartId%253Dfa-sportreliefa%2526sc_src%253Demail_2601306%2526utm_source%253Dcr_list%2526sc_uid%253Df7ZPzJSnn6%2526sc_lid%253D254404061%2526utm_medium%253Demail%2526sc_llid%253D581342%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1836441&time=1660134338616&url=https%3A%2F%2Fdonation.comicrelief.com%2F%3Futm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171%26sc_eh%3D5d50e7761bc2b3451%26cartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26utm_source%3Dcr_list%26sc_uid%3Df7ZPzJSnn6%26sc_lid%3D254404061%26utm_medium%3Demail%26sc_llid%3D581342&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1836441&time=1660134338616&url=https%3A%2F%2Fdonation.comicrelief.com%2F%3Futm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171%26sc_eh%3D5d50e7761bc2b3451%26cartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26utm_source%3Dcr_list%26sc_uid%3Df7ZPzJSnn6%26sc_lid%3D254404061%26utm_medium%3Demail%26sc_llid%3D581342&liSync=true&e_ipv6=AQI1zlQsB5XAXAAAAYKHt7HdoGWRFoXwMvnuLRXnPejgensNBaYmqy01bZ23Pi6H

Request Chain 65

• https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEzMzMyOTUyMjAxNDUwNjI1NA==&forward= HTTP 302
• https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEEpGs4qyVXq94gwE7-AhMoU&google_cver=1

Request Chain 66

• https://ib.adnxs.com/setuid?entity=18&code=5133329522014506254 HTTP 307
• https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5133329522014506254

Request Chain 68

• https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5133329522014506254&redir= HTTP 302
• https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5133329522014506254&redir=

Request Chain 69

• https://p.rfihub.com/cm?pub=24472&in=1 HTTP 302
• https://ps.eyeota.net/match?uid=5133329522014506254&bid=omt9pi0

Request Chain 72

• https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5133329522014506254&referrer=https%3A%2F%2Flink.email.comicrelief.com%2F HTTP 302
• https://p.rfihub.com/cm?pub=39342&in=0&userid=ac29bc8a-1ff3-4116-8476-d75393dbf3a5%3A1660134339.0339112&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Dac29bc8a-1ff3-4116-8476-d75393dbf3a5%253A1660134339.0339112 HTTP 302
• https://idsync.rlcdn.com/501709.gif?partner_uid=ac29bc8a-1ff3-4116-8476-d75393dbf3a5%3A1660134339.0339112

Request Chain 74

• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5133329522014506254&forward= HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5133329522014506254&forward=&C=1

Request Chain 77

• https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5133329522014506254&img=1 HTTP 302
• https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5133329522014506254&img=1&__user_check__=1&sync_id=8b3153c4-18a7-11ed-94a0-1d37f49c0306

Request Chain 81

• https://x.bidswitch.net/sync?dsp_id=119&user_id=5133329522014506254&expires=30 HTTP 302
• https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5133329522014506254&expires=30

Request Chain 82

• https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D HTTP 302
• https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=YvOjwwAFZdJ1WABC HTTP 302
• https://p.rfihub.com/cm?in=1&pub=21653&userid=YvOjwwAFZdJ1WABC&_test=YvOjwwAFZdJ1WABC

Request Chain 88

• https://p.rfihub.com/cm?pub=24472&in=1 HTTP 302
• https://ps.eyeota.net/match?uid=5124322322763458621&bid=omt9pi0

Request Chain 90

• https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D HTTP 302
• https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=YvOjwwAFZZR1PABC HTTP 302
• https://p.rfihub.com/cm?in=1&pub=21653&userid=YvOjwwAFZZR1PABC&_test=YvOjwwAFZZR1PABC

Request Chain 91

• https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEyNDMyMjMyMjc2MzQ1ODYyMQ==&forward= HTTP 302
• https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEEpGs4qyVXq94gwE7-AhMoU&google_cver=1

Request Chain 94

• https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5124322322763458621&redir= HTTP 302
• https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5124322322763458621&redir=

Request Chain 96

• https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5124322322763458621&referrer=https%3A%2F%2Flink.email.comicrelief.com%2F HTTP 302
• https://p.rfihub.com/cm?pub=39342&in=0&userid=db638055-d82b-4626-b0c2-c012a28d2e68%3A1660134339.076486&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Ddb638055-d82b-4626-b0c2-c012a28d2e68%253A1660134339.076486 HTTP 302
• https://idsync.rlcdn.com/501709.gif?partner_uid=db638055-d82b-4626-b0c2-c012a28d2e68%3A1660134339.076486

Request Chain 101

• https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5124322322763458621&img=1 HTTP 302
• https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5124322322763458621&img=1&__user_check__=1&sync_id=8b318845-18a7-11ed-8471-10b91cd50406

Request Chain 105

• https://x.bidswitch.net/sync?dsp_id=119&user_id=5124322322763458621&expires=30 HTTP 302
• https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5124322322763458621&expires=30

