www.cititelmidvalley.com Open in urlscan Pro
2606:4700::6811:b73a Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cititelmidvalley.com/
Submission: On November 21 via automatic, source certstream-suspicious (November 21st 2024, 5:06:26 am UTC) — Scanned from DE

Summary HTTP 62 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 15 IPs in 2 countries across 11 domains to perform 62 HTTP transactions. The main IP is 2606:4700::6811:b73a, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.cititelmidvalley.com.
TLS certificate: Issued by WE1 on November 21st 2024. Valid for: 3 months.

This is the only time www.cititelmidvalley.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 14	2606:4700::68... 2606:4700::6811:b73a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
10	2a02:26f0:350... 2a02:26f0:3500:3::b818:4d2f	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	2606:4700::68... 2606:4700::6811:ba3a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:e20... 2a02:26f0:e200::213:508b	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	2600:9000:223... 2600:9000:223f:be00:16:41f8:18c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	195.244.31.25 195.244.31.25	63140 (IGUANA-WO...) (IGUANA-WORLDWIDE)
2	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
62	15

14 2606:4700::6811:b73a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.cititelmidvalley.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:26f0:3500:3::b818:4d2f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

image-tc.galaxy.tf	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:ba3a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.galaxy.tf	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:e200::213:508b (Hamburg, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

tc.galaxy.tf	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:be00:16:41f8:18c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

api.tsa-db.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.244.31.25 (Newark, United States)

ASN63140 (IGUANA-WORLDWIDE, US)
PTR: xo7-viplb-01-new.ny.ig-1.net

dynamic.travelclick-websolutions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	galaxy.tf image-tc.galaxy.tf — Cisco Umbrella Rank: 94415 cdn.galaxy.tf — Cisco Umbrella Rank: 119011 tc.galaxy.tf — Cisco Umbrella Rank: 123577	598 KB
14	cititelmidvalley.com 1 redirects www.cititelmidvalley.com	602 KB
10	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	904 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36 region1.google-analytics.com — Cisco Umbrella Rank: 3353	22 KB
5	gstatic.com fonts.gstatic.com	104 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	3 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	215 B
2	travelclick-websolutions.com dynamic.travelclick-websolutions.com — Cisco Umbrella Rank: 166087	9 KB
2	tsa-db.com api.tsa-db.com — Cisco Umbrella Rank: 156779	1 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	74 KB
1	google.com www.google.com — Cisco Umbrella Rank: 3
62	11

	Domain	Requested by
14	www.cititelmidvalley.com	1 redirects www.cititelmidvalley.com
10	image-tc.galaxy.tf	www.cititelmidvalley.com
10	www.googletagmanager.com	www.cititelmidvalley.com www.googletagmanager.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.cititelmidvalley.com
5	fonts.gstatic.com	fonts.googleapis.com
4	fonts.googleapis.com	www.cititelmidvalley.com
2	region1.google-analytics.com	www.googletagmanager.com
2	www.facebook.com	www.cititelmidvalley.com
2	dynamic.travelclick-websolutions.com	www.cititelmidvalley.com
2	api.tsa-db.com	www.cititelmidvalley.com
2	tc.galaxy.tf	www.cititelmidvalley.com
2	connect.facebook.net	www.cititelmidvalley.com connect.facebook.net
2	cdn.galaxy.tf	www.cititelmidvalley.com
1	www.google.com	www.googletagmanager.com
62	14

This site contains links to these domains. Also see Links.

Domain
cookiesandyou.com
cititel-mid-valley.vouchercart.com
gc.synxis.com
be.synxis.com
document-tc.galaxy.tf
www.cititelpenang.com
www.cititelexpress-penang.com
www.cititelexpress-kk.com
www.cititelexpress-ipoh.com

Subject Issuer	Validity	Valid
www.cititelmidvalley.com WE1	`2024-11-21` - `2025-02-19`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
image-tc.galaxy.tf R11	`2024-09-29` - `2024-12-28`	3 months	crt.sh
cdn.galaxy.tf Cloudflare Inc ECC CA-3	`2024-03-06` - `2024-12-31`	10 months	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-08-30` - `2024-11-28`	3 months	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
tc.galaxy.tf R11	`2024-10-07` - `2025-01-05`	3 months	crt.sh
*.tsa-db.com Amazon RSA 2048 M03	`2024-01-29` - `2025-02-25`	a year	crt.sh
*.travelclick-websolutions.com Gandi RSA Domain Validation Secure Server CA 3	`2024-06-24` - `2025-07-08`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.cititelmidvalley.com/
Frame ID: 1A3FC6B29F45D3691F644883A8925FBD
Requests: 58 HTTP requests in this frame