129 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	nrd.php Show response link.email.comicrelief.com/u/	985 B 791 B	209ms 77ms	Document text/html	217.175.192.47 NEXTLAYER-AS
General Check archive.org Show headers Download Go to Full URL https://link.email.comicrelief.com/u/nrd.php?p=f7ZPzJSnn6_581342_2601306_1_5&ems_l=3660619&i=1&d=MjU0NDA0MDYx%7CZjdaUHpKU25uNg%3D%3D%7CNWQ1MGU3NzYxYmMyYjM0NTE%3D%7Cc3IyMl9mdW5kcmFpc2luZ2dlbmVyYWxfZG9uYXRlX25hX25hX25hX3VrX25hX19fbWFya2V0aW5nX2NyMDAwMTE3MQ%3D%3D%7C&_esuh=_11_8da804a5ff713838ed569b8b849ac80f17996adfcf3600fd9f10dbe5466634da Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.175.192.47 , Austria, ASN1764 (NEXTLAYER-AS, AT), Reverse DNS Software nginx / Resource Hash 23fb69566f7aba07b34196f4690df10730996701d9ee9d2e05d7b91d990bd2ed Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control max-age=0, no-cache, no-store, must-revalidate content-encoding gzip content-length 467 content-type text/html; charset=utf-8 date Wed, 10 Aug 2022 12:25:37 GMT pragma no-cache server nginx vary Accept-Encoding x-af suite38-web5 x-fe suite38-web5 x-hf suite-haproxy01b
GET H2	200	Primary Request / Show response donation.comicrelief.com/	1 KB 1 KB	173ms 64ms	Document text/html	2600:9000:2251:8e00:4:1536:dd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:8e00:4:1536:dd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 0ba7c43a79daa1ed1884ba0ed730766a13487bd976339239a3ee93627119ab8c Request headers Referer https://link.email.comicrelief.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-cache,max-age=0 content-encoding gzip content-length 738 content-type text/html date Wed, 10 Aug 2022 12:25:38 GMT etag "d7b812f5725974295560ae7c4f6226da" last-modified Wed, 10 Aug 2022 12:06:52 GMT server AmazonS3 vary Accept-Encoding via 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront) x-amz-cf-id elNK5-Xsuew-hPmw6fYsfnJSSMvweT_HK0KcFPOQ9Jlx6_WwFr0Epw== x-amz-cf-pop FRA60-P3 x-cache RefreshHit from cloudfront
GET H2	200	polyfill.min.js Show response cdn.polyfill.io/v2/	222 B 450 B	58ms 23ms	Script text/javascript	2a04:4e42::282 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.polyfill.io/v2/polyfill.min.js Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::282 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:37 GMT content-encoding br last-modified Wed, 03 Aug 2022 11:57:41 GMT age 0 vary User-Agent, Accept-Encoding access-control-allow-methods GET,HEAD,OPTIONS content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800 useragent_normaliser chrome/104.0.0 server-timing cache-fra19157, PASS, fastly;desc="Edge time";dur=16 accept-ranges bytes content-length 126
GET H2	200	hpp-embedded-integration-library.css payments.worldpay.com/resources/hpp/integrations/embedded/css/	122 B 313 B	46ms 7ms	Stylesheet text/css	151.101.194.47 FASTLY
General Check archive.org Show headers Download Go to Full URL https://payments.worldpay.com/resources/hpp/integrations/embedded/css/hpp-embedded-integration-library.css Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.194.47 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Apache / Resource Hash 14fd07b0d1a64a1059fda926e24c73d9fb4f199af50cf26e1cf7fa5f6988f2ef Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:37 GMT via 1.1 varnish last-modified Thu, 09 Dec 2021 12:11:16 GMT server Apache age 44200 x-served-by cache-hhn4051-HHN x-cache HIT content-type text/css access-control-allow-origin * accept-ranges bytes x-timer S1660134338.962640,VS0,VE0 content-length 122 x-cache-hits 75
GET H2	200	runtime~main.1b922744.js Show response donation.comicrelief.com/static/js/	2 KB 1 KB	14ms 10ms	Script application/javascript	2600:9000:2251:8e00:4:1536:dd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://donation.comicrelief.com/static/js/runtime~main.1b922744.js Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:8e00:4:1536:dd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash bab95c60f6dcc0224b692c37b3d4335bbd7cbc89bc96a107b98eed45251989f8 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:17:03 GMT content-encoding gzip last-modified Wed, 10 Aug 2022 12:06:57 GMT server AmazonS3 age 515 etag "8829ecf5b31d271b9e924e82af3f199a" x-cache Hit from cloudfront content-type application/javascript via 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront) cache-control max-age=31536000,public x-amz-cf-pop FRA60-P3 content-length 770 x-amz-cf-id hDYIlBrYhQCkOBBZKVArAhmtWiDzSUdvYTi0CdfulhJl42mBIroR0g==
GET H2	200	vendors.8323c9d5.chunk.js Show response donation.comicrelief.com/static/js/	2 MB 526 KB	35ms 33ms	Script application/javascript	2600:9000:2251:8e00:4:1536:dd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://donation.comicrelief.com/static/js/vendors.8323c9d5.chunk.js Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:8e00:4:1536:dd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 5205e67a3c461320d4852c2a6263e425a1360e8591fac27cab130905674858d1 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:17:03 GMT content-encoding gzip last-modified Wed, 10 Aug 2022 12:06:57 GMT server AmazonS3 age 515 etag "5f935203dacfd5cbdd9d979a643e6412" x-cache Hit from cloudfront content-type application/javascript via 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront) cache-control max-age=31536000,public x-amz-cf-pop FRA60-P3 content-length 537897 x-amz-cf-id HRXIBIIW74S3ozkgyXfehLm5I0f11NfdBJRm7uwmacACHiGF89-BZQ==
GET H2	200	main.618f5f5f.chunk.js Show response donation.comicrelief.com/static/js/	738 KB 109 KB	14ms 13ms	Script application/javascript	2600:9000:2251:8e00:4:1536:dd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://donation.comicrelief.com/static/js/main.618f5f5f.chunk.js Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:8e00:4:1536:dd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 05b00dbac3962f843cf9cfc356d3d3f48d54e0a912f214bba3f17dc225930fab Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:17:03 GMT content-encoding gzip last-modified Wed, 10 Aug 2022 12:06:56 GMT server AmazonS3 age 515 etag "55c43befb4303e3b8b3036e6e5b7aef4" x-cache Hit from cloudfront content-type application/javascript via 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront) cache-control max-age=31536000,public x-amz-cf-pop FRA60-P3 content-length 111520 x-amz-cf-id xPILn0EP0Z-dhfPxBDwdKg7PKSfhPR84LlulnwkqpDvTX1K9NaPsbA==
GET H2	200	css fonts.googleapis.com/	6 KB 1 KB	43ms 21ms	Stylesheet text/css	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Anton|Montserrat:500,700,800 Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 649aa6d97c066c7ee33ee18ec2cdf5c2d1a009e9970e376fb6a3c39b9ec5ddaf Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 10 Aug 2022 12:25:38 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Wed, 10 Aug 2022 12:25:38 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 10 Aug 2022 12:25:38 GMT
GET H2	200	css fonts.googleapis.com/	5 KB 627 B	17ms 16ms	Stylesheet text/css	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Montserrat:500,700,800 Requested by Host: client URL: about:client Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 335b5d2a3c374640d8226a5d105b481ed136e6810779ddab807fcfbec14883f8 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 10 Aug 2022 12:25:38 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Wed, 10 Aug 2022 12:25:38 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 10 Aug 2022 12:25:38 GMT
GET H2	200	footer Show response content.sls.comicrelief.com/	800 B 1 KB	139ms 80ms	XHR application/json	18.66.97.8 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://content.sls.comicrelief.com/footer Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/static/js/vendors.8323c9d5.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.97.8 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-97-8.fra56.r.cloudfront.net Software / Resource Hash d230af83160b933615e7764ad707d5bfdc78eacf9f8f6f2f6141b2afe21ccf5b Request headers Accept application/json, text/plain, */* Referer https://donation.comicrelief.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:38 GMT via 1.1 0baa339c02d06988c65d8623d1b3c6ec.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P2 x-amzn-requestid 67cfe1ed-0630-4bff-8806-9e429ef86564 x-cache Miss from cloudfront content-type application/json access-control-allow-origin * x-amzn-trace-id Root=1-62f3a3c2-36c4555f5a91238074394d6a access-control-allow-credentials true x-amz-apigw-id WpaGYGWEDoEF2hA= content-length 800 x-amz-cf-id pxWJA9AarkkFC0H1cLEbQce5BnWtzzT9QOrF6mXGf6CnEscxwDfHiA==
GET H2	200	spritesheet.6ecb63e2.svg Show response donation.comicrelief.com/static/media/	32 KB 11 KB	12ms 12ms	XHR image/svg+xml	2600:9000:2251:8e00:4:1536:dd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://donation.comicrelief.com/static/media/spritesheet.6ecb63e2.svg Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/static/js/vendors.8323c9d5.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:8e00:4:1536:dd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash a663404e0470b0ffc9e290769d8e7596286f60e10f5837abbdac30df91dcb929 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:17:05 GMT content-encoding gzip last-modified Wed, 10 Aug 2022 12:07:09 GMT server AmazonS3 age 514 etag W/"6ecb63e22ea1602d3867c13878f50ad7" vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml via 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront) cache-control max-age=31536000,public x-amz-cf-pop FRA60-P3 x-amz-cf-id BI7O1zWReYNlIGdaOAkgOJdpmixx95yDk_YHxOJ66Ari_OsSYXTRfA==
GET H2	200	cr_logo.svg donation.comicrelief.com/images/logo/	4 KB 2 KB	86ms 85ms	Image image/svg+xml	2600:9000:2251:8e00:4:1536:dd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://donation.comicrelief.com/images/logo/cr_logo.svg Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:8e00:4:1536:dd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 61031f187fa14e14cdbfaa3cebc4ed04033247a45095a0a82ba5aa8e2c1919aa Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT content-encoding gzip last-modified Wed, 10 Aug 2022 12:07:07 GMT server AmazonS3 x-amz-cf-pop FRA60-P3 etag W/"f484aed71b11f159f117ec4cc85eab2a" vary Accept-Encoding x-cache Miss from cloudfront content-type image/svg+xml via 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront) cache-control max-age=31536000,public x-amz-cf-id A00yIOrrYNNqMlnVoigpFFxX5b0ycSkzYcHN7epvlHgDEUiD-1juzw==
GET H2	200	-CROP-DonatePage-Des-_Template.jpg donation.comicrelief.com/images/cart/	143 KB 143 KB	103ms 103ms	Image image/jpeg	2600:9000:2251:8e00:4:1536:dd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://donation.comicrelief.com/images/cart/-CROP-DonatePage-Des-_Template.jpg Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:8e00:4:1536:dd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 4b3754af712d60e85e356ba8c1858a411bd672725518e579e2ee37624e64f76b Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT via 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront) last-modified Wed, 10 Aug 2022 12:07:05 GMT server AmazonS3 x-amz-cf-pop FRA60-P3 etag "1f953cd830740455d92147a6528ff8e1" x-cache Miss from cloudfront content-type image/jpeg cache-control max-age=31536000,public content-length 146319 x-amz-cf-id RmQATmg47Nh1cVlg4oTGvN7cO-Zssj6w1OAhB9220rpqImNxWwEYbA==
GET DATA	200 OK	truncated /	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 5fb89c34eff21cde039656cfa0bbca5f7498bcbf2a8a77136fdd1de42530571a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Content-Type image/png
GET H2	200	instagram.51f8beb3.svg donation.comicrelief.com/static/media/	2 KB 1 KB	11ms 11ms	Image image/svg+xml	2600:9000:2251:8e00:4:1536:dd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://donation.comicrelief.com/static/media/instagram.51f8beb3.svg Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:8e00:4:1536:dd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash dd560190ebfb572caa6f06631ccebc7e256ea6d85526f9ccf00b15c64f61375f Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:17:05 GMT content-encoding gzip last-modified Wed, 10 Aug 2022 12:07:09 GMT server AmazonS3 age 514 etag W/"51f8beb3599b044515d6243db345a70b" vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml via 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront) cache-control max-age=31536000,public x-amz-cf-pop FRA60-P3 x-amz-cf-id BW0QMU03ADdoUr4BX4CMk8bC-jBcXZm_SI37EBAhXD_AowFloNg_0w==
GET H2	200	provider Show response payments.sls.comicrelief.com/	2 KB 1 KB	188ms 72ms	Fetch application/json	54.155.217.201 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://payments.sls.comicrelief.com/provider?client=donate&all-providers=0 Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/static/js/vendors.8323c9d5.chunk.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.155.217.201 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-155-217-201.eu-west-1.compute.amazonaws.com Software / Resource Hash 4f3ef7ec350cb0c80829c9f846a6a60d1f9e89136bd466542e92eac06398e6bf Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:38 GMT content-encoding gzip x-amzn-requestid 1035d362-c24e-4fb6-b9c1-42e24f018d03 content-type application/json access-control-allow-origin * x-amzn-trace-id Root=1-62f3a3c2-23bc674b3bccc0535cef2c45;Sampled=0 access-control-allow-credentials true x-amz-apigw-id WpaGZHgrDoEFbpg= content-length 928
GET H2	200	CR__Chevron_D.svg donation.comicrelief.com/images/payin/	3 KB 1 KB	12ms 12ms	Image image/svg+xml	2600:9000:2251:8e00:4:1536:dd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://donation.comicrelief.com/images/payin/CR__Chevron_D.svg Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2251:8e00:4:1536:dd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 2b0fa644e7d5a9ba80cafaf0a36d2c912679ec967818b27b7fb546896268d23b Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:17:05 GMT content-encoding gzip last-modified Wed, 10 Aug 2022 12:07:07 GMT server AmazonS3 age 514 etag W/"302306e14ca4d9acf23c30b8768cb115" vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml via 1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront) cache-control max-age=31536000,public x-amz-cf-pop FRA60-P3 x-amz-cf-id mgY-15EfACnuhGDqb6i45M6F0oNu_fxocgTj65m29pgh-wsCR-dxLA==
GET H/1.1	200 OK	GT-Walsheim-Bold.woff2 d2xeqttht14d9p.cloudfront.net/	55 KB 56 KB	54ms 20ms	Font application/octet-stream	18.66.121.49 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d2xeqttht14d9p.cloudfront.net/GT-Walsheim-Bold.woff2 Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/?cartId=fa-sportreliefa&sc_src=email_2601306&sc_lid=254404061&sc_uid=f7ZPzJSnn6&sc_llid=581342&sc_eh=5d50e7761bc2b3451&utm_source=cr_list&utm_medium=email&utm_campaign=sr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.66.121.49 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-121-49.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash d2359ccde3b4956c5a1621fb141a6c9c3e41db0618750f3ed43d36b04d57e985 Request headers Referer https://donation.comicrelief.com/ Origin https://donation.comicrelief.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 12:25:38 GMT Via 1.1 da6955a1993e1118f32bcb48c6630c20.cloudfront.net (CloudFront) Vary Origin Age 35824 X-Cache Hit from cloudfront Connection keep-alive Content-Length 56392 Last-Modified Fri, 09 Sep 2016 09:48:55 GMT Server AmazonS3 ETag "93ec24ad56ccef6fc839e112584144af" Access-Control-Max-Age 3000 Access-Control-Allow-Methods GET Content-Type application/octet-stream Access-Control-Allow-Origin * X-Amz-Cf-Pop FRA60-P2 Accept-Ranges bytes X-Amz-Cf-Id MuRIGGuz6TGSjIxPX2GfYqw66fq0CUgMUDs_5LZtkhIKqdK5FAAG6Q==
GET H2	200	JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 fonts.gstatic.com/s/montserrat/v25/	30 KB 31 KB	30ms 8ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Anton|Montserrat:500,700,800 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://donation.comicrelief.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Tue, 09 Aug 2022 17:46:43 GMT x-content-type-options nosniff age 67135 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 30928 x-xss-protection 0 last-modified Mon, 11 Jul 2022 18:57:39 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 09 Aug 2023 17:46:43 GMT
GET H2	200	api.js Show response www.google.com/recaptcha/	884 B 997 B	42ms 20ms	Script text/javascript	2a00:1450:4001:811::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api.js?render=6LcmU2oeAAAAAJROF1dRXtlMrIctFJxNBmDHrqWe Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/static/js/vendors.8323c9d5.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 0a42871a2045060deda6d575fb853111ef1fd7a4a9dc2c8e92ed94ba5254a533 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:38 GMT content-encoding gzip x-content-type-options nosniff server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 584 x-xss-protection 1; mode=block expires Wed, 10 Aug 2022 12:25:38 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	246 KB 83 KB	58ms 32ms	Script application/javascript	2a00:1450:4001:809::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-TDZ4454&gtm_auth=&gtm_preview=&gtm_cookies_win=x Requested by Host: link.email.comicrelief.com URL: https://link.email.comicrelief.com/u/nrd.php?p=f7ZPzJSnn6_581342_2601306_1_5&ems_l=3660619&i=1&d=MjU0NDA0MDYx%7CZjdaUHpKU25uNg%3D%3D%7CNWQ1MGU3NzYxYmMyYjM0NTE%3D%7Cc3IyMl9mdW5kcmFpc2luZ2dlbmVyYWxfZG9uYXRlX25hX25hX25hX3VrX25hX19fbWFya2V0aW5nX2NyMDAwMTE3MQ%3D%3D%7C&_esuh=_11_8da804a5ff713838ed569b8b849ac80f17996adfcf3600fd9f10dbe5466634da Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash ae7ff231754a9fc5fb2d269cfdc1730dc7f4a5fbd3fc1c43ba07e9598026e027 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:38 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 84462 x-xss-protection 0 last-modified Wed, 10 Aug 2022 12:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 10 Aug 2022 12:25:38 GMT
GET H2	200	pay.js Show response pay.google.com/gp/p/js/	95 KB 31 KB	144ms 53ms	Script application/javascript	2a00:1450:4010:c0a::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/gp/p/js/pay.js Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/static/js/main.618f5f5f.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4010:c0a::5c Lappeenranta, Finland, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ae8ab2b6e48fdef457c84b2b32b1e7a980579dfc50622ee62fcc515b68752399 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-NIBisGQ9CuOzkcRB7n-5Qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-NIBisGQ9CuOzkcRB7n-5Qw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:38 GMT content-encoding gzip x-content-type-options nosniff p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 server ESF cross-origin-opener-policy same-origin; report-to="InstantbuyFrontendHttp" x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 report-to {"group":"InstantbuyFrontendHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendHttp/external"}]} content-type application/javascript; charset=utf-8 accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site cache-control private, max-age=600 permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=* content-security-policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport, script-src 'report-sample' 'nonce-NIBisGQ9CuOzkcRB7n-5Qw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-NIBisGQ9CuOzkcRB7n-5Qw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport expires Wed, 10 Aug 2022 12:25:38 GMT
GET H2	200	js Show response www.paypal.com/sdk/	315 KB 95 KB	593ms 507ms	Script application/javascript	151.101.65.21 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypal.com/sdk/js?components=buttons&integration-date=2010-03-21&disable-funding=credit,card,sofort&currency=GBP&commit=true&client-id=AW0p8XjG2e3Wo1CDYwYxPcqkt0gWGa0h7sfDCqOOV0-wiPREux-q6jkLfENceBjMujQBE_Bg3UB9FSX5 Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/static/js/main.618f5f5f.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.21 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 67d478f488c3bd6d3ad510b280076715f31542c0685b2c8bec5423e0502db71a Security Headers Name Value Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-PZi6u15baubrLBy6GrFveNKvgkDgHLVmlVRlAH2gizae+ekR' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-PZi6u15baubrLBy6GrFveNKvgkDgHLVmlVRlAH2gizae+ekR' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers content-security-policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-PZi6u15baubrLBy6GrFveNKvgkDgHLVmlVRlAH2gizae+ekR' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-PZi6u15baubrLBy6GrFveNKvgkDgHLVmlVRlAH2gizae+ekR' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp content-encoding gzip x-content-type-options nosniff age 0 via 1.1 varnish x-cache MISS p3p true paypal-debug-id f658454b57c63 server-timing content-encoding;desc="gzip",x-cdn;desc="fastly" dc ccg11-origin-www-1.paypal.com vary Accept-Encoding content-length 96584 x-xss-protection 1; mode=block x-served-by cache-hhn4076-HHN traceparent 00-0000000000000000000f658454b57c63-fc3e4bb719505760-01 x-timer S1660134338.461699,VS0,VE499 x-frame-options SAMEORIGIN date Wed, 10 Aug 2022 12:25:38 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=3600, s-maxage=10800 etag W/"17948-eoeaHQWMzY3dVy3CnvlgJfP+R0k" accept-ranges bytes x-cache-hits 0
GET H2	200	/ Show response js.stripe.com/v3/	317 KB 77 KB	67ms 7ms	Script text/javascript	151.101.128.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/ Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/static/js/main.618f5f5f.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.128.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 3ca955582a10cd5e9539eb0a2a053e9b6a3046e61981f60bcf93375630f9e48e Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff age 55 x-cache HIT content-length 78165 etag "f8f1180f5abaf75df3379ab0e9de2084" x-request-id 5578e295-3682-4407-88a3-36aef50cad96 x-served-by cache-hhn4061-HHN access-control-allow-origin * last-modified Tue, 09 Aug 2022 20:12:38 GMT server Fastly date Wed, 10 Aug 2022 12:25:38 GMT vary Accept-Encoding content-type text/javascript; charset=utf-8 via 1.1 varnish cache-control max-age=60 accept-ranges bytes timing-allow-origin * x-cache-hits 12
GET H2	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/gWN_U6xTIPevg0vuq7g1hct0/	387 KB 155 KB	31ms 8ms	Script text/javascript	2a00:1450:4001:812::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/gWN_U6xTIPevg0vuq7g1hct0/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api.js?render=6LcmU2oeAAAAAJROF1dRXtlMrIctFJxNBmDHrqWe Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c2e37877957a84efc2e5604969599edfa9be30f963d56f8a8ea5352443f72892 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://donation.comicrelief.com/ Origin https://donation.comicrelief.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 11:42:37 GMT content-encoding gzip x-content-type-options nosniff age 2581 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 158422 x-xss-protection 0 last-modified Mon, 01 Aug 2022 04:00:16 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 10 Aug 2023 11:42:37 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	198 KB 71 KB	42ms 26ms	Script application/javascript	2a00:1450:4001:809::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-YD561600B1&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDZ4454&gtm_auth=&gtm_preview=&gtm_cookies_win=x Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 02e852302da89c0f59c209c833d9c693146d7c52ac69dee9886d6d63faf05d11 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:38 GMT content-encoding br server Google Tag Manager access-control-allow-headers Cache-Control vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 72648 x-xss-protection 0 expires Wed, 10 Aug 2022 12:25:38 GMT
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	100 KB 27 KB	40ms 13ms	Script application/x-javascript	2a03:2880:f007:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: link.email.comicrelief.com URL: https://link.email.comicrelief.com/u/nrd.php?p=f7ZPzJSnn6_581342_2601306_1_5&ems_l=3660619&i=1&d=MjU0NDA0MDYx%7CZjdaUHpKU25uNg%3D%3D%7CNWQ1MGU3NzYxYmMyYjM0NTE%3D%7Cc3IyMl9mdW5kcmFpc2luZ2dlbmVyYWxfZG9uYXRlX25hX25hX25hX3VrX25hX19fbWFya2V0aW5nX2NyMDAwMTE3MQ%3D%3D%7C&_esuh=_11_8da804a5ff713838ed569b8b849ac80f17996adfcf3600fd9f10dbe5466634da Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e75555ca161f289d4830a84a1856b37a9cb0077f78af600fb47c67c135baa8fd Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 content-length 26506 x-xss-protection 0 pragma public x-fb-debug eHpzQ8bXLSB2Kz8EZj9kB3rOZrXotJNJH7u3zftCUDTzMi0DVWzBOD5M/YPjjGJcnikw/ZxOA2WN/8OH4gLyAg== x-fb-trip-id 720026100 cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Wed, 10 Aug 2022 12:25:38 GMT strict-transport-security max-age=31536000; preload; includeSubDomains content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	B25261695.293019563;sz=1x2;ord=1660134338465.dmz5n5w;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= Show response ad.doubleclick.net/ddm/adj/N309801.197812NSO.CODESRV/	35 KB 13 KB	80ms 44ms	Script text/javascript	142.250.186.134 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ad.doubleclick.net/ddm/adj/N309801.197812NSO.CODESRV/B25261695.293019563;sz=1x2;ord=1660134338465.dmz5n5w;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=? Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDZ4454&gtm_auth=&gtm_preview=&gtm_cookies_win=x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.134 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s07-in-f6.1e100.net Software cafe / Resource Hash a084f3877e1bc0d9d09dd04e55a2f60fd3ad638873c9ca149c5e889b52b50a41 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:38 GMT content-encoding br x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13093 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	scarab-v2.js Show response cdn.scarabresearch.com/js/157FD760A98A5CD2/	95 KB 23 KB	37ms 9ms	Script application/javascript	18.66.139.92 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.scarabresearch.com/js/157FD760A98A5CD2/scarab-v2.js Requested by Host: link.email.comicrelief.com URL: https://link.email.comicrelief.com/u/nrd.php?p=f7ZPzJSnn6_581342_2601306_1_5&ems_l=3660619&i=1&d=MjU0NDA0MDYx%7CZjdaUHpKU25uNg%3D%3D%7CNWQ1MGU3NzYxYmMyYjM0NTE%3D%7Cc3IyMl9mdW5kcmFpc2luZ2dlbmVyYWxfZG9uYXRlX25hX25hX25hX3VrX25hX19fbWFya2V0aW5nX2NyMDAwMTE3MQ%3D%3D%7C&_esuh=_11_8da804a5ff713838ed569b8b849ac80f17996adfcf3600fd9f10dbe5466634da Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.66.139.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-139-92.fra60.r.cloudfront.net Software / Resource Hash 39f215e80b806d4f28addeeacf4e6bba3020da91164f6a270eb26be14f8b192f Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 11:53:05 GMT Content-Encoding gzip Connection keep-alive Age 1953 ETag "ea9bf461d696a3cead375e3115c7cd96--gzip" Vary Accept-Encoding X-Cache Hit from cloudfront Content-Type application/javascript;charset=utf-8 Via 1.1 ba67e20db38657ee5cb05d05b3da9d70.cloudfront.net (CloudFront) Cache-Control max-age=3600,public Transfer-Encoding chunked X-Amz-Cf-Pop FRA60-P4 Timing-Allow-Origin * X-Amz-Cf-Id 9PcE2cIc9BIaAFKI1Mb3z6lRfzzNKgHXR-tpjX_j8yTLr-hw317VCw==
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	43ms 7ms	Script text/javascript	2a00:1450:4001:813::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDZ4454&gtm_auth=&gtm_preview=&gtm_cookies_win=x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 13 Apr 2022 21:02:38 GMT server Golfe2 age 5018 date Wed, 10 Aug 2022 11:02:00 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Wed, 10 Aug 2022 13:02:00 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	8 KB 3 KB	63ms 13ms	Script application/x-javascript	2a02:26f0:11a::6867:4843 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDZ4454&gtm_auth=&gtm_preview=&gtm_cookies_win=x Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:11a::6867:4843 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers x-edgeconnect-origin-mex-latency 662 date Wed, 10 Aug 2022 12:25:38 GMT content-encoding gzip last-modified Wed, 13 Apr 2022 23:25:22 GMT x-cdn AKAM x-edgeconnect-midmile-rtt 0 vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=22182 accept-ranges bytes content-length 3085
GET H2	200	dc_pre=CNiFnKyivPkCFQxCkQUd9uYHcQ;src=9063052;type=enga0;cat=rnd-u0;ord=9987623319990;gtm=2wg880;auiddc=* adservice.google.com/ddm/fls/z/ Redirect Chain https://ad.doubleclick.net/activity;src=9063052;type=enga0;cat=rnd-u0;ord=9987623319990;gtm=2wg880;auiddc=128818294.1660134338? https://ad.doubleclick.net/activity;dc_pre=CNiFnKyivPkCFQxCkQUd9uYHcQ;src=9063052;type=enga0;cat=rnd-u0;ord=9987623319990;gtm=2wg880;auiddc=128818294.1660134338? https://adservice.google.com/ddm/fls/z/dc_pre=CNiFnKyivPkCFQxCkQUd9uYHcQ;src=9063052;type=enga0;cat=rnd-u0;ord=9987623319990;gtm=2wg880;auiddc=*	42 B 494 B	74ms 51ms	Image image/gif	2a00:1450:4001:812::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://adservice.google.com/ddm/fls/z/dc_pre=CNiFnKyivPkCFQxCkQUd9uYHcQ;src=9063052;type=enga0;cat=rnd-u0;ord=9987623319990;gtm=2wg880;auiddc=* Protocol H2 Server 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:38 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Wed, 10 Aug 2022 12:25:38 GMT x-content-type-options nosniff server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" content-type text/html; charset=UTF-8 location https://adservice.google.com/ddm/fls/z/dc_pre=CNiFnKyivPkCFQxCkQUd9uYHcQ;src=9063052;type=enga0;cat=rnd-u0;ord=9987623319990;gtm=2wg880;auiddc=* cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	dc_pre=COKGnKyivPkCFQ5JkQUdfb4Nhg;src=9063052;type=enga0;cat=rnd-d00;ord=2329700171759;gtm=2wg880;auiddc=* adservice.google.com/ddm/fls/z/ Redirect Chain https://ad.doubleclick.net/activity;src=9063052;type=enga0;cat=rnd-d00;ord=2329700171759;gtm=2wg880;auiddc=128818294.1660134338? https://ad.doubleclick.net/activity;dc_pre=COKGnKyivPkCFQ5JkQUdfb4Nhg;src=9063052;type=enga0;cat=rnd-d00;ord=2329700171759;gtm=2wg880;auiddc=128818294.1660134338? https://adservice.google.com/ddm/fls/z/dc_pre=COKGnKyivPkCFQ5JkQUdfb4Nhg;src=9063052;type=enga0;cat=rnd-d00;ord=2329700171759;gtm=2wg880;auiddc=*	42 B 107 B	74ms 51ms	Image image/gif	2a00:1450:4001:812::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://adservice.google.com/ddm/fls/z/dc_pre=COKGnKyivPkCFQ5JkQUdfb4Nhg;src=9063052;type=enga0;cat=rnd-d00;ord=2329700171759;gtm=2wg880;auiddc=* Protocol H2 Server 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:38 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Wed, 10 Aug 2022 12:25:38 GMT x-content-type-options nosniff server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" content-type text/html; charset=UTF-8 location https://adservice.google.com/ddm/fls/z/dc_pre=COKGnKyivPkCFQ5JkQUdfb4Nhg;src=9063052;type=enga0;cat=rnd-d00;ord=2329700171759;gtm=2wg880;auiddc=* cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	m-outer-14f4001d2d49d367924c6ae47f2e2539.html Show response js.stripe.com/v3/ Frame D894	240 B 844 B	7ms 7ms	Document text/html	151.101.128.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/m-outer-14f4001d2d49d367924c6ae47f2e2539.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.128.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash 17584dd885d6411ece8c2aad1707bc60b450a272725e8b7658d8006c8b4425e1 Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://donation.comicrelief.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * age 58804 cache-control max-age=31536000 content-encoding br content-length 140 content-security-policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report content-security-policy-report-only base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Wed, 10 Aug 2022 12:25:38 GMT etag "14f4001d2d49d367924c6ae47f2e2539" last-modified Tue, 09 Aug 2022 20:01:07 GMT server Fastly strict-transport-security max-age=31556926; includeSubDomains; preload timing-allow-origin * vary Accept-Encoding via 1.1 varnish x-cache HIT x-cache-hits 29894 x-content-type-options nosniff x-request-id a4772dc9-d62c-4fec-9f09-70f94479eead x-served-by cache-hhn4061-HHN
GET H3	200	anchor Show response www.google.com/recaptcha/api2/ Frame 6228	41 KB 21 KB	43ms 25ms	Document text/html	2a00:1450:4001:811::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcmU2oeAAAAAJROF1dRXtlMrIctFJxNBmDHrqWe&co=aHR0cHM6Ly9kb25hdGlvbi5jb21pY3JlbGllZi5jb206NDQz&hl=de&v=gWN_U6xTIPevg0vuq7g1hct0&size=invisible&cb=o2b1gmuktbdz Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/gWN_U6xTIPevg0vuq7g1hct0/recaptcha__de.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 548baae85645856e4f2ee3ccdc6010d84a73752a232c616466ce5bd63663ee74 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-u_NEPD76SuL7HHB32yMjyw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://donation.comicrelief.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control no-cache, no-store, max-age=0, must-revalidate content-encoding gzip content-length 21849 content-security-policy script-src 'report-sample' 'nonce-u_NEPD76SuL7HHB32yMjyw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Wed, 10 Aug 2022 12:25:38 GMT expires Mon, 01 Jan 1990 00:00:00 GMT pragma no-cache report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
POST H2	200	csp-report q.stripe.com/ Frame D894	0 571 B	545ms 180ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: link.email.comicrelief.com URL: https://link.email.comicrelief.com/u/nrd.php?p=f7ZPzJSnn6_581342_2601306_1_5&ems_l=3660619&i=1&d=MjU0NDA0MDYx%7CZjdaUHpKU25uNg%3D%3D%7CNWQ1MGU3NzYxYmMyYjM0NTE%3D%7Cc3IyMl9mdW5kcmFpc2luZ2dlbmVyYWxfZG9uYXRlX25hX25hX25hX3VrX25hX19fbWFya2V0aW5nX2NyMDAwMTE3MQ%3D%3D%7C&_esuh=_11_8da804a5ff713838ed569b8b849ac80f17996adfcf3600fd9f10dbe5466634da Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type application/csp-report Response headers date Wed, 10 Aug 2022 12:25:39 GMT x-content-type-options nosniff x-envoy-upstream-service-time 1 strict-transport-security max-age=63072000; includeSubDomains; preload content-length 0 pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com access-control-expose-headers Server, Range, Content-Type cache-control max-age=0, no-cache, no-store, must-revalidate x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
POST H2	200	csp-report q.stripe.com/ Frame D894	0 570 B	545ms 180ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: link.email.comicrelief.com URL: https://link.email.comicrelief.com/u/nrd.php?p=f7ZPzJSnn6_581342_2601306_1_5&ems_l=3660619&i=1&d=MjU0NDA0MDYx%7CZjdaUHpKU25uNg%3D%3D%7CNWQ1MGU3NzYxYmMyYjM0NTE%3D%7Cc3IyMl9mdW5kcmFpc2luZ2dlbmVyYWxfZG9uYXRlX25hX25hX25hX3VrX25hX19fbWFya2V0aW5nX2NyMDAwMTE3MQ%3D%3D%7C&_esuh=_11_8da804a5ff713838ed569b8b849ac80f17996adfcf3600fd9f10dbe5466634da Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type application/csp-report Response headers date Wed, 10 Aug 2022 12:25:39 GMT x-content-type-options nosniff x-envoy-upstream-service-time 1 strict-transport-security max-age=63072000; includeSubDomains; preload content-length 0 pragma no-cache referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin access-control-max-age 3600 access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://js.stripe.com access-control-expose-headers Server, Range, Content-Type cache-control max-age=0, no-cache, no-store, must-revalidate x-robots-tag none access-control-allow-headers Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token expires 0