Frame: https://www.cititelmidvalley.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js
Frame ID: B6789BEB099C0CD3BDCC388778E4F70B
Requests: 2 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Fwww.cititelmidvalley.com
Frame ID: 2D38AC15B16C049BD33C32ED19A9D5F8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cititel Mid Valley's Official Site | Best Hotels in Kuala Lumpur

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

Page Statistics

62
Requests

98 %
HTTPS

93 %
IPv6

11
Domains

14
Subdomains

15
IPs

2
Countries

2318 kB
Transfer

6589 kB
Size

11
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: http://cookiesandyou.com/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://cititel-mid-valley.vouchercart.com/
Title: Vouchers

Search URL Search Domain Scan URL

URL: https://gc.synxis.com/rez.aspx?Chain=22450&Hotel=78916&_ga=2.213468756.112194795.1568616934-1369095491.1568616934
Title: Book now opens in a new tab

Search URL Search Domain Scan URL

URL: https://be.synxis.com/?Hotel=78916
Title: Book now opens in a new tab

Search URL Search Domain Scan URL

URL: https://document-tc.galaxy.tf/wdpdf-bau4c9fubm5oni3kze6r5z1gf/home_cms-document.pdf
Title: Fact Sheet

Search URL Search Domain Scan URL

URL: https://www.cititelpenang.com/
Title: CITITEL PENANG

Search URL Search Domain Scan URL

URL: https://www.cititelexpress-penang.com/
Title: CITITEL EXPRESS

Search URL Search Domain Scan URL

URL: https://www.cititelexpress-kk.com/
Title: CITITEL EXPRESS*

Search URL Search Domain Scan URL

URL: https://www.cititelexpress-ipoh.com/
Title: CITITEL EXPRESS*

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://www.cititelmidvalley.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.cititelmidvalley.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js

62 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
www.cititelmidvalley.com/ 90 KB
19 KB 37ms
21ms Document
text/html 2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cititelmidvalley.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7e8a4d57f83becfc273a15d8b3ec1216b0075ae3e06b4438606948416c9673a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

age: 3012052
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=1200
cf-cache-status: HIT
cf-ray: 8e5e265d5f2adcb2-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 21 Nov 2024 05:06:20 GMT
expires: Thu, 21 Nov 2024 05:26:20 GMT
last-modified: Thu, 17 Oct 2024 02:26:38 GMT
priority: u=0,i
referrer-policy: no-referrer-when-downgrade
server: cloudflare
server-timing: cfExtPri
speculation-rules: "/cdn-cgi/speculation"
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
via: 1.1 ab6a84dec80a9cf174a125243a0b7be2.cloudfront.net (CloudFront)
x-amz-cf-id: QnLX-f9SIMy6M5r4XGzj6RxtEBP3I50QNL3HbKvCUxbkOh0GiIk78A==
x-amz-cf-pop: HEL51-P2
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H3 200 speculation
www.cititelmidvalley.com/cdn-cgi/ 128 B
354 B 14ms
14ms Other
application/speculationrules+json 2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cititelmidvalley.com/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.cititelmidvalley.com
Referer: https://www.cititelmidvalley.com/

Response headers

speculation-rules: "/cdn-cgi/speculation"
cf-ray: 8e5e265d9f7cdcb2-FRA
access-control-allow-origin: https://www.cititelmidvalley.com
alt-svc: h3=":443"; ma=86400
content-length: 128
server-timing: cfExtPri
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare
priority: u=4,i

GET
H2 200 css
fonts.googleapis.com/ 1 KB
537 B 45ms
17ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Prata:400,400i,700,700i&display=swap&subset=latin,latin-ext

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2c072d451dc2211abd3f0aa1a97f13f82116cab75640f3f972151f02de59ce27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 21 Nov 2024 05:06:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 21 Nov 2024 05:06:20 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ 3 KB
584 B 44ms
17ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i&display=swap&subset=latin,latin-ext

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

638e0a9696a1287622b2881fce4aa2450101d9f7e29cb7811fb4c737a4e7e8e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 21 Nov 2024 05:06:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 21 Nov 2024 05:05:53 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 47ms
19ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,400i,700,700i&display=swap&subset=latin,latin-ext

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

afb59214ba30577a4fb8b82fb4f290c799fcc694371621cef74f8af010e73746

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 21 Nov 2024 05:06:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 21 Nov 2024 05:06:20 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 main.css
www.cititelmidvalley.com/css/custom/2025/1/main/69c259f5230b55397534e2b3a8b39a94/ 813 KB
107 KB 20ms
20ms Stylesheet
text/css 2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cititelmidvalley.com/css/custom/2025/1/main/69c259f5230b55397534e2b3a8b39a94/main.css

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01eadf02da4d0ab6c46d8921d02aa45159c4c1550f23692c7201585883b83319