GET H2	200	m-outer-2a22f74a91e8306530f63fe49f9ad628.js Show response js.stripe.com/v3/fingerprinted/js/ Frame D894	526 B 383 B	7ms 7ms	Script text/javascript	151.101.128.176 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js.stripe.com/v3/fingerprinted/js/m-outer-2a22f74a91e8306530f63fe49f9ad628.js Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/m-outer-14f4001d2d49d367924c6ae47f2e2539.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.128.176 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Fastly / Resource Hash ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://js.stripe.com/v3/m-outer-14f4001d2d49d367924c6ae47f2e2539.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br x-content-type-options nosniff age 3 x-cache HIT content-length 256 etag "d96c709017743c0759cf3853d1806ba5" x-request-id da747a5f-565f-4de3-b1cc-df18eba0f7f1 x-served-by cache-hhn4061-HHN access-control-allow-origin * last-modified Tue, 09 Aug 2022 20:01:06 GMT server Fastly date Wed, 10 Aug 2022 12:25:38 GMT vary Accept-Encoding content-type text/javascript; charset=utf-8 via 1.1 varnish cache-control max-age=60 accept-ranges bytes timing-allow-origin * x-cache-hits 3
POST H2	204	collect region1.analytics.google.com/g/	0 343 B	39ms 15ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-YD561600B1&gtm=2oe880&_p=51384443&_gaz=1&cid=908316307.1660134339&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1660134338&sct=1&seg=0&dl=https%3A%2F%2Fdonation.comicrelief.com%2F%3FcartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26sc_lid%3D254404061%26sc_uid%3Df7ZPzJSnn6%26sc_llid%3D581342%26sc_eh%3D5d50e7761bc2b3451%26utm_source%3Dcr_list%26utm_medium%3Demail%26utm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171&dr=https%3A%2F%2Flink.email.comicrelief.com%2F&dt=Donate%20%7C%20Comic%20Relief&en=page_view&_fv=1&_nsi=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-YD561600B1&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:38 GMT server Golfe2 content-type text/plain access-control-allow-origin https://donation.comicrelief.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 352 B	60ms 21ms	Ping text/plain	2a00:1450:400c:c00::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-YD561600B1&cid=908316307.1660134339&gtm=2oe880&aip=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-YD561600B1&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:38 GMT server Golfe2 content-type text/plain access-control-allow-origin https://donation.comicrelief.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 501 B	55ms 32ms	Image image/gif	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-YD561600B1&cid=908316307.1660134339&gtm=2oe880&aip=1&z=1671720877 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:38 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	445034839357835 Show response connect.facebook.net/signals/config/	293 KB 84 KB	84ms 69ms	Script application/x-javascript	2a03:2880:f007:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/445034839357835?v=2.9.73&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 30620d9c7ff07da5853538cb6f97472e4c98a9be3cb3dcdd655504bccbb418fe Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 x-xss-protection 0 pragma public x-fb-debug hEc1lRUMWSgO2+EGyypGhxQYcZrAP/UXriKMyXDjkStseUuelQmPhdyFPRT909oNdQt8gBA2XZ3+1WgWmRU9dA== cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Wed, 10 Aug 2022 12:25:38 GMT strict-transport-security max-age=31536000; preload; includeSubDomains x-content-cdn-origin-ts 1660134338681 content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	ec.js Show response www.google-analytics.com/plugins/ua/	3 KB 1 KB	23ms 7ms	Script text/javascript	2a00:1450:4001:813::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/plugins/ua/ec.js Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 11:51:53 GMT content-encoding br x-content-type-options nosniff age 2025 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1129 x-xss-protection 0 last-modified Thu, 30 Dec 2021 12:48:00 GMT server sffe vary Accept-Encoding report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type text/javascript cache-control public, max-age=3600 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Wed, 10 Aug 2022 12:51:53 GMT
GET H3	200	payframe Show response pay.google.com/gp/p/ui/ Frame 7140	18 KB 7 KB	255ms 179ms	Document text/html	2a00:1450:4010:c0a::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fdonation.comicrelief.com&mid= Requested by Host: pay.google.com URL: https://pay.google.com/gp/p/js/pay.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4010:c0a::5c Lappeenranta, Finland, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash eb4b9a270b0f4b1861159b37e564645286a0f619b48c1b5e12db9da053d5d3f0 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-PrhuCbe492eTfjGxT8Fv7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-PrhuCbe492eTfjGxT8Fv7A' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://donation.comicrelief.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control private, max-age=3600 content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-PrhuCbe492eTfjGxT8Fv7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-PrhuCbe492eTfjGxT8Fv7A' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport content-type text/html; charset=utf-8 cross-origin-opener-policy same-origin; report-to="InstantbuyFrontendBuyflowPayframeUi" cross-origin-resource-policy same-site date Wed, 10 Aug 2022 12:25:38 GMT expires Wed, 10 Aug 2022 12:25:38 GMT permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=* report-to {"group":"InstantbuyFrontendBuyflowPayframeUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayframeUi/external"}]} server ESF strict-transport-security max-age=31536000 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site x-content-type-options nosniff x-ua-compatible IE=edge x-xss-protection 0
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1836441&time=1660134338616&url=https%3A%2F%2Fdonation.comicrelief.com%2F%3Futm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketin... https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1836441%26time%3D1660134338616%26url%3Dhttps%253A%252F%252Fdonation.comicrelief.c... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1836441&time=1660134338616&url=https%3A%2F%2Fdonation.comicrelief.com%2F%3Futm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketin... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1836441&time=1660134338616&url=https%3A%2F%2Fdonation.comicrelief.com%2F%3Futm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketi...	0 265 B	155ms 128ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1836441&time=1660134338616&url=https%3A%2F%2Fdonation.comicrelief.com%2F%3Futm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171%26sc_eh%3D5d50e7761bc2b3451%26cartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26utm_source%3Dcr_list%26sc_uid%3Df7ZPzJSnn6%26sc_lid%3D254404061%26utm_medium%3Demail%26sc_llid%3D581342&liSync=true&e_ipv6=AQI1zlQsB5XAXAAAAYKHt7HdoGWRFoXwMvnuLRXnPejgensNBaYmqy01bZ23Pi6H Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:38 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 66B09DC30BD54D589B3273BDFC021C14 Ref B: FRAEDGE1120 Ref C: 2022-08-10T12:25:39Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-proto http/2 content-length 0 x-li-uuid AAXl4iWQ3FHC60ylXtWxRg== x-li-fabric prod-lva1 Redirect headers date Wed, 10 Aug 2022 12:25:38 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 95243BF3F3D1468D834B0B887CB14BC4 Ref B: VIEEDGE2918 Ref C: 2022-08-10T12:25:38Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1836441&time=1660134338616&url=https%3A%2F%2Fdonation.comicrelief.com%2F%3Futm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171%26sc_eh%3D5d50e7761bc2b3451%26cartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26utm_source%3Dcr_list%26sc_uid%3Df7ZPzJSnn6%26sc_lid%3D254404061%26utm_medium%3Demail%26sc_llid%3D581342&liSync=true&e_ipv6=AQI1zlQsB5XAXAAAAYKHt7HdoGWRFoXwMvnuLRXnPejgensNBaYmqy01bZ23Pi6H x-li-proto http/2 content-length 0 x-li-uuid AAXl4iWOjj+Of/SFi4aQaw==
GET H2	200	rx_lidar.js Show response www.googletagservices.com/activeview/js/current/	140 KB 44 KB	55ms 32ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 Requested by Host: ad.doubleclick.net URL: https://ad.doubleclick.net/ddm/adj/N309801.197812NSO.CODESRV/B25261695.293019563;sz=1x2;ord=1660134338465.dmz5n5w;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=? Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 8a2f253ec609c302adb1b3c7ae3e02520fe888f9b71507e7b9d32fc65d59db12 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:38 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 44011 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1659958456967243" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Wed, 10 Aug 2022 12:25:38 GMT
GET H2	200	omrhp.js Show response pagead2.googlesyndication.com/pagead/js/r20220808/r20110914/elements/html/	8 KB 4 KB	30ms 8ms	Script text/javascript	2a00:1450:4001:806::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/r20220808/r20110914/elements/html/omrhp.js Requested by Host: ad.doubleclick.net URL: https://ad.doubleclick.net/ddm/adj/N309801.197812NSO.CODESRV/B25261695.293019563;sz=1x2;ord=1660134338465.dmz5n5w;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=? Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:24:23 GMT content-encoding gzip x-content-type-options nosniff age 75 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 3159 x-xss-protection 0 server cafe etag 1394524276809619753 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, max-age=1209600 timing-allow-origin * expires Wed, 24 Aug 2022 12:24:23 GMT
POST H2	200	view googleads4.g.doubleclick.net/pcs/	0 575 B	83ms 47ms	Ping image/gif	172.217.16.194 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvQas80Rsy51IfRhdkgoWBVKIEGwscvUi-DHc5DkBblViQIYN4_S9BVweDu2MXD1E_rM4irKUv8GKXAc5Ojw9s3ltR67cJh-YwRfJfWTrE4CrbfmXeoTdA8bLgDCZZhctOTgvCzb8DFMfQFla8rmzLdYRka&sig=Cg0ArKJSzE1f1nVSTtRuEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=2&dett=5&cstd=0&cisv=r20220808.81756&adurl= Requested by Host: ad.doubleclick.net URL: https://ad.doubleclick.net/ddm/adj/N309801.197812NSO.CODESRV/B25261695.293019563;sz=1x2;ord=1660134338465.dmz5n5w;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=? Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.217.16.194 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s08-in-f194.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers timing-allow-origin * date Wed, 10 Aug 2022 12:25:38 GMT x-content-type-options nosniff accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" access-control-allow-origin * cache-control private cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 0 x-xss-protection 0 server cafe
GET H2	200	tc.min.js Show response c1.rfihub.net/js/	19 KB 6 KB	45ms 7ms	Script application/x-javascript	2600:9000:223c:fe00:1:76cf:fe80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c1.rfihub.net/js/tc.min.js Requested by Host: link.email.comicrelief.com URL: https://link.email.comicrelief.com/u/nrd.php?p=f7ZPzJSnn6_581342_2601306_1_5&ems_l=3660619&i=1&d=MjU0NDA0MDYx%7CZjdaUHpKU25uNg%3D%3D%7CNWQ1MGU3NzYxYmMyYjM0NTE%3D%7Cc3IyMl9mdW5kcmFpc2luZ2dlbmVyYWxfZG9uYXRlX25hX25hX25hX3VrX25hX19fbWFya2V0aW5nX2NyMDAwMTE3MQ%3D%3D%7C&_esuh=_11_8da804a5ff713838ed569b8b849ac80f17996adfcf3600fd9f10dbe5466634da Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223c:fe00:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Jetty(9.3.29.v20201019) / Resource Hash 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 11:49:29 GMT content-encoding gzip last-modified Wed, 10 Aug 2022 11:49:19 GMT server Jetty(9.3.29.v20201019) age 2169 x-cache Hit from cloudfront p3p CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" via 1.1 03ffca0f67e3596b9a0c92342fe91598.cloudfront.net (CloudFront) cache-control public, max-age=3600 x-amz-cf-pop FRA56-P2 content-type application/x-javascript content-length 6162 x-amz-cf-id q7dbg0GO8_RoDcm9VRvdFTlMzc0xfhqhITIWMdhFHtHa9rEcYD_p6A== expires Wed, 10 Aug 2022 12:49:29 GMT
GET H/1.1	200 OK	/ Show response recommender.scarabresearch.com/merchants/157FD760A98A5CD2/	89 B 654 B	72ms 7ms	XHR application/json	3.66.107.104 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://recommender.scarabresearch.com/merchants/157FD760A98A5CD2/?pv=1955531267&xp=1&cp=1&eh=5d50e7761bc2b3451&ecid=2601306&elid=254404061&ellid=581342&euid=f7ZPzJSnn6&prev_url=https%3A%2F%2Flink.email.comicrelief.com%2F Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/static/js/vendors.8323c9d5.chunk.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.66.107.104 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-66-107-104.eu-central-1.compute.amazonaws.com Software / Resource Hash 63a558b5b2e1f56e4ad52f0bbc84dc754fe9f0471732b2e52da37f4af6db88c0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 12:25:38 GMT P3P CP="NOI DSP COR NID PSAo OUR IND" Vary Accept-Encoding, User-Agent Content-Type application/json;charset=utf-8 Access-Control-Allow-Origin https://donation.comicrelief.com Access-Control-Allow-Credentials true Connection keep-alive Timing-Allow-Origin * Content-Length 89 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	inner.html Show response m.stripe.network/ Frame A901	930 B 2 KB	93ms 8ms	Document text/html	2600:9000:223e:1c00:19:7d10:bd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/inner.html Requested by Host: js.stripe.com URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-2a22f74a91e8306530f63fe49f9ad628.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223e:1c00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Cloudfront / Resource Hash a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35 Security Headers Name Value Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://js.stripe.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 160 cache-control max-age=300, public content-length 930 content-security-policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report content-type text/html; charset=utf-8 date Wed, 10 Aug 2022 12:22:58 GMT etag "fc2e029628f163bb59adc6fa5a31161c" last-modified Thu, 17 Mar 2022 19:03:12 GMT server Cloudfront strict-transport-security max-age=31556926; includeSubDomains; preload vary Accept-Encoding via 1.1 eeb2f3ca588ea4437f4b97ed276a6664.cloudfront.net (CloudFront) x-amz-cf-id HDruwqAHgYk-OIXZD9kOGsq5GYCD_QhtFeiJ7SzoxcmSXdqbWnt9WQ== x-amz-cf-pop FRA56-P4 x-cache Hit from cloudfront x-content-type-options nosniff
GET H3	200	styles__ltr.css www.gstatic.com/recaptcha/releases/gWN_U6xTIPevg0vuq7g1hct0/ Frame 6228	51 KB 24 KB	23ms 7ms	Stylesheet text/css	2a00:1450:4001:812::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/gWN_U6xTIPevg0vuq7g1hct0/styles__ltr.css Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcmU2oeAAAAAJROF1dRXtlMrIctFJxNBmDHrqWe&co=aHR0cHM6Ly9kb25hdGlvbi5jb21pY3JlbGllZi5jb206NDQz&hl=de&v=gWN_U6xTIPevg0vuq7g1hct0&size=invisible&cb=o2b1gmuktbdz Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 11:24:32 GMT content-encoding gzip x-content-type-options nosniff age 3666 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 24237 x-xss-protection 0 last-modified Mon, 01 Aug 2022 04:00:16 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 10 Aug 2023 11:24:32 GMT
GET H3	200	recaptcha__de.js Show response www.gstatic.com/recaptcha/releases/gWN_U6xTIPevg0vuq7g1hct0/ Frame 6228	387 KB 155 KB	27ms 10ms	Script text/javascript	2a00:1450:4001:812::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/gWN_U6xTIPevg0vuq7g1hct0/recaptcha__de.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcmU2oeAAAAAJROF1dRXtlMrIctFJxNBmDHrqWe&co=aHR0cHM6Ly9kb25hdGlvbi5jb21pY3JlbGllZi5jb206NDQz&hl=de&v=gWN_U6xTIPevg0vuq7g1hct0&size=invisible&cb=o2b1gmuktbdz Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c2e37877957a84efc2e5604969599edfa9be30f963d56f8a8ea5352443f72892 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 11:42:37 GMT content-encoding gzip x-content-type-options nosniff age 2581 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 158422 x-xss-protection 0 last-modified Mon, 01 Aug 2022 04:00:16 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 10 Aug 2023 11:42:37 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 151 B	19ms 19ms	XHR text/plain	2a00:1450:400c:c00::9b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-17242537-1&cid=908316307.1660134339&jid=154659539&gjid=688435625&_gid=602699496.1660134339&_u=aCDAgEALAAAAAE~&z=1296884954 Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/static/js/vendors.8323c9d5.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://donation.comicrelief.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Wed, 10 Aug 2022 12:25:38 GMT content-type text/plain access-control-allow-origin https://donation.comicrelief.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	8ms 8ms	Image image/gif	2a00:1450:4001:813::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j96&a=51384443&t=pageview&cu=GBP&_s=1&dl=https%3A%2F%2Fdonation.comicrelief.com%2F%3FcartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26sc_lid%3D254404061%26sc_uid%3Df7ZPzJSnn6%26sc_llid%3D581342%26sc_eh%3D5d50e7761bc2b3451%26utm_source%3Dcr_list%26utm_medium%3Demail%26utm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171&dr=https%3A%2F%2Flink.email.comicrelief.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Donate%20%7C%20Comic%20Relief&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAgEAL~&jid=154659539&gjid=688435625&cid=908316307.1660134339&tid=UA-17242537-1&_gid=602699496.1660134339&gtm=2wg880TDZ4454&cd1=Donate-CR&cd2=https%3A%2F%2Fdonation.comicrelief.com%2F%3FcartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26sc_lid%3D254404061%26sc_uid%3Df7ZPzJSnn6%26sc_llid%3D581342%26sc_eh%3D5d50e7761bc2b3451%26utm_source%3Dcr_list%26utm_medium%3Demail%26utm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171&cd5=1660134338469.fi1qo0z7&cd6=2022-08-10T12%3A25%3A38.469%2B00%3A00&cd9=F26%7CYRIA%7CGOTH%7CYear%20Round%20General&cd12=FA-SPORTRELIEFA&cd4=908316307.1660134339&il1nm=cr-donate-homepage-regular&il1pi1id=moneybuy-2&il1pi1nm=moneybuy-2&il1pi1pr=2&il1pi1br=cr-regular-payment&il1pi1ca=FA-SPORTRELIEFA&il1pi1ps=1&il1pi1cd10=cr-regular-payment&il1pi2id=moneybuy-5&il1pi2nm=moneybuy-5&il1pi2pr=5&il1pi2br=cr-regular-payment&il1pi2ca=FA-SPORTRELIEFA&il1pi2ps=2&il1pi2cd10=cr-regular-payment&il1pi3id=moneybuy-10&il1pi3nm=moneybuy-10&il1pi3pr=10&il1pi3br=cr-regular-payment&il1pi3ca=FA-SPORTRELIEFA&il1pi3ps=3&il1pi3cd10=cr-regular-payment&il1pi4id=manual-entry&il1pi4nm=manual-entry&il1pi4pr=0&il1pi4br=cr-regular-payment&il1pi4ca=FA-SPORTRELIEFA&il1pi4ps=0&il1pi4cd10=cr-regular-payment&z=1087841039 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 02:12:16 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 36802 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	33ms 33ms	Image image/gif	2a00:1450:4001:811::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-17242537-1&cid=908316307.1660134339&jid=154659539&_u=aCDAgEALAAAAAE~&z=1564314482 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:38 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	50ms 33ms	Image image/gif	2a00:1450:4001:829::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-17242537-1&cid=908316307.1660134339&jid=154659539&_u=aCDAgEALAAAAAE~&z=1564314482 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:38 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	ca.html Show response 20830202p.rfihub.com/ Frame 6093	3 KB 3 KB	273ms 30ms	Document text/html	193.0.160.128 ROCKETFUEL