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"07dd6bfc092df8def071394eefd4724c"
age: 21422
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 05:06:20 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: UjyDaqpgCOINBpQ7V-hm5L8Tk7-deX5HFr6eBEqQ-nDTzCVi8NYNhA==
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: text/css
last-modified: Thu, 17 Oct 2024 02:26:50 GMT
vary: Accept-Encoding
priority: u=0,i=?0
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
server-timing: cfExtPri
cache-control: public, max-age=31536000
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: no-referrer-when-downgrade
via: 1.1 35686e9cce1b4694613c74235081ac14.cloudfront.net (CloudFront)
cf-ray: 8e5e265dbfb0dcb2-FRA
x-xss-protection: 1; mode=block
x-amz-cf-pop: SOF50-P2
server: cloudflare

GET
H2 200 css
fonts.googleapis.com/ 8 KB
695 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&display=swap

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6b78976e0a15138b3b1bde71abfa5bbb603eff6bdf1fc4d4eaffaeeaab0abc26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 21 Nov 2024 05:06:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 21 Nov 2024 04:15:02 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 363 KB
116 KB 129ms
44ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-59FDRRN

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c726c5d35e6bcc2d73c0bb65f32bb0f9c9b4b5e460526ef26056841583ec337d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 21 Nov 2024 05:06:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 119128
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 306 KB
94 KB 106ms
24ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TL2MM4B

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fc115a86e287390c6df2c3e4bfa64b6a0dc6afa92349e1302cc2431ce8b6f74b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 21 Nov 2024 05:06:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 95094
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 324 KB
108 KB 117ms
35ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MZXRBGF

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3126e06923cca9d2e53a0c64b569dd17e190e1844ca13e495f6e36113cc5356e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 21 Nov 2024 05:06:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 110300
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 svg-icons.svg
www.cititelmidvalley.com/integration/tc-theme/public/svg/ 82 KB
23 KB 20ms
20ms Image
image/svg+xml 2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cititelmidvalley.com/integration/tc-theme/public/svg/svg-icons.svg

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebfd0494493275cc3cfa7d640f1be08115243660b0cbdee028a946f080ab14cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"dbd70a64474c73523169afc49022b267"
age: 3012607
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 05:06:20 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 2Mr7_71FpuXAwYyaXftZqBUNRqDw0slUS3nxKDLo2uKgXDGIuLYroA==
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: image/svg+xml
last-modified: Thu, 19 Sep 2024 01:50:37 GMT
vary: Accept-Encoding
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
server-timing: cfExtPri
cache-control: public, max-age=31536000
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: no-referrer-when-downgrade
via: 1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
cf-ray: 8e5e265e489ddcb2-FRA
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA50-C1
server: cloudflare

GET
H3 200 cookieconsent.min.js Show response
www.cititelmidvalley.com/integration/tc-theme/public/vendor/ 19 KB
7 KB 20ms
20ms Script
application/javascript 2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cititelmidvalley.com/integration/tc-theme/public/vendor/cookieconsent.min.js

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"f2bc0804920974cdb94feca2936b668c"
age: 489935
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 05:06:20 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: iONqs_mo1UcmBhhhkcvC3WYAGlgWP3QJzTcOP7dIwmseMVICBHHNoQ==
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: application/javascript
last-modified: Fri, 02 Dec 2022 03:41:26 GMT
vary: Accept-Encoding
priority: u=3,i=?0
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
server-timing: cfExtPri
cache-control: public, max-age=31536000
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: no-referrer-when-downgrade
via: 1.1 05f3f10124c24e16ce708020c976c78a.cloudfront.net (CloudFront)
cf-ray: 8e5e265e489fdcb2-FRA
x-xss-protection: 1; mode=block
x-amz-cf-pop: AMS58-P2
server: cloudflare

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif

GET
H2 200 superior-double-2_standard.jpg
image-tc.galaxy.tf/wijpeg-46h4e0ccctsrsfutk8xnfet65/ 23 KB
23 KB 119ms
33ms Image
image/jpeg 2a02:26f0:3500:3::b818:4d2f
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wijpeg-46h4e0ccctsrsfutk8xnfet65/superior-double-2_standard.jpg?rotate=0&crop=0%2C0%2C800%2C600&width=600

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:3::b818:4d2f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Wizard@Edge /

Resource Hash

c90926026b6de4adb3f86648bff6b6e9588306774e9704393bfaee5e53d162c0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

etag: "2f2bc823e1e90ba5df802c62f9eedf5a"
x-amz-version-id: 1Pan5uobv4tfuLr0ZkSmw2n5egzY76Zo
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD, OPTIONS
x-amz-cf-id: Tu-bBh_msKSVbO23G8R6CYrgDBOMoyLyCrTbiLfnoVRNv3ApbsOsVg==
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: image/jpeg
last-modified: Thu, 13 Jan 2022 04:01:44 GMT
x-frame-options: DENY
x-galaxy-optimize: 1
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-replication-status: REPLICA
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
cache-control: public, max-age=31184062
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23280
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA56-P9
server: Wizard@Edge
x-amz-server-side-encryption: AES256

GET
H2 200 deluxe-double_standard.jpg
image-tc.galaxy.tf/wijpeg-9vbbiwci6p9975d6eqn4ulmmy/ 40 KB
41 KB 125ms
39ms Image
image/jpeg 2a02:26f0:3500:3::b818:4d2f
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wijpeg-9vbbiwci6p9975d6eqn4ulmmy/deluxe-double_standard.jpg?rotate=0&crop=0%2C0%2C800%2C600&width=600

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:3::b818:4d2f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Wizard@Edge /

Resource Hash

1e142682e22d63013277f3ca0f5cd72fc5ec76e5cd92aa6777924ba6728c12e3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

etag: "227d39b46e59ea9f7ff05a4cc0d4dd69"
x-amz-version-id: 0XLm8uQd8aRlXSM3ImToPTWe2I0yrJca
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD, OPTIONS
x-amz-cf-id: JqAmlgaav3CbavUW81fUvAgedmhWd_VlU_QN5Dmagp0O0PDL8VnVug==
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: image/jpeg
last-modified: Thu, 13 Jan 2022 04:01:44 GMT
x-frame-options: DENY
x-galaxy-optimize: 1
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-replication-status: REPLICA
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
cache-control: public, max-age=31184098
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
access-control-allow-origin: *
content-length: 41293
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA56-P9
server: Wizard@Edge
x-amz-server-side-encryption: AES256

GET
H2 200 kr_standard.png
image-tc.galaxy.tf/wipng-bebfl6tbgbhbrk452jf6muwof/ 29 KB
30 KB 596ms
510ms Image
image/webp 2a02:26f0:3500:3::b818:4d2f
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wipng-bebfl6tbgbhbrk452jf6muwof/kr_standard.png?crop=0%2C0%2C1000%2C750&width=600

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:3::b818:4d2f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Wizard@Edge /

Resource Hash

e57a9a7601c029b48849767d3f195bac5014472b43fd229074b5fdd5194027ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

etag: "40d84cb0168fc70190d3b1a93bebeae7"
x-amz-version-id: jCS8xUEZin5DTIuHJCS4VLufF2yPd.dE
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD, OPTIONS
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
x-amz-cf-id: R23NQqYUV9KpZH3f_2mcRFGYmi5E3OcVw_rE8vJRpqGbmmyjc5ZfLQ==
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: image/webp
last-modified: Thu, 01 Aug 2024 01:08:49 GMT
x-frame-options: DENY
x-galaxy-optimize: 1
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
cache-control: public, max-age=31535993
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30034
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA56-C1
server: Wizard@Edge
x-amz-server-side-encryption: AES256

GET
H2 200 1571728670_5daead1ece4e6-thumb.png
cdn.galaxy.tf/uploads/3s/cms_image/001/571/728/ 16 KB
17 KB 101ms
22ms Image
image/webp 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.galaxy.tf/uploads/3s/cms_image/001/571/728/1571728670_5daead1ece4e6-thumb.png
Requested by: Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 660d951e110d504a03f98ce3a68bf012d664e4ee7f587edaabc292926d92cd81

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

cf-bgj: imgq:85,h2pri
etag: "84ac-5957a96e4b4f7"
age: 3108319
cf-cache-status: HIT
expires: Fri, 21 Nov 2025 05:06:20 GMT
cf-polished: origFmt=png, origSize=33964
alt-svc: h3=":443"; ma=86400
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: image/webp
content-disposition: inline; filename="1571728670_5daead1ece4e6-thumb.webp"
vary: Accept
last-modified: Tue, 22 Oct 2019 07:17:13 GMT
cache-control: public, max-age=31536000
speculation-rules: "/cdn-cgi/speculation"
cf-ray: 8e5e265edfa5dc9e-FRA
accept-ranges: bytes
content-length: 16816
server: cloudflare

GET
H3 200 galaxy-helpers.js Show response
www.cititelmidvalley.com/frontend/galaxy-helpers/public/ 58 KB
21 KB 24ms
24ms Script
application/javascript 2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cititelmidvalley.com/frontend/galaxy-helpers/public/galaxy-helpers.js?v=l-161557ae-c570-4937-a830-a8ad59a92eb2