General Check archive.org Show headers Download Go to Full URL https://20830202p.rfihub.com/ca.html?ver=9&rb=43619&ca=20830202&_o=43619&_t=20830202&pe=https%3A%2F%2Fdonation.comicrelief.com%2F%3FcartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26sc_lid%3D254404061%26sc_uid%3Df7ZPzJSnn6%26sc_llid%3D581342%26sc_eh%3D5d50e7761bc2b3451%26utm_source%3Dcr_list%26utm_medium%3Demail%26utm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171&pf=https%3A%2F%2Flink.email.comicrelief.com%2F&ra=7184243905510792 Requested by Host: c1.rfihub.net URL: https://c1.rfihub.net/js/tc.min.js Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US), Reverse DNS Software Jetty(9.3.29.v20201019) / Resource Hash 079e5c7187187f3a51b36e9accdb15e0a6c2ada8444f98e0eba241c7fa5157aa Request headers Referer https://donation.comicrelief.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-cache Content-Length 2622 Content-Type text/html;charset=utf-8 Date Wed, 10 Aug 2022 12:25:38 GMT P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Server Jetty(9.3.29.v20201019)
GET H/1.1	200 OK	ca.html Show response 20830204p.rfihub.com/ Frame 010B	3 KB 3 KB	113ms 20ms	Document text/html	193.0.160.128 ROCKETFUEL
General Check archive.org Show headers Download Go to Full URL https://20830204p.rfihub.com/ca.html?ver=9&rb=43619&ca=20830204&_o=43619&_t=20830204&pe=https%3A%2F%2Fdonation.comicrelief.com%2F%3FcartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26sc_lid%3D254404061%26sc_uid%3Df7ZPzJSnn6%26sc_llid%3D581342%26sc_eh%3D5d50e7761bc2b3451%26utm_source%3Dcr_list%26utm_medium%3Demail%26utm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171&pf=https%3A%2F%2Flink.email.comicrelief.com%2F&ra=9483124014607314 Requested by Host: c1.rfihub.net URL: https://c1.rfihub.net/js/tc.min.js Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US), Reverse DNS Software Jetty(9.3.29.v20201019) / Resource Hash 393d883531072576d73be85783ccba9b87e9204f567637a5971db22fb60e5a55 Request headers Referer https://donation.comicrelief.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-cache Content-Length 2622 Content-Type text/html;charset=utf-8 Date Wed, 10 Aug 2022 12:25:38 GMT P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Server Jetty(9.3.29.v20201019)
GET H3	200	logo_48.png www.gstatic.com/recaptcha/api2/ Frame 6228	2 KB 2 KB	7ms 7ms	Image image/png	2a00:1450:4001:812::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/recaptcha/api2/logo_48.png Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/gWN_U6xTIPevg0vuq7g1hct0/styles__ltr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.gstatic.com/recaptcha/releases/gWN_U6xTIPevg0vuq7g1hct0/styles__ltr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Tue, 09 Aug 2022 18:59:48 GMT x-content-type-options nosniff age 62750 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2228 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type image/png cache-control public, max-age=604800 accept-ranges bytes expires Tue, 16 Aug 2022 18:59:48 GMT
GET H3	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v18/ Frame 6228	15 KB 15 KB	26ms 10ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcmU2oeAAAAAJROF1dRXtlMrIctFJxNBmDHrqWe&co=aHR0cHM6Ly9kb25hdGlvbi5jb21pY3JlbGllZi5jb206NDQz&hl=de&v=gWN_U6xTIPevg0vuq7g1hct0&size=invisible&cb=o2b1gmuktbdz Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ Origin https://www.google.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Tue, 09 Aug 2022 11:18:05 GMT x-content-type-options nosniff age 90453 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15344 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:32:55 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 09 Aug 2023 11:18:05 GMT
GET H3	200	KFOlCnqEu92Fr1MmEU9fBBc4.woff2 fonts.gstatic.com/s/roboto/v18/ Frame 6228	15 KB 15 KB	25ms 9ms	Font font/woff2	2a00:1450:4001:806::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcmU2oeAAAAAJROF1dRXtlMrIctFJxNBmDHrqWe&co=aHR0cHM6Ly9kb25hdGlvbi5jb21pY3JlbGllZi5jb206NDQz&hl=de&v=gWN_U6xTIPevg0vuq7g1hct0&size=invisible&cb=o2b1gmuktbdz Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ Origin https://www.google.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Tue, 09 Aug 2022 18:59:48 GMT x-content-type-options nosniff age 62750 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15552 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:33:02 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 09 Aug 2023 18:59:48 GMT
POST H2	200	csp-report q.stripe.com/ Frame A901	0 344 B	339ms 181ms	Other text/plain	54.187.159.182 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.stripe.com/csp-report Requested by Host: link.email.comicrelief.com URL: https://link.email.comicrelief.com/u/nrd.php?p=f7ZPzJSnn6_581342_2601306_1_5&ems_l=3660619&i=1&d=MjU0NDA0MDYx%7CZjdaUHpKU25uNg%3D%3D%7CNWQ1MGU3NzYxYmMyYjM0NTE%3D%7Cc3IyMl9mdW5kcmFpc2luZ2dlbmVyYWxfZG9uYXRlX25hX25hX25hX3VrX25hX19fbWFya2V0aW5nX2NyMDAwMTE3MQ%3D%3D%7C&_esuh=_11_8da804a5ff713838ed569b8b849ac80f17996adfcf3600fd9f10dbe5466634da Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-54-187-159-182.stripe.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type application/csp-report Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:39 GMT referrer-policy strict-origin-when-cross-origin server nginx cross-origin-opener-policy same-origin strict-transport-security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload cache-control max-age=0, no-cache, no-store, must-revalidate x-envoy-upstream-service-time 2 x-robots-tag none content-length 0 x-content-type-options nosniff expires 0
GET H3	200	401459893772573 Show response connect.facebook.net/signals/config/	293 KB 84 KB	73ms 73ms	Script application/x-javascript	2a03:2880:f007:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/401459893772573?v=2.9.73&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash feb755f0f284c54a775562775ed63da4b9dce751990bb1791c1638074224de99 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 x-xss-protection 0 pragma public x-fb-debug yOgMRkl2EdufVOTEBvE0HTFpQ97ABIIjHezlZBXF/R2MhV6WO43bJygPgmG7buJwPp07Flv/lavo26tDDaRMcw== cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Wed, 10 Aug 2022 12:25:38 GMT strict-transport-security max-age=31536000; preload; includeSubDomains x-content-cdn-origin-ts 1660134338849 content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H3	200	webworker.js www.google.com/recaptcha/api2/ Frame 6228	102 B 133 B	19ms 19ms	Other text/javascript	2a00:1450:4001:811::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=gWN_U6xTIPevg0vuq7g1hct0 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcmU2oeAAAAAJROF1dRXtlMrIctFJxNBmDHrqWe&co=aHR0cHM6Ly9kb25hdGlvbi5jb21pY3JlbGllZi5jb206NDQz&hl=de&v=gWN_U6xTIPevg0vuq7g1hct0&size=invisible&cb=o2b1gmuktbdz Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 49e3d3c02d2e66e6d545c98e1249a2de848e7c17c0c676d883e764794eb22021 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcmU2oeAAAAAJROF1dRXtlMrIctFJxNBmDHrqWe&co=aHR0cHM6Ly9kb25hdGlvbi5jb21pY3JlbGllZi5jb206NDQz&hl=de&v=gWN_U6xTIPevg0vuq7g1hct0&size=invisible&cb=o2b1gmuktbdz User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:38 GMT content-encoding gzip x-content-type-options nosniff server GSE cross-origin-embedder-policy require-corp x-frame-options SAMEORIGIN report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript; charset=UTF-8 cache-control private, max-age=300 content-security-policy frame-ancestors 'self' alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 111 x-xss-protection 1; mode=block expires Wed, 10 Aug 2022 12:25:38 GMT
GET H2	200	out-4.5.42.js Show response m.stripe.network/ Frame A901	86 KB 16 KB	9ms 8ms	Script text/javascript	2600:9000:223e:1c00:19:7d10:bd80:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.network/out-4.5.42.js Requested by Host: m.stripe.network URL: https://m.stripe.network/inner.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223e:1c00:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Cloudfront / Resource Hash f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://m.stripe.network/inner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Thu, 17 Mar 2022 19:03:12 GMT server Cloudfront age 108 date Wed, 10 Aug 2022 12:23:52 GMT vary Accept-Encoding x-cache Hit from cloudfront content-type text/javascript; charset=utf-8 via 1.1 eeb2f3ca588ea4437f4b97ed276a6664.cloudfront.net (CloudFront) cache-control max-age=300, public x-amz-cf-pop FRA56-P4 x-amz-cf-id E2CtWO3HhmhSVzsyUC60ivzPQSltOPcx21DkyCN4Gw9jZVjB7UPN6g== etag W/"21df7244385e5c0bdf32da01d0dad6c0"
GET H/1.1	200 OK	cm a.rfihub.com/ Frame 010B Redirect Chain https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEzMzMyOTUyMjAxNDUwNjI1NA==&forward= https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEEpGs4qyVXq94gwE7-AhMoU&google_cver=1	42 B 1000 B	57ms 15ms	Image image/gif	193.0.160.128 ROCKETFUEL
General Check archive.org Show headers Download Go to Show image Full URL https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEEpGs4qyVXq94gwE7-AhMoU&google_cver=1 Protocol HTTP/1.1 Server 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US), Reverse DNS Software Jetty(9.3.29.v20201019) / Resource Hash 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 12:25:39 GMT Cache-Control no-cache Server Jetty(9.3.29.v20201019) Content-Type image/gif Content-Length 42 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Redirect headers pragma no-cache date Wed, 10 Aug 2022 12:25:38 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEEpGs4qyVXq94gwE7-AhMoU&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 311 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	bounce ib.adnxs.com/ Frame 010B Redirect Chain https://ib.adnxs.com/setuid?entity=18&code=5133329522014506254 https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5133329522014506254	43 B 1 KB	15ms 14ms	Image image/gif	37.252.173.27 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5133329522014506254 Protocol HTTP/1.1 Server 37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.21.3 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Pragma no-cache Date Wed, 10 Aug 2022 12:25:38 GMT X-Proxy-Origin 81.95.5.42; 81.95.5.42; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com AN-X-Request-Uuid 133bf2cf-1f73-404f-9de7-c406b3ada764 Server nginx/1.21.3 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin * Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type image/gif Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers Pragma no-cache Date Wed, 10 Aug 2022 12:25:38 GMT X-Proxy-Origin 81.95.5.42; 81.95.5.42; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com AN-X-Request-Uuid cc6341f5-1d81-4729-b8d9-e642de9cc3b5 Server nginx/1.21.3 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5133329522014506254 Cache-Control no-store, no-cache, private Connection keep-alive Content-Type text/html; charset=utf-8 Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	204 No Content	tap.php pixel.rubiconproject.com/ Frame 010B	0 239 B	75ms 19ms	Image image/gif	69.173.144.139 RUBICONPROJECT
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5133329522014506254& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Pragma no-cache Expires 0 Cache-Control no-cache,no-store,must-revalidate P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" X-RPHost 37b22a0c36bd84993dd2cda4a5e04b1d Content-Type image/gif
GET H/1.1	200 OK	demconf.jpg dpm.demdex.net/ Frame 010B Redirect Chain https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5133329522014506254&redir= https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5133329522014506254&redir=	42 B 942 B	42ms 34ms	Image image/gif	52.19.46.209 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5133329522014506254&redir= Protocol HTTP/1.1 Server 52.19.46.209 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-19-46-209.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v038-0f28ca000.edge-irl1.demdex.com 3 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID rFi5Emv8RkE= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers DCS dcs-prod-irl1-1-v038-0fcb34435.edge-irl1.demdex.com 0 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains X-TID foJzzYrcSeg= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Location https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5133329522014506254&redir= Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 0 Expires Thu, 01 Jan 1970 00:00:00 UTC
GET H/1.1	200 OK	match ps.eyeota.net/ Frame 010B Redirect Chain https://p.rfihub.com/cm?pub=24472&in=1 https://ps.eyeota.net/match?uid=5133329522014506254&bid=omt9pi0	0 344 B	47ms 8ms	Image text/plain	18.184.216.10 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ps.eyeota.net/match?uid=5133329522014506254&bid=omt9pi0 Protocol HTTP/1.1 Server 18.184.216.10 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-184-216-10.eu-central-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 12:25:39 GMT Content-Length 0 P3P CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml" Redirect headers Location https://ps.eyeota.net/match?uid=5133329522014506254&bid=omt9pi0 Date Wed, 10 Aug 2022 12:25:38 GMT Server Jetty(9.3.29.v20201019) Content-Length 0 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
GET H2	200	cksync.php contextual.media.net/ Frame 010B	45 B 616 B	97ms 67ms	Image image/gif	2.18.235.93 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=5133329522014506254 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-235-93.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000 server Apache date Wed, 10 Aug 2022 12:25:38 GMT p3p CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA cache-control max-age=0, no-cache, no-store content-type image/gif content-length 45 x-mnet-hl2 E expires Wed, 10 Aug 2022 12:25:38 GMT
GET H2	200	serving bs.serving-sys.com/ Frame 010B	0 104 B	174ms 9ms	Image text/plain	3.69.41.135 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.69.41.135 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-69-41-135.eu-central-1.compute.amazonaws.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET content-length 0 p3p CP="NOI DEVa OUR BUS UNI"
GET H3	451	501709.gif idsync.rlcdn.com/ Frame 010B Redirect Chain https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5133329522014506254&referrer=https%3A%2F%2Flink.email.comicrelief.com%2F https://p.rfihub.com/cm?pub=39342&in=0&userid=ac29bc8a-1ff3-4116-8476-d75393dbf3a5%3A1660134339.0339112&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Dac29bc8a-1ff3-4116-8476-d75393d... https://idsync.rlcdn.com/501709.gif?partner_uid=ac29bc8a-1ff3-4116-8476-d75393dbf3a5%3A1660134339.0339112	0 9 B	16ms 16ms	Image text/plain	35.244.174.68 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://idsync.rlcdn.com/501709.gif?partner_uid=ac29bc8a-1ff3-4116-8476-d75393dbf3a5%3A1660134339.0339112 Protocol H3 Server 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT via 1.1 google alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 Redirect headers Location https://idsync.rlcdn.com/501709.gif?partner_uid=ac29bc8a-1ff3-4116-8476-d75393dbf3a5%3A1660134339.0339112 Date Wed, 10 Aug 2022 12:25:39 GMT Server Jetty(9.3.29.v20201019) Content-Length 0 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
GET H2	200	/ bpi.rtactivate.com/tag/ Frame 010B	43 B 109 B	400ms 113ms	Image image/gif	52.73.93.37 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://bpi.rtactivate.com/tag/?id=11017&user_id=5133329522014506254 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.73.93.37 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-73-93-37.compute-1.amazonaws.com Software awselb/2.0 / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT server awselb/2.0 content-length 43 content-type image/gif