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0deeac40ee53899291070a45e4c900277d2358ece0fdb020d4b221be87691f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"844662330996d07258be745a6bb96203"
age: 3012608
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 05:06:20 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: B94vmfeWR_lFrKQLYlUdriZ230-ZDTDYDTPOteFilu7JAFH-xl-waA==
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 01:50:45 GMT
vary: Accept-Encoding
priority: u=1,i=?0
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
server-timing: cfExtPri
cache-control: public, max-age=31536000
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: no-referrer-when-downgrade
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cf-ray: 8e5e265e58a6dcb2-FRA
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA50-C1
server: cloudflare

GET
H3 200 S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 53ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.cititelmidvalley.com
Referer: https://fonts.googleapis.com/

Response headers

age: 48322
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 20 Nov 2025 15:40:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 15:40:58 GMT
last-modified: Tue, 02 May 2023 15:08:26 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23236
x-xss-protection: 0
server: sffe

GET
H3 200 6xKhdSpbNNCT-sWPCm4.woff2
fonts.gstatic.com/s/prata/v20/ 19 KB
19 KB 68ms
22ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/prata/v20/6xKhdSpbNNCT-sWPCm4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Prata:400,400i,700,700i&display=swap&subset=latin,latin-ext

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f78bb4fead90ea6966383155118b67afbc0bdb0f870f4918944de11227d583e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.cititelmidvalley.com
Referer: https://fonts.googleapis.com/

Response headers

age: 48009
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 20 Nov 2025 15:46:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 15:46:11 GMT
last-modified: Thu, 24 Aug 2023 20:58:34 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19196
x-xss-protection: 0
server: sffe

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 66ms
20ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i&display=swap&subset=latin,latin-ext

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.cititelmidvalley.com
Referer: https://fonts.googleapis.com/

Response headers

age: 49326
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 20 Nov 2025 15:24:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 15:24:14 GMT
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23580
x-xss-protection: 0
server: sffe

GET
H3 200 S6u_w4BMUTPHjxsI9w2_Gwft.woff2
fonts.gstatic.com/s/lato/v24/ 17 KB
17 KB 72ms
27ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u_w4BMUTPHjxsI9w2_Gwft.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a961366b4346f6078cc2f164d2c019f63b37e2693f6fc93a995048a98b25c083

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.cititelmidvalley.com
Referer: https://fonts.googleapis.com/

Response headers

age: 101897
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 20 Nov 2025 00:48:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 00:48:03 GMT
last-modified: Tue, 02 May 2023 15:08:28 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 17728
x-xss-protection: 0
server: sffe

GET
H3 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 55ms
10ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,400i,700,700i&display=swap&subset=latin,latin-ext

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.cititelmidvalley.com
Referer: https://fonts.googleapis.com/

Response headers

age: 52008
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 20 Nov 2025 14:39:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 14:39:32 GMT
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23040
x-xss-protection: 0
server: sffe

GET
H3 200 bundle.js Show response
www.cititelmidvalley.com/integration/tc-theme/public/js/ 1 MB
408 KB 28ms
27ms Script
application/javascript 2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cititelmidvalley.com/integration/tc-theme/public/js/bundle.js?va4fe286fcaa96bee8aca6af687b56d90

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

561dc6588384c0f99df69195964f164bfc4d58573f2eaeff5c96801044769d62

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"1882913a75083f4e40beee09d86f23ca"
age: 3012608
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 05:06:20 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: jWrLq_MOsSu91XBzE0-2HDCDXE0aZjRrlzLjVMrghF3MPgI06W6PNg==
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 02:26:41 GMT
vary: Accept-Encoding
priority: u=1,i=?0
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
server-timing: cfExtPri
cache-control: public, max-age=31536000
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: no-referrer-when-downgrade
via: 1.1 b44e2902bb3501d47514e51618f1bda4.cloudfront.net (CloudFront)
cf-ray: 8e5e265ef996dcb2-FRA
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA50-C1
server: cloudflare

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 58ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZXRBGF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
age: 1495
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Thu, 21 Nov 2024 06:41:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 04:41:25 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 281 KB
97 KB 28ms
26ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-821442152&l=dataLayer&cx=c&gtm=45He4bk0v810964027za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZXRBGF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8aa46c880b43a6e1e1a84db63b393ef429637e3343c607dfc8d00074f20dc020

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Thu, 21 Nov 2024 05:06:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 99451
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 228 KB
82 KB 29ms
28ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-5420923

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZXRBGF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

17aedace7afe7acaef80c95013876afd8a8b2827780b7c0ca93d587fd56849e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 05:06:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 83699
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 36ms
9ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-srvOSgVp' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-srvOSgVp' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4456, tp=9, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: MQVTDO0pbOqR2xmSkC6rSLvFPKuHqjAz2rZ5wdtUaqgYjVhTTYRU4K5H22F2nj/zJZanyFRvHAIQIScT/4LuIA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62107
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H3 200 2471-f18ab49b3a59aae4a06f.js Show response
www.cititelmidvalley.com/integration/tc-theme/public/js/chunk/ 5 KB
3 KB 18ms
17ms Script
application/javascript 2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cititelmidvalley.com/integration/tc-theme/public/js/chunk/2471-f18ab49b3a59aae4a06f.js

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/integration/tc-theme/public/js/bundle.js?va4fe286fcaa96bee8aca6af687b56d90

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c510954a0d8959f49cd869166c391a0b133ce83dfa747faad43f6f55d4d03c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"a8a66580c87e67ee43c62f1f22b96cf9"
age: 3012608
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 05:06:20 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: e-frFD254yohpwZTGRffGQkP-iup4hfs3LVuPLXa9dlunJtli_5QHw==
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 02:26:44 GMT
vary: Accept-Encoding
priority: u=3,i=?0
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
server-timing: cfExtPri
cache-control: public, max-age=31536000
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: no-referrer-when-downgrade
via: 1.1 a1098f0eeab192209962e3a9d76d0338.cloudfront.net (CloudFront)
cf-ray: 8e5e26605bb6dcb2-FRA
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA50-C1
server: cloudflare

GET
H3 200 svg-icons.svg Show response
www.cititelmidvalley.com/integration/tc-theme/public/svg/ 82 KB
0 0ms
0ms XHR
image/svg+xml 2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cititelmidvalley.com/integration/tc-theme/public/svg/svg-icons.svg

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/integration/tc-theme/public/js/bundle.js?va4fe286fcaa96bee8aca6af687b56d90

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebfd0494493275cc3cfa7d640f1be08115243660b0cbdee028a946f080ab14cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"dbd70a64474c73523169afc49022b267"
age: 3012607
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 05:06:20 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 2Mr7_71FpuXAwYyaXftZqBUNRqDw0slUS3nxKDLo2uKgXDGIuLYroA==
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: image/svg+xml
last-modified: Thu, 19 Sep 2024 01:50:37 GMT
vary: Accept-Encoding
priority: u=3,i
x-frame-options: DENY
server-timing: cfExtPri
cache-control: public, max-age=31536000
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: no-referrer-when-downgrade
via: 1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
cf-ray: 8e5e265e489ddcb2-FRA
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA50-C1
server: cloudflare

GET
H3 200 638516299930245 Show response
connect.facebook.net/signals/config/ 68 KB
13 KB 118ms
118ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/638516299930245?v=2.9.176&r=stable&domain=www.cititelmidvalley.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4a5981a69e205f38fcb55e3577c9ca03c45b10cd56cafe1af6f112e4c67eed06

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-j9F8Qqaf' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-j9F8Qqaf' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=71, mss=1232, tbw=70908, tp=67, tpl=0, uplat=110, ullat=0
pragma: public
x-fb-debug: VBdBahNavLjBySTUZ8RUIaXaS3Hn/nZtpOp46fFSiiLMIYelvY8+CHCSg82OQNkRhwl6BSGZaDY+AM3TsqErng==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
365 B 15ms
15ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=36771743&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cititelmidvalley.com%2F&ul=de-de&de=UTF-8&dt=Cititel%20Mid%20Valley%27s%20Official%20Site%20%7C%20Best%20Hotels%20in%20Kuala%20Lumpur&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACEABBAAAACAAI~&jid=470006399&gjid=2100842181&cid=1646867635.1732165581&tid=UA-12601563-4&_gid=800623456.1732165581&_r=1&_slc=1&gtm=45He4bk0n81MZXRBGFv810964027za200&cd1=78916&cd2=Cititel%20Mid%20Valley&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&npa=1&z=1825619349

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.cititelmidvalley.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:20 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.cititelmidvalley.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
71 B 15ms
15ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=36771743&t=pageview&cu=UPDATE%20WITH%20THE%20VENDOR%20VARIABLE&_s=1&dl=https%3A%2F%2Fwww.cititelmidvalley.com%2F&dp=%2F&ul=de-de&de=UTF-8&dt=Cititel%20Mid%20Valley%27s%20Official%20Site%20%7C%20Best%20Hotels%20in%20Kuala%20Lumpur&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDACEABBAAAACAAI~&jid=695325867&gjid=562262882&cid=1646867635.1732165581&tid=UA-122458240-1&_gid=800623456.1732165581&_r=1&_slc=1&gtm=45He4bk0n81MZXRBGFv810964027za200&cd1=no_data&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&npa=1&z=718731678