GET H3	200	rum dsum-sec.casalemedia.com/ Frame 010B Redirect Chain https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5133329522014506254&forward= https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5133329522014506254&forward=&C=1	43 B 942 B	59ms 46ms	Image image/gif	104.18.18.126 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5133329522014506254&forward=&C=1 Protocol H3 Server 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers cf-ray 7388b72299176949-FRA pragma no-cache date Wed, 10 Aug 2022 12:25:39 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jAHAk9EYh9u0bmFBlhTA5q6vI6JZZWsoS8B6EAyKvGr0YjJBP7RKccgYDKQzK5NO7%2FkjfdSCrQf5IScfxVkgjA6p4yHDXySB6AhioT2bTGrLwEzAP1gidPEaSbM6DFeA8tPK0Cvyd29kiQ%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" cache-control no-cache content-type image/gif alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Wed, 10 Aug 2022 12:25:38 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WlARUZmANjF3uAGw7Yl4fVN3qmOUlFBkFrOWD9RayKL44QFrvsteT1Btyg4Ls%2BW%2B3C1dnZAzj3rvRAqse4FkzaW3vO0SKPRvPq%2Fl10des%2B0%2Bv9nqSTNeTYWXjZvuRh5pIKOJSV8T1dMYBA%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" location /rum?cm_dsp_id=57&external_user_id=5133329522014506254&forward=&C=1 cache-control no-cache cf-ray 7388b7221b9e5c56-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 0 expires 0
GET H2	451	360947.gif idsync.rlcdn.com/ Frame 010B	0 98 B	48ms 17ms	Image text/plain	35.244.174.68 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://idsync.rlcdn.com/360947.gif?partner_uid=5133329522014506254 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:38 GMT via 1.1 google alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0
GET H2	200	rocketfuel_sync x.dlx.addthis.com/e/ Frame 010B	43 B 191 B	328ms 211ms	Image image/gif	104.96.159.57 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://x.dlx.addthis.com/e/rocketfuel_sync?na_exid=5133329522014506254 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.96.159.57 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-96-159-57.deploy.static.akamaitechnologies.com Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=2628000 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:39 GMT cache-control max-age=0, no-cache, no-store expires Wed, 10 Aug 2022 12:25:39 GMT content-length 43 strict-transport-security max-age=2628000 content-type image/gif
GET H/1.1	200	partner sync.search.spotxchange.com/ Frame 010B Redirect Chain https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5133329522014506254&img=1 https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5133329522014506254&img=1&__user_check__=1&sync_id=8b3153c4-18a7-11ed-94a0-1d37f49c0306	43 B 548 B	15ms 15ms	Image image/gif	185.94.180.126 SPOTX-AMS
General Check archive.org Show headers Download Go to Show image Full URL https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5133329522014506254&img=1&__user_check__=1&sync_id=8b3153c4-18a7-11ed-94a0-1d37f49c0306 Protocol HTTP/1.1 Server 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US), Reverse DNS Software nginx / Resource Hash e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 12:25:39 GMT Server nginx Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type image/gif Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Access-Control-Allow-Credentials false X-fe 38 Connection keep-alive Content-Length 43 Redirect headers Date Wed, 10 Aug 2022 12:25:39 GMT Server nginx Location /partner?adv_id=7180&uid=5133329522014506254&img=1&__user_check__=1&sync_id=8b3153c4-18a7-11ed-94a0-1d37f49c0306 Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type text/plain Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Access-Control-Allow-Credentials false X-fe 14 Connection keep-alive Content-Length 0
GET H2	200	sync partners.tremorhub.com/ Frame 010B	43 B 183 B	293ms 91ms	Image image/gif	2600:1f18:612b:4232:6e00:7b23:6545:3513 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://partners.tremorhub.com/sync?UIRF=5133329522014506254&r=cA3C_ldWPI_X Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:1f18:612b:4232:6e00:7b23:6545:3513 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software Apache-Coyote/1.1 / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT server Apache-Coyote/1.1 p3p CP='This is not a P3P policy. See https://telaria.com/privacy-policy/' content-type image/gif
GET H2	200	g.pixel aa.agkn.com/adscores/ Frame 010B	43 B 377 B	85ms 8ms	Image image/gif	3.64.108.197 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=5133329522014506254 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.64.108.197 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-64-108-197.eu-central-1.compute.amazonaws.com Software AAWebServer / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:39 GMT server AAWebServer access-control-allow-methods GET, POST, OPTIONS p3p policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID" access-control-allow-origin * cache-control no-cache, no-store, must-revalidate content-type image/gif access-control-allow-headers accept, cache-control, origin, x-requested-with, x-file-name, content-type content-length 43 expires 0
GET H2	204	usermatch.gif beacon.krxd.net/ Frame 010B	0 337 B	87ms 28ms	Image text/plain	52.48.55.168 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=5133329522014506254 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.48.55.168 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-48-55-168.eu-west-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT cache-control private, no-cache, no-store x-request-time D=31 t=1660134339 x-served-by beacon-n007-dub-prod.krxd.net p3p policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
GET H/1.1	200 OK	sync x.bidswitch.net/ul_cb/ Frame 010B Redirect Chain https://x.bidswitch.net/sync?dsp_id=119&user_id=5133329522014506254&expires=30 https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5133329522014506254&expires=30	43 B 495 B	13ms 13ms	Image image/gif	3.73.7.113 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5133329522014506254&expires=30 Protocol HTTP/1.1 Server 3.73.7.113 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-73-7-113.eu-central-1.compute.amazonaws.com Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 12:25:39 GMT Cache-Control no-cache, no-store, must-revalidate Connection keep-alive Content-Length 43 Content-Type image/gif Redirect headers Location https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5133329522014506254&expires=30 Date Wed, 10 Aug 2022 12:25:39 GMT Cache-Control no-cache, no-store, must-revalidate Connection keep-alive Content-Length 0
GET H/1.1	200 OK	cm p.rfihub.com/ Frame 010B Redirect Chain https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=YvOjwwAFZdJ1WABC https://p.rfihub.com/cm?in=1&pub=21653&userid=YvOjwwAFZdJ1WABC&_test=YvOjwwAFZdJ1WABC	42 B 1 KB	37ms 20ms	Image image/gif	193.0.160.128 ROCKETFUEL
General Check archive.org Show headers Download Go to Show image Full URL https://p.rfihub.com/cm?in=1&pub=21653&userid=YvOjwwAFZdJ1WABC&_test=YvOjwwAFZdJ1WABC Protocol HTTP/1.1 Server 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US), Reverse DNS Software Jetty(9.3.29.v20201019) / Resource Hash 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292 Request headers accept-language de-DE,de;q=0.9 Referer https://20830204p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 12:25:39 GMT Cache-Control no-cache Server Jetty(9.3.29.v20201019) Content-Type image/gif Content-Length 42 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Redirect headers pragma no-cache date Wed, 10 Aug 2022 12:25:39 GMT via 1.1 varnish server Varnish x-timer S1660134339.165328,VS0,VE0 x-served-by cache-hhn4043-HHN x-cache HIT location https://p.rfihub.com/cm?in=1&pub=21653&userid=YvOjwwAFZdJ1WABC&_test=YvOjwwAFZdJ1WABC cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
POST H3	404	cspreport pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame 7140	2 KB 2 KB	39ms 39ms	Other text/html	2a00:1450:4010:c0a::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport Requested by Host: link.email.comicrelief.com URL: https://link.email.comicrelief.com/u/nrd.php?p=f7ZPzJSnn6_581342_2601306_1_5&ems_l=3660619&i=1&d=MjU0NDA0MDYx%7CZjdaUHpKU25uNg%3D%3D%7CNWQ1MGU3NzYxYmMyYjM0NTE%3D%7Cc3IyMl9mdW5kcmFpc2luZ2dlbmVyYWxfZG9uYXRlX25hX25hX25hX3VrX25hX19fbWFya2V0aW5nX2NyMDAwMTE3MQ%3D%3D%7C&_esuh=_11_8da804a5ff713838ed569b8b849ac80f17996adfcf3600fd9f10dbe5466634da Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4010:c0a::5c Lappeenranta, Finland, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101 Request headers Referer https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fdonation.comicrelief.com&mid= accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type application/csp-report Response headers date Wed, 10 Aug 2022 12:25:38 GMT referrer-policy no-referrer alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1608 content-type text/html; charset=UTF-8
GET H2	200	/ www.facebook.com/tr/	44 B 297 B	46ms 13ms	Image image/gif	2a03:2880:f107:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=445034839357835&ev=PageView&dl=https%3A%2F%2Fdonation.comicrelief.com%2F%3FcartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26sc_lid%3D254404061%26sc_uid%3Df7ZPzJSnn6%26sc_llid%3D581342%26sc_eh%3D5d50e7761bc2b3451%26utm_source%3Dcr_list%26utm_medium%3Demail%26utm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171&rl=https%3A%2F%2Flink.email.comicrelief.com%2F&if=false&ts=1660134338965&sw=1600&sh=1200&v=2.9.73&r=stable&ec=0&o=30&fbp=fb.1.1660134338964.370772817&it=1660134338600&coo=false&rqm=GET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 44 expires Wed, 10 Aug 2022 12:25:39 GMT
GET H2	200	/ www.facebook.com/tr/	44 B 101 B	46ms 14ms	Image image/gif	2a03:2880:f107:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=401459893772573&ev=PageView&dl=https%3A%2F%2Fdonation.comicrelief.com%2F%3FcartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26sc_lid%3D254404061%26sc_uid%3Df7ZPzJSnn6%26sc_llid%3D581342%26sc_eh%3D5d50e7761bc2b3451%26utm_source%3Dcr_list%26utm_medium%3Demail%26utm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171&rl=https%3A%2F%2Flink.email.comicrelief.com%2F&if=false&ts=1660134338967&sw=1600&sh=1200&v=2.9.73&r=stable&ec=0&o=30&fbp=fb.1.1660134338964.370772817&it=1660134338600&coo=false&rqm=GET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 44 expires Wed, 10 Aug 2022 12:25:39 GMT
GET H3	200	m=_b,_tp,_r Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfri... Frame 7140	153 KB 54 KB	9ms 8ms	Script text/javascript	2a00:1450:4001:812::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r Requested by Host: pay.google.com URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fdonation.comicrelief.com&mid= Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1e65367c921bdd2bc9fec73a0837f771710baace85a96e2c91c569be67339da1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Tue, 09 Aug 2022 16:31:08 GMT content-encoding gzip x-content-type-options nosniff age 71670 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 54888 x-xss-protection 0 last-modified Tue, 09 Aug 2022 05:40:29 GMT server sffe cross-origin-opener-policy same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes expires Wed, 09 Aug 2023 16:31:08 GMT
POST H2	200	6 Show response m.stripe.com/ Frame A901	156 B 523 B	551ms 188ms	XHR application/json	52.43.93.136 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.stripe.com/6 Requested by Host: m.stripe.network URL: https://m.stripe.network/out-4.5.42.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.43.93.136 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-43-93-136.us-west-2.compute.amazonaws.com Software nginx / Resource Hash d8261576b1bc5d7c5a3cc68f4336a86cf48f0990675e14e3650b595b978820e0 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://m.stripe.network/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Wed, 10 Aug 2022 12:25:39 GMT x-content-type-options nosniff server nginx strict-transport-security max-age=31556926; includeSubDomains; preload content-type application/json;charset=utf-8 access-control-allow-origin https://m.stripe.network access-control-allow-credentials true access-control-allow-headers Content-Type content-length 156
GET H/1.1	200 OK	match ps.eyeota.net/ Frame 6093 Redirect Chain https://p.rfihub.com/cm?pub=24472&in=1 https://ps.eyeota.net/match?uid=5124322322763458621&bid=omt9pi0	0 344 B	8ms 8ms	Image text/plain	18.184.216.10 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ps.eyeota.net/match?uid=5124322322763458621&bid=omt9pi0 Protocol HTTP/1.1 Server 18.184.216.10 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-184-216-10.eu-central-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 12:25:39 GMT Content-Length 0 P3P CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml" Redirect headers Location https://ps.eyeota.net/match?uid=5124322322763458621&bid=omt9pi0 Date Wed, 10 Aug 2022 12:25:39 GMT Server Jetty(9.3.29.v20201019) Content-Length 0 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
GET H2	200	serving bs.serving-sys.com/ Frame 6093	0 105 B	44ms 8ms	Image text/plain	3.69.41.135 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D Requested by Host: 20830202p.rfihub.com URL: https://20830202p.rfihub.com/ca.html?ver=9&rb=43619&ca=20830202&_o=43619&_t=20830202&pe=https%3A%2F%2Fdonation.comicrelief.com%2F%3FcartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26sc_lid%3D254404061%26sc_uid%3Df7ZPzJSnn6%26sc_llid%3D581342%26sc_eh%3D5d50e7761bc2b3451%26utm_source%3Dcr_list%26utm_medium%3Demail%26utm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171&pf=https%3A%2F%2Flink.email.comicrelief.com%2F&ra=7184243905510792 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.69.41.135 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-69-41-135.eu-central-1.compute.amazonaws.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET content-length 0 p3p CP="NOI DEVa OUR BUS UNI"
GET H/1.1	200 OK	cm p.rfihub.com/ Frame 6093 Redirect Chain https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=YvOjwwAFZZR1PABC https://p.rfihub.com/cm?in=1&pub=21653&userid=YvOjwwAFZZR1PABC&_test=YvOjwwAFZZR1PABC	42 B 1 KB	22ms 14ms	Image image/gif	193.0.160.128 ROCKETFUEL
General Check archive.org Show headers Download Go to Show image Full URL https://p.rfihub.com/cm?in=1&pub=21653&userid=YvOjwwAFZZR1PABC&_test=YvOjwwAFZZR1PABC Protocol HTTP/1.1 Server 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US), Reverse DNS Software Jetty(9.3.29.v20201019) / Resource Hash 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 12:25:39 GMT Cache-Control no-cache Server Jetty(9.3.29.v20201019) Content-Type image/gif Content-Length 42 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Redirect headers pragma no-cache date Wed, 10 Aug 2022 12:25:39 GMT via 1.1 varnish server Varnish x-timer S1660134339.159247,VS0,VE0 x-served-by cache-hhn4043-HHN x-cache HIT location https://p.rfihub.com/cm?in=1&pub=21653&userid=YvOjwwAFZZR1PABC&_test=YvOjwwAFZZR1PABC cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H/1.1	200 OK	cm a.rfihub.com/ Frame 6093 Redirect Chain https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEyNDMyMjMyMjc2MzQ1ODYyMQ==&forward= https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEEpGs4qyVXq94gwE7-AhMoU&google_cver=1	42 B 1001 B	17ms 17ms	Image image/gif	193.0.160.128 ROCKETFUEL
General Check archive.org Show headers Download Go to Show image Full URL https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEEpGs4qyVXq94gwE7-AhMoU&google_cver=1 Protocol HTTP/1.1 Server 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US), Reverse DNS Software Jetty(9.3.29.v20201019) / Resource Hash 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 12:25:39 GMT Cache-Control no-cache Server Jetty(9.3.29.v20201019) Content-Type image/gif Content-Length 42 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Redirect headers pragma no-cache date Wed, 10 Aug 2022 12:25:39 GMT server HTTP server (unknown) p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" location https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEEpGs4qyVXq94gwE7-AhMoU&google_cver=1 cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-type text/html; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 311 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	setuid ib.adnxs.com/ Frame 6093	43 B 1000 B	12ms 8ms	Image image/gif	37.252.173.27 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/setuid?entity=18&code=5124322322763458621 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.21.3 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Pragma no-cache Date Wed, 10 Aug 2022 12:25:39 GMT X-Proxy-Origin 81.95.5.42; 81.95.5.42; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com AN-X-Request-Uuid 016f4b95-b9c9-4bbb-aa79-62d1ad85f52d Server nginx/1.21.3 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Cache-Control no-store, no-cache, private Connection keep-alive Content-Type image/gif Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	204 No Content	tap.php pixel.rubiconproject.com/ Frame 6093	0 239 B	16ms 12ms	Image image/gif	69.173.144.139 RUBICONPROJECT
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5124322322763458621& Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Pragma no-cache Expires 0 Cache-Control no-cache,no-store,must-revalidate P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" X-RPHost 37b22a0c36bd84993dd2cda4a5e04b1d Content-Type image/gif