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.cititelmidvalley.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:20 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.cititelmidvalley.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
71 B 14ms
14ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=36771743&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cititelmidvalley.com%2F&dp=%2F&ul=de-de&de=UTF-8&dt=Cititel%20Mid%20Valley%27s%20Official%20Site%20%7C%20Best%20Hotels%20in%20Kuala%20Lumpur&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDACEABBAAAACAAI~&jid=267656801&gjid=1857255008&cid=1646867635.1732165581&tid=UA-12601563-2&_gid=800623456.1732165581&_r=1&_slc=1&gtm=45He4bk0n81MZXRBGFv810964027za200&cd1=no_data&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&npa=1&z=1042941723

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.cititelmidvalley.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:20 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.cititelmidvalley.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

GET
H2 200 collect
www.google-analytics.com/ 35 B
407 B 6ms
6ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=36771743&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cititelmidvalley.com%2F&ul=de-de&de=UTF-8&dt=Cititel%20Mid%20Valley%27s%20Official%20Site%20%7C%20Best%20Hotels%20in%20Kuala%20Lumpur&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDACEABBAAAACAAI~&jid=&gjid=&cid=1646867635.1732165581&tid=UA-12601563-4&_gid=800623456.1732165581&gtm=45He4bk0n8159FDRRNv812088526za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&cd14=Customer%20Type&cd16=Page%20Type&cd17=https%3A%2F%2Fwww.cititelmidvalley.com%2F&npa=1&z=1160213840

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

age: 48289
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 20 Nov 2024 15:41:31 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

POST
H3 200 collect
www.google.com/ccm/ 0
0 34ms
15ms Ping
text/plain 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.cititelmidvalley.com%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1278577885.1732165581&auid=605012610.1732165581&npa=1&gtm=45fe4bk0v9189058780za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&tft=1732165580998&tfd=640&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-5420923
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 281 KB
97 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-926151693

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZXRBGF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ba8e78e567b2a77ab74108a2a71e47904148b57134842ae1f49842981f12a59a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 05:06:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 21 Nov 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 99388
x-xss-protection: 0
server: Google Tag Manager

GET
H3

200

main.js Show response
www.cititelmidvalley.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/ Frame B678
Redirect Chain

https://www.cititelmidvalley.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.cititelmidvalley.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?

8 KB
4 KB

14ms
13ms

Script
application/javascript

2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cititelmidvalley.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Server

2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9ce7e787de2b09df47e1b9e743440a4a0ec90fc1ea23c8410d1191191499e88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding: br
speculation-rules: "/cdn-cgi/speculation"
x-content-type-options: nosniff
cf-ray: 8e5e26621e3cdcb2-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
priority: u=3,i=?0

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?
speculation-rules: "/cdn-cgi/speculation"
cf-ray: 8e5e26614d00dcb2-FRA
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
server-timing: cfExtPri
date: Thu, 21 Nov 2024 05:06:21 GMT
vary: Accept-Encoding
server: cloudflare
priority: u=3,i=?0

OPTIONS
H2 200 info
tc.galaxy.tf/tc/entity/v1/hotel/78916/ Frame 0
0 160ms
71ms Preflight 2a02:26f0:e200::213:508b
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://tc.galaxy.tf/tc/entity/v1/hotel/78916/info

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:e200::213:508b Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Accept: */*
Access-Control-Request-Headers: x-galaxy-key
Access-Control-Request-Method: GET
Origin: https://www.cititelmidvalley.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Galaxy-Key
access-control-allow-origin: https://www.cititelmidvalley.com
access-control-max-age: 600
apigw-requestid: BlLoIjiYFiAEM9Q=
cache-control: max-age=0, no-cache, no-store
content-length: 0
date: Thu, 21 Nov 2024 05:06:21 GMT
expires: Thu, 21 Nov 2024 05:06:21 GMT
pragma: no-cache
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload

OPTIONS
H2 200 78916
api.tsa-db.com/v1/data/hotelID/ Frame 0
0 37ms
10ms Preflight
application/json 2600:9000:223f:be00:16:41f8:18c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.tsa-db.com/v1/data/hotelID/78916
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:be00:16:41f8:18c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.cititelmidvalley.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: *
access-control-max-age: 86400
age: 12008
cache-control: max-age=86400, s-maxage=86400, proxy-revalidate
content-length: 0
content-type: application/json
date: Thu, 21 Nov 2024 01:46:13 GMT
via: 1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront)
x-amz-apigw-id: BkuT6EJ-DoEEsOA=
x-amz-cf-id: o22hXfdh__56ktJzEZfrevZy8tqP7KnOTVLpXKb7RNxDrBvXND5nQw==
x-amz-cf-pop: FRA56-P5
x-amzn-requestid: e5139fbf-eecb-4c64-a557-33aa8e6cf7eb
x-cache: Hit from cloudfront