GET H/1.1	200 OK	demconf.jpg dpm.demdex.net/ Frame 6093 Redirect Chain https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5124322322763458621&redir= https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5124322322763458621&redir=	42 B 942 B	34ms 34ms	Image image/gif	52.19.46.209 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5124322322763458621&redir= Protocol HTTP/1.1 Server 52.19.46.209 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-19-46-209.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v038-00ca3cced.edge-irl1.demdex.com 2 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID qXUT4k1xSJA= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers DCS dcs-prod-irl1-2-v038-052e54df5.edge-irl1.demdex.com 0 ms Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains X-TID 2BjHRN+UQ54= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Location https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5124322322763458621&redir= Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Length 0 Expires Thu, 01 Jan 1970 00:00:00 UTC
GET H2	200	cksync.php contextual.media.net/ Frame 6093	45 B 453 B	50ms 45ms	Image image/gif	2.18.235.93 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=5124322322763458621 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-18-235-93.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000 server Apache date Wed, 10 Aug 2022 12:25:39 GMT p3p CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA cache-control max-age=0, no-cache, no-store content-type image/gif content-length 45 x-mnet-hl2 E expires Wed, 10 Aug 2022 12:25:39 GMT
GET H3	451	501709.gif idsync.rlcdn.com/ Frame 6093 Redirect Chain https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5124322322763458621&referrer=https%3A%2F%2Flink.email.comicrelief.com%2F https://p.rfihub.com/cm?pub=39342&in=0&userid=db638055-d82b-4626-b0c2-c012a28d2e68%3A1660134339.076486&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Ddb638055-d82b-4626-b0c2-c012a28d... https://idsync.rlcdn.com/501709.gif?partner_uid=db638055-d82b-4626-b0c2-c012a28d2e68%3A1660134339.076486	0 9 B	15ms 15ms	Image text/plain	35.244.174.68 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://idsync.rlcdn.com/501709.gif?partner_uid=db638055-d82b-4626-b0c2-c012a28d2e68%3A1660134339.076486 Protocol H3 Server 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT via 1.1 google alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 Redirect headers Location https://idsync.rlcdn.com/501709.gif?partner_uid=db638055-d82b-4626-b0c2-c012a28d2e68%3A1660134339.076486 Date Wed, 10 Aug 2022 12:25:39 GMT Server Jetty(9.3.29.v20201019) Content-Length 0 P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
GET H2	200	/ bpi.rtactivate.com/tag/ Frame 6093	43 B 108 B	274ms 118ms	Image image/gif	52.73.93.37 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://bpi.rtactivate.com/tag/?id=11017&user_id=5124322322763458621 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.73.93.37 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-73-93-37.compute-1.amazonaws.com Software awselb/2.0 / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT server awselb/2.0 content-length 43 content-type image/gif
GET H3	200	rum dsum-sec.casalemedia.com/ Frame 6093	43 B 908 B	50ms 47ms	Image image/gif	104.18.18.126 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5124322322763458621&forward= Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers cf-ray 7388b722c96a6949-FRA pragma no-cache date Wed, 10 Aug 2022 12:25:39 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BICb%2FbhrbKvbhb7ozq5qbioAKA8bw9yOeDn0h8gN7eU9EN1ChjpIurnUro10HKcEQW0wSTlGubrVy9cNl5%2B%2BlZO5drGguL2jAvMB0uoTNyiT8gifca0y99uq%2FXR3MQSbg73goCXf1FMsJg%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" cache-control no-cache content-type image/gif alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 43 expires 0
GET H3	451	360947.gif idsync.rlcdn.com/ Frame 6093	0 9 B	37ms 17ms	Image text/plain	35.244.174.68 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://idsync.rlcdn.com/360947.gif?partner_uid=5124322322763458621 Protocol H3 Security QUIC, , AES_128_GCM Server 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT via 1.1 google alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0
GET H2	200	rocketfuel_sync x.dlx.addthis.com/e/ Frame 6093	43 B 191 B	285ms 202ms	Image image/gif	104.96.159.57 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://x.dlx.addthis.com/e/rocketfuel_sync?na_exid=5124322322763458621 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.96.159.57 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-96-159-57.deploy.static.akamaitechnologies.com Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=2628000 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:39 GMT cache-control max-age=0, no-cache, no-store expires Wed, 10 Aug 2022 12:25:39 GMT content-length 43 strict-transport-security max-age=2628000 content-type image/gif
GET H/1.1	200	partner sync.search.spotxchange.com/ Frame 6093 Redirect Chain https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5124322322763458621&img=1 https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5124322322763458621&img=1&__user_check__=1&sync_id=8b318845-18a7-11ed-8471-10b91cd50406	43 B 548 B	15ms 15ms	Image image/gif	185.94.180.126 SPOTX-AMS
General Check archive.org Show headers Download Go to Show image Full URL https://sync.search.spotxchange.com/partner?adv_id=7180&uid=5124322322763458621&img=1&__user_check__=1&sync_id=8b318845-18a7-11ed-8471-10b91cd50406 Protocol HTTP/1.1 Server 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US), Reverse DNS Software nginx / Resource Hash e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 12:25:39 GMT Server nginx Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type image/gif Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Access-Control-Allow-Credentials false X-fe 91 Connection keep-alive Content-Length 43 Redirect headers Date Wed, 10 Aug 2022 12:25:39 GMT Server nginx Location /partner?adv_id=7180&uid=5124322322763458621&img=1&__user_check__=1&sync_id=8b318845-18a7-11ed-8471-10b91cd50406 Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type text/plain Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Access-Control-Allow-Credentials false X-fe 144 Connection keep-alive Content-Length 0
GET H2	200	sync partners.tremorhub.com/ Frame 6093	43 B 182 B	284ms 91ms	Image image/gif	2600:1f18:612b:4232:6e00:7b23:6545:3513 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://partners.tremorhub.com/sync?UIRF=5124322322763458621&r=Sg-6KF3qyyOy Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2600:1f18:612b:4232:6e00:7b23:6545:3513 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS Software Apache-Coyote/1.1 / Resource Hash a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT server Apache-Coyote/1.1 p3p CP='This is not a P3P policy. See https://telaria.com/privacy-policy/' content-type image/gif
GET H2	200	g.pixel aa.agkn.com/adscores/ Frame 6093	43 B 376 B	90ms 10ms	Image image/gif	3.64.108.197 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=5124322322763458621 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.64.108.197 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-64-108-197.eu-central-1.compute.amazonaws.com Software AAWebServer / Resource Hash 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:39 GMT server AAWebServer access-control-allow-methods GET, POST, OPTIONS p3p policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID" access-control-allow-origin * cache-control no-cache, no-store, must-revalidate content-type image/gif access-control-allow-headers accept, cache-control, origin, x-requested-with, x-file-name, content-type content-length 43 expires 0
GET H2	204	usermatch.gif beacon.krxd.net/ Frame 6093	0 338 B	95ms 28ms	Image text/plain	52.48.55.168 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=5124322322763458621 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.48.55.168 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-48-55-168.eu-west-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT cache-control private, no-cache, no-store x-request-time D=34 t=1660134339 x-served-by beacon-n013-dub-prod.krxd.net p3p policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
GET H/1.1	200 OK	sync x.bidswitch.net/ul_cb/ Frame 6093 Redirect Chain https://x.bidswitch.net/sync?dsp_id=119&user_id=5124322322763458621&expires=30 https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5124322322763458621&expires=30	43 B 495 B	13ms 13ms	Image image/gif	3.73.7.113 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5124322322763458621&expires=30 Protocol HTTP/1.1 Server 3.73.7.113 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-73-7-113.eu-central-1.compute.amazonaws.com Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Request headers accept-language de-DE,de;q=0.9 Referer https://20830202p.rfihub.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers Date Wed, 10 Aug 2022 12:25:39 GMT Cache-Control no-cache, no-store, must-revalidate Connection keep-alive Content-Length 43 Content-Type image/gif Redirect headers Location https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5124322322763458621&expires=30 Date Wed, 10 Aug 2022 12:25:39 GMT Cache-Control no-cache, no-store, must-revalidate Connection keep-alive Content-Length 0
GET H2	200	pptm.js Show response www.paypal.com/tagmanager/	13 KB 6 KB	12ms 11ms	Script application/x-javascript	151.101.65.21 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypal.com/tagmanager/pptm.js?id=donation.comicrelief.com&t=xo&v=5.0.327&source=payments_sdk&client_id=AW0p8XjG2e3Wo1CDYwYxPcqkt0gWGa0h7sfDCqOOV0-wiPREux-q6jkLfENceBjMujQBE_Bg3UB9FSX5&comp=buttons&vault=false Requested by Host: www.paypal.com URL: https://www.paypal.com/sdk/js?components=buttons&integration-date=2010-03-21&disable-funding=credit,card,sofort&currency=GBP&commit=true&client-id=AW0p8XjG2e3Wo1CDYwYxPcqkt0gWGa0h7sfDCqOOV0-wiPREux-q6jkLfENceBjMujQBE_Bg3UB9FSX5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.21 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash acaa3f81385e3a499aa61d10a920a9cad4eab4564458c0f81b5478ecf3344320 Security Headers Name Value Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-kKSg2Fc3dwKTYpeW+Vh8I2rI96JpUkFzndJXWX6XDz9qd5qT' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers content-security-policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-kKSg2Fc3dwKTYpeW+Vh8I2rI96JpUkFzndJXWX6XDz9qd5qT' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com; content-encoding gzip x-content-type-options nosniff age 15068 x-cache HIT paypal-debug-id f796454faf3d6 server-timing "traceparent;desc="00-0000000000000000000f796454faf3d6-72075c1e68fc005a-01"";content-encoding;desc="gzip",x-cdn;desc="fastly" dc ccg11-origin-www-1.paypal.com vary Accept-Encoding content-length 4766 x-xss-protection 1; mode=block x-served-by cache-hhn4076-HHN traceparent 00-0000000000000000000f796454faf3d6-0beb3a953d164e8e-01 x-timer S1660134339.021655,VS0,VE3 x-frame-options SAMEORIGIN date Wed, 10 Aug 2022 12:25:39 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-type application/x-javascript; charset=utf-8 via 1.1 varnish access-control-expose-headers Server-Timing cache-control public, max-age=3600 etag W/"3564-d3uainXUBFnhQCIPjjXBygGSezU" accept-ranges bytes x-cache-hits 1
GET H3	200	m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40... Frame 7140	77 KB 28 KB	9ms 8ms	Script text/javascript	2a00:1450:4001:812::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40dIAOFshM.L.B1.O/am=B4A/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrjTxczZTp0YlE3VT1NAJ06-MGXdrA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4568538c8bb3368c4b9fe611cc7dcec27e65452a4753becafbc3e0861f34abb1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Tue, 09 Aug 2022 16:31:10 GMT content-encoding gzip x-content-type-options nosniff age 71669 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28787 x-xss-protection 0 last-modified Sat, 30 Jul 2022 01:24:49 GMT server sffe cross-origin-opener-policy same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes expires Wed, 09 Aug 2023 16:31:10 GMT
GET H2	200	muse.js Show response www.paypalobjects.com/muse/	55 KB 17 KB	63ms 8ms	Script application/javascript	192.229.221.25 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/muse/muse.js Requested by Host: www.paypal.com URL: https://www.paypal.com/tagmanager/pptm.js?id=donation.comicrelief.com&t=xo&v=5.0.327&source=payments_sdk&client_id=AW0p8XjG2e3Wo1CDYwYxPcqkt0gWGa0h7sfDCqOOV0-wiPREux-q6jkLfENceBjMujQBE_Bg3UB9FSX5&comp=buttons&vault=false Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.25 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frd/E307) / Resource Hash 64b32d14f993564fe182a5690410f7d4aa2ace59934eac09d7dcf03a68ec7566 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT content-encoding gzip x-content-type-options nosniff x-cache HIT paypal-debug-id c6d561f803755 dc ccg11-origin-www-1.paypal.com vary Accept-Encoding content-length 16464 last-modified Tue, 03 May 2022 17:28:29 GMT server ECAcc (frd/E307) traceparent 00-0000000000000000000c6d561f803755-3d1524c03fdd7ae0-01 etag "6271663d-da91" strict-transport-security max-age=63072000; includeSubDomains; preload content-type application/javascript cache-control s-maxage=31536000, public,max-age=3600 accept-ranges bytes timing-allow-origin https://www.paypal.com,https://www.sandbox.paypal.com expires Wed, 10 Aug 2022 13:25:39 GMT
GET H2	200	ts t.paypal.com/	42 B 745 B	240ms 186ms	Image image/gif	192.229.221.25 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3AWH2YVJ4GCA3KW-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3AWH2YVJ4GCA3KW-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=544bab1d-e01d-4791-9976-26c8c9744537&fltp=analytics&mrid=WH2YVJ4GCA3KW&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Donate%20%7C%20Comic%20Relief&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1660134339037&g=0&completeurl=https%3A%2F%2Fdonation.comicrelief.com%2F%3FcartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26sc_lid%3D254404061%26sc_uid%3Df7ZPzJSnn6%26sc_llid%3D581342%26sc_eh%3D5d50e7761bc2b3451%26utm_source%3Dcr_list%26utm_medium%3Demail%26utm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171&ru=https%3A%2F%2Flink.email.comicrelief.com%2F Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.25 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8EA4) / Resource Hash 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:39 GMT content-type image/gif server ECAcc (frc/8EA4) traceparent 00-00000000000000000002436adffc4aa1-386cdfdac5a75e13-01 strict-transport-security max-age=63072000; includeSubDomains; preload p3p policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM" paypal-debug-id 2436adffc4aa1 cache-control max-age=0, no-cache, no-store, must-revalidate server-timing content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=180 timing-allow-origin * content-length 42 expires Wed, 10 Aug 2022 12:25:39 GMT
GET H3	200	analytics.js Show response www.google-analytics.com/ Frame 7140	49 KB 20 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:813::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40dIAOFshM.L.B1.O/am=B4A/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrjTxczZTp0YlE3VT1NAJ06-MGXdrA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 13 Apr 2022 21:02:38 GMT server Golfe2 age 5019 date Wed, 10 Aug 2022 11:02:00 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Wed, 10 Aug 2022 13:02:00 GMT
GET H3	200	pay Show response pay.google.com/gp/p/ui/ Frame 7140	1 MB 352 KB	56ms 55ms	XHR text/html	2a00:1450:4010:c0a::5c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pay.google.com/gp/p/ui/pay Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4010:c0a::5c Lappeenranta, Finland, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash c8e5d7ccf949b8b7edae8e7127f5cc82e48b3fae11622f775f7b14100345fcb4 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-gS7XYkUxHVZecpRWfHSIdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-gS7XYkUxHVZecpRWfHSIdA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy same-site alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 x-ua-compatible IE=edge server ESF cross-origin-opener-policy unsafe-none; report-to="InstantbuyFrontendBuyflowPayUi" date Wed, 10 Aug 2022 12:25:39 GMT x-frame-options DENY report-to {"group":"InstantbuyFrontendBuyflowPayUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayUi/external"}]} content-type text/html; charset=utf-8 accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site cache-control private, max-age=3600 permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=* content-security-policy script-src 'report-sample' 'nonce-gS7XYkUxHVZecpRWfHSIdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-gS7XYkUxHVZecpRWfHSIdA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport expires Wed, 10 Aug 2022 12:25:39 GMT
POST H2	200	logger Show response www.paypal.com/xoplatform/logger/api/	1020 B 2 KB	180ms 179ms	XHR application/json	151.101.65.21 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypal.com/xoplatform/logger/api/logger Requested by Host: donation.comicrelief.com URL: https://donation.comicrelief.com/static/js/vendors.8323c9d5.chunk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.21 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 60cae29ef246de621746dcf6ae36bf174c55d17acecf1b34873e222212bb7708 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept application/json Referer https://donation.comicrelief.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 content-type application/json Response headers date Wed, 10 Aug 2022 12:25:39 GMT via 1.1 varnish x-content-type-options nosniff x-cache MISS paypal-debug-id f419402fab9c3 server-timing content-encoding;desc="",x-cdn;desc="fastly" dc ccg11-origin-www-1.paypal.com x-served-by cache-hhn4042-HHN traceparent 00-0000000000000000000f419402fab9c3-cd6088ffb5c4b78b-01 x-timer S1660134339.264488,VS0,VE172 etag W/W/"3fc-uGXGRwRsXDiIj6U6OxnOpEu1b6w" vary Accept-Encoding strict-transport-security max-age=63072000; includeSubDomains; preload content-type application/json; charset=utf-8 access-control-allow-origin https://donation.comicrelief.com content-encoding br cache-control max-age=0, no-cache, no-store, must-revalidate access-control-allow-credentials true accept-ranges none x-cache-hits 0
OPTIONS H2	200	logger www.paypal.com/xoplatform/logger/api/ Frame	0 0	195ms 180ms	Preflight	151.101.65.21 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypal.com/xoplatform/logger/api/logger Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.21 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://donation.comicrelief.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers accept-ranges bytes access-control-allow-credentials true access-control-allow-headers content-type access-control-allow-methods POST access-control-allow-origin https://donation.comicrelief.com cache-control max-age=0, no-cache, no-store, must-revalidate date Wed, 10 Aug 2022 12:25:39 GMT dc ccg11-origin-www-1.paypal.com paypal-debug-id f419402e71ea3 server-timing content-encoding;desc="",x-cdn;desc="fastly" strict-transport-security max-age=63072000; includeSubDomains; preload traceparent 00-0000000000000000000f419402e71ea3-0a0ac6c1b7a0057f-01 via 1.1 varnish x-cache MISS x-cache-hits 0 x-content-type-options nosniff x-served-by cache-hhn4042-HHN x-timer S1660134339.084202,VS0,VE173
GET H3	200	m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40... Frame 7140	18 KB 7 KB	8ms 8ms	Script text/javascript	2a00:1450:4001:812::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40dIAOFshM.L.B1.O/am=B4A/d=1/exm=Das5Le,IZT63,PrPYRd,Ru0Pgb,ZyYHPb,_b,_r,_tp,hc6Ubd,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrjTxczZTp0YlE3VT1NAJ06-MGXdrA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1d7f7eebdf3bf6532a38569d70a76df396dd8751cac0aaea58c54bfe9569e19d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Tue, 09 Aug 2022 16:31:12 GMT content-encoding gzip x-content-type-options nosniff age 71667 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 7487 x-xss-protection 0 last-modified Sat, 30 Jul 2022 01:24:49 GMT server sffe cross-origin-opener-policy same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes expires Wed, 09 Aug 2023 16:31:12 GMT
GET H3	200	m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Show response www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40... Frame 7140	37 KB 14 KB	9ms 8ms	Script text/javascript	2a00:1450:4001:812::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.W40dIAOFshM.L.B1.O/am=B4A/d=1/exm=Das5Le,FCpbqb,IZT63,PrPYRd,Ru0Pgb,WhJNk,Wt6vjf,ZyYHPb,_b,_r,_tp,hc6Ubd,hhhU8,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrjTxczZTp0YlE3VT1NAJ06-MGXdrA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:VDovNc;sP4Vbe:VwDzFe;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1a441c7ccaa6860be3bf2316f83b10305ee23678770a673999ff05cacf651d93 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://pay.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Tue, 09 Aug 2022 16:31:12 GMT content-encoding gzip x-content-type-options nosniff age 71667 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14138 x-xss-protection 0 last-modified Sat, 30 Jul 2022 01:24:49 GMT server sffe cross-origin-opener-policy same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers" vary Accept-Encoding, Origin report-to {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]} content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 accept-ranges bytes expires Wed, 09 Aug 2023 16:31:12 GMT
POST H3	200	log Show response play.google.com/ Frame 7140	131 B 155 B	34ms 18ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://pay.google.com/ X-Goog-AuthUser 0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Wed, 10 Aug 2022 12:25:39 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Wed, 10 Aug 2022 12:25:39 GMT
OPTIONS H2	200	log play.google.com/ Frame	0 0	40ms 14ms	Preflight text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers x-goog-authuser Access-Control-Request-Method POST Origin https://pay.google.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://pay.google.com access-control-max-age 86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control private content-length 0 content-type text/plain; charset=UTF-8 date Wed, 10 Aug 2022 12:25:39 GMT expires Wed, 10 Aug 2022 12:25:39 GMT p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." server Playlog x-frame-options SAMEORIGIN x-xss-protection 0
POST H3	200	log Show response play.google.com/ Frame 7140	131 B 155 B	34ms 19ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://pay.google.com/ X-Goog-AuthUser 0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Wed, 10 Aug 2022 12:25:39 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Wed, 10 Aug 2022 12:25:39 GMT
OPTIONS H2	200	log play.google.com/ Frame	0 0	36ms 15ms	Preflight text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers x-goog-authuser Access-Control-Request-Method POST Origin https://pay.google.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://pay.google.com access-control-max-age 86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control private content-length 0 content-type text/plain; charset=UTF-8 date Wed, 10 Aug 2022 12:25:39 GMT expires Wed, 10 Aug 2022 12:25:39 GMT p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." server Playlog x-frame-options SAMEORIGIN x-xss-protection 0
POST H3	200	log Show response play.google.com/ Frame 7140	131 B 155 B	35ms 19ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://pay.google.com/ X-Goog-AuthUser 0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Wed, 10 Aug 2022 12:25:39 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Wed, 10 Aug 2022 12:25:39 GMT
OPTIONS H2	200	log play.google.com/ Frame	0 0	30ms 15ms	Preflight text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true&authuser=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept */* Access-Control-Request-Headers x-goog-authuser Access-Control-Request-Method POST Origin https://pay.google.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers X-Playlog-Web,authorization,origin,x-goog-authuser access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://pay.google.com access-control-max-age 86400 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" cache-control private content-length 0 content-type text/plain; charset=UTF-8 date Wed, 10 Aug 2022 12:25:39 GMT expires Wed, 10 Aug 2022 12:25:39 GMT p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." server Playlog x-frame-options SAMEORIGIN x-xss-protection 0
POST H2	200	log Show response play.google.com/ Frame 7140	131 B 671 B	44ms 22ms	XHR text/plain	2a00:1450:4001:82a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://play.google.com/log?format=json&hasfast=true Requested by Host: www.gstatic.com URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.8dht_McelPw.es5.O/am=B4A/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfriSMdKkL6ekqHR5KeZuJDfjVS8d3w/m=_b,_tp,_r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Playlog / Resource Hash 502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://pay.google.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type application/x-www-form-urlencoded;charset=UTF-8 Response headers date Wed, 10 Aug 2022 12:25:39 GMT content-encoding gzip server Playlog access-control-allow-headers X-Playlog-Web x-frame-options SAMEORIGIN p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." access-control-allow-origin https://pay.google.com cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-type text/plain; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 131 x-xss-protection 0 expires Wed, 10 Aug 2022 12:25:39 GMT
GET H2	200	index.html Show response www.paypalobjects.com/muse/analytics/ Frame 8754	54 KB 17 KB	9ms 9ms	Document text/html	192.229.221.25 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://www.paypalobjects.com/muse/analytics/index.html Requested by Host: www.paypalobjects.com URL: https://www.paypalobjects.com/muse/muse.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.25 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frd/E288) / Resource Hash 8ae3400104c7b0db11e9fe317236e68a26afba6580192041e87038ceff4db638 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://donation.comicrelief.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes cache-control s-maxage=31536000, public,max-age=3600 content-encoding gzip content-length 16791 content-type text/html date Wed, 10 Aug 2022 12:25:39 GMT dc ccg11-origin-www-1.paypal.com etag "6271663d-d994" expires Wed, 10 Aug 2022 13:25:39 GMT last-modified Tue, 03 May 2022 17:28:29 GMT paypal-debug-id 497d4e12f3afa server ECAcc (frd/E288) strict-transport-security max-age=63072000; includeSubDomains; preload timing-allow-origin https://www.paypal.com,https://www.sandbox.paypal.com traceparent 00-0000000000000000000497d4e12f3afa-f34c6402d7cb5f05-01 vary Accept-Encoding x-cache HIT x-content-type-options nosniff
GET H2	200	ts t.paypal.com/	42 B 495 B	155ms 155ms	Image image/gif	192.229.221.25 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3AWH2YVJ4GCA3KW-1&page=muse%3Aoffer%3A%3A%3AWH2YVJ4GCA3KW-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=544bab1d-e01d-4791-9976-26c8c9744537&es=visitorInfoFlowStarted&mrid=WH2YVJ4GCA3KW&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Donate%20%7C%20Comic%20Relief&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1660134339146&g=0&completeurl=https%3A%2F%2Fdonation.comicrelief.com%2F%3FcartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26sc_lid%3D254404061%26sc_uid%3Df7ZPzJSnn6%26sc_llid%3D581342%26sc_eh%3D5d50e7761bc2b3451%26utm_source%3Dcr_list%26utm_medium%3Demail%26utm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.229.221.25 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8FDE) / Resource Hash 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers pragma no-cache date Wed, 10 Aug 2022 12:25:39 GMT content-type image/gif server ECAcc (frc/8FDE) traceparent 00-00000000000000000002ff09a5691f1c-64f0ee0b1707304b-01 strict-transport-security max-age=63072000; includeSubDomains; preload p3p policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM" paypal-debug-id 2ff09a5691f1c cache-control max-age=0, no-cache, no-store, must-revalidate server-timing content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=149 timing-allow-origin * content-length 42 expires Wed, 10 Aug 2022 12:25:39 GMT
POST H2	200	graphql Show response www.paypal.com/targeting/ Frame 8754	434 B 2 KB	248ms 247ms	Fetch application/json	151.101.65.21 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypal.com/targeting/graphql Requested by Host: www.paypalobjects.com URL: https://www.paypalobjects.com/muse/analytics/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.21 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash e3997786bed8870761f8b2df0e26cf0184dba0257929aee1dac16140ba26e55d Security Headers Name Value Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-5XrnSzXgG8u4JTnJyJoxFIC4B8h9jDeS+Is7FKD5CiPyjuwM' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.paypalobjects.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Content-Type application/json Response headers content-security-policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-5XrnSzXgG8u4JTnJyJoxFIC4B8h9jDeS+Is7FKD5CiPyjuwM' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; via 1.1 varnish vary Accept-Encoding x-cache MISS paypal-debug-id f419402d53b06 date Wed, 10 Aug 2022 12:25:39 GMT server-timing content-encoding;desc="",x-cdn;desc="fastly" dc ccg11-origin-www-1.paypal.com x-xss-protection 1; mode=block x-served-by cache-hhn4076-HHN traceparent 00-0000000000000000000f419402d53b06-7252037f10f89add-01 x-timer S1660134339.336736,VS0,VE240 x-frame-options SAMEORIGIN etag W/W/"1b2-o5NvIB1hRzjjjuYhVY2f91gvo3I" strict-transport-security max-age=63072000; includeSubDomains; preload content-type application/json; charset=utf-8 access-control-allow-origin https://www.paypalobjects.com content-encoding br access-control-expose-headers Paypal-Debug-Id cache-control max-age=0, no-cache, no-store, must-revalidate access-control-allow-credentials true accept-ranges none x-cache-hits 0
OPTIONS H2	204	graphql www.paypal.com/targeting/ Frame	0 0	178ms 178ms	Preflight	151.101.65.21 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.paypal.com/targeting/graphql Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.21 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.paypalobjects.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers accept-ranges bytes access-control-allow-credentials true access-control-allow-headers content-type access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin https://www.paypalobjects.com access-control-expose-headers Paypal-Debug-Id cache-control max-age=0, no-cache, no-store, must-revalidate date Wed, 10 Aug 2022 12:25:39 GMT dc ccg11-origin-www-1.paypal.com paypal-debug-id f4194020946e4 server-timing content-encoding;desc="",x-cdn;desc="fastly" strict-transport-security max-age=63072000; includeSubDomains; preload traceparent 00-0000000000000000000f4194020946e4-7c18594640aa2f41-01 via 1.1 varnish x-cache MISS x-cache-hits 0 x-served-by cache-hhn4042-HHN x-timer S1660134339.157341,VS0,VE171
GET H3	200	/ www.facebook.com/tr/	44 B 91 B	32ms 14ms	Image image/gif	2a03:2880:f107:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=445034839357835&ev=Microdata&dl=https%3A%2F%2Fdonation.comicrelief.com%2F%3FcartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26sc_lid%3D254404061%26sc_uid%3Df7ZPzJSnn6%26sc_llid%3D581342%26sc_eh%3D5d50e7761bc2b3451%26utm_source%3Dcr_list%26utm_medium%3Demail%26utm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171&rl=https%3A%2F%2Flink.email.comicrelief.com%2F&if=false&ts=1660134339472&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Donate%20%7C%20Comic%20Relief%22%2C%22meta%3Adescription%22%3A%22Donate%20to%20Comic%20Relief.%20The%20money%20you%20donate%20to%20Comic%20Relief%20will%20make%20a%20huge%20difference%20to%20people%20in%20the%20UK%20and%20across%20the%20world%27s%20poorest%20communities%22%2C%22meta%3Akeywords%22%3A%22Donate%2C%20Donate%20to%20Comic%20Relief%2C%20Make%20a%20donation%2C%20Comic%20Relief%20donate%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Donate%20%7C%20Comic%20Relief%22%2C%22og%3Aimage%22%3A%22%2Fimages%2Flogo%2Fcr_logo.svg%22%2C%22og%3Asite_name%22%3A%22Donate%20%7C%20Comic%20Relief%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fdonation.comicrelief.com%2F%22%2C%22og%3Adescription%22%3A%22Donate%20to%20Comic%20Relief.%20The%20money%20you%20donate%20to%20Comic%20Relief%20will%20make%20a%20huge%20difference%20to%20people%20in%20the%20UK%20and%20across%20the%20world%27s%20poorest%20communities%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.73&r=stable&ec=1&o=30&fbp=fb.1.1660134338964.370772817&it=1660134338600&coo=false&es=automatic&tm=3&rqm=GET Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 priority u=3,i expires Wed, 10 Aug 2022 12:25:39 GMT
GET H3	200	/ www.facebook.com/tr/	44 B 88 B	33ms 19ms	Image image/gif	2a03:2880:f107:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=401459893772573&ev=Microdata&dl=https%3A%2F%2Fdonation.comicrelief.com%2F%3FcartId%3Dfa-sportreliefa%26sc_src%3Demail_2601306%26sc_lid%3D254404061%26sc_uid%3Df7ZPzJSnn6%26sc_llid%3D581342%26sc_eh%3D5d50e7761bc2b3451%26utm_source%3Dcr_list%26utm_medium%3Demail%26utm_campaign%3Dsr22_fundraisinggeneral_donate_na_na_na_uk_na___marketing_cr0001171&rl=https%3A%2F%2Flink.email.comicrelief.com%2F&if=false&ts=1660134339477&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Donate%20%7C%20Comic%20Relief%22%2C%22meta%3Adescription%22%3A%22Donate%20to%20Comic%20Relief.%20The%20money%20you%20donate%20to%20Comic%20Relief%20will%20make%20a%20huge%20difference%20to%20people%20in%20the%20UK%20and%20across%20the%20world%27s%20poorest%20communities%22%2C%22meta%3Akeywords%22%3A%22Donate%2C%20Donate%20to%20Comic%20Relief%2C%20Make%20a%20donation%2C%20Comic%20Relief%20donate%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Donate%20%7C%20Comic%20Relief%22%2C%22og%3Aimage%22%3A%22%2Fimages%2Flogo%2Fcr_logo.svg%22%2C%22og%3Asite_name%22%3A%22Donate%20%7C%20Comic%20Relief%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fdonation.comicrelief.com%2F%22%2C%22og%3Adescription%22%3A%22Donate%20to%20Comic%20Relief.%20The%20money%20you%20donate%20to%20Comic%20Relief%20will%20make%20a%20huge%20difference%20to%20people%20in%20the%20UK%20and%20across%20the%20world%27s%20poorest%20communities%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.73&r=stable&ec=1&o=30&fbp=fb.1.1660134338964.370772817&it=1660134338600&coo=false&es=automatic&tm=3&rqm=GET Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f107:83:face:b00c:0:25de Vienna, Austria, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://donation.comicrelief.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36 Response headers date Wed, 10 Aug 2022 12:25:39 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 priority u=3,i expires Wed, 10 Aug 2022 12:25:39 GMT