POST
H/1.1 200
OK 2025 Show response
dynamic.travelclick-websolutions.com/list/ 18 KB
4 KB 605ms
332ms XHR
application/json 195.244.31.25
IGUANA-WORLDWIDE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.travelclick-websolutions.com/list/2025

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/integration/tc-theme/public/js/bundle.js?va4fe286fcaa96bee8aca6af687b56d90

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

195.244.31.25 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),

Reverse DNS

xo7-viplb-01-new.ny.ig-1.net

Software

Apache /

Resource Hash

26f594e5d2b454a39e994e008ac1b34323c65cb06808a69c52f9eb307f184f4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cititelmidvalley.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-request-id: ec68672a
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS
expires: Thu, 19 Nov 1981 08:52:00 GMT
server-timing: 1-bootstrap;dur=3.0231, 2-routing;dur=9.6540, b-time-l-sql;dur=19.83, b-time-unit;dur=96.26, b-time-partial;dur=0, b-time;dur=235.5010509491, d-mem-cur;desc="d-mem-cur: 58.08 MB", d-req-unit;desc="d-req-unit: 2 call - 4 cached", d-req-partial;desc="d-req-partial: 0", d-req-l-sql;desc="d-req-l-sql: 14", g-sql-all-time;dur=39.04, g-sql-all-req;desc="g-sql-all-req: 43"
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: application/json
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate
x-real-hostname: xo7-web-03
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: *
content-length: 2939
x-xss-protection: 1; mode=block
server: Apache

GET
H3 200 initPersonalization.bundle.js Show response
www.cititelmidvalley.com/frontend/galaxy-helpers/public/ 21 KB
8 KB 19ms
19ms Script
application/javascript 2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cititelmidvalley.com/frontend/galaxy-helpers/public/initPersonalization.bundle.js?ver=930953d708ebe2fb3083

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/frontend/galaxy-helpers/public/galaxy-helpers.js?v=l-161557ae-c570-4937-a830-a8ad59a92eb2

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66422c10150bbbf5d79f3a90635fc2259f4bea25ff591b3a7a7d2078204ff7b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"382da22be91ccc57570772a7f0033576"
age: 489935
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 05:06:21 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: yy7Z4pBWyan2vYH0HwIbBgGBN0cP08ouNE4opUPr9B65a-AwvJlw2A==
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: application/javascript
last-modified: Thu, 19 Sep 2024 01:50:45 GMT
vary: Accept-Encoding
priority: u=3,i=?0
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
server-timing: cfExtPri
cache-control: public, max-age=31536000
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: no-referrer-when-downgrade
via: 1.1 bab8148a65b29113f79cf2725076287c.cloudfront.net (CloudFront)
cf-ray: 8e5e2661ad9cdcb2-FRA
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA50-C1
server: cloudflare

GET
H2 200 cititel-mid-valley-logo-hires.png
image-tc.galaxy.tf/wipng-7jydriwk9gh359s0q7wi3yeut/ 16 KB
17 KB 30ms
27ms Image
image/webp 2a02:26f0:3500:3::b818:4d2f
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wipng-7jydriwk9gh359s0q7wi3yeut/cititel-mid-valley-logo-hires.png?width=500

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:3::b818:4d2f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Wizard@Edge /

Resource Hash

2262f0a371b574523b2b1bc93968b7744a5d3572fe2c08ac7b0b62f1f8ec8d97

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

etag: "7d9a449b22b5a142a4e15a039b1f9ca4"
x-amz-version-id: Wdk2E2P845KOVj0Uhv7OWS.Hm0BCdnkB
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD, OPTIONS
x-amz-cf-id: Y_GQvGTrd_WZFl2fPc8fEzqLL4E5z5Ws1dhdJwQyMgGk78oAqEiMAg==
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: image/webp
last-modified: Wed, 26 Jun 2024 09:51:47 GMT
x-frame-options: DENY
x-galaxy-optimize: 1
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
cache-control: public, max-age=31184110
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16494
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA56-P9
server: Wizard@Edge
x-amz-server-side-encryption: AES256

GET
H2 200 cititel-mid-valley-logo-hires-white.png
image-tc.galaxy.tf/wipng-78e8a2j7yvcjnm2ojts0ak3zn/ 14 KB
14 KB 53ms
50ms Image
image/webp 2a02:26f0:3500:3::b818:4d2f
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wipng-78e8a2j7yvcjnm2ojts0ak3zn/cititel-mid-valley-logo-hires-white.png?width=500

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:3::b818:4d2f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Wizard@Edge /

Resource Hash

050b86ff82c9199341c8f4b69ac77124338fb3cca489d0e7d1e274ce417ffc60

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

etag: "3510d49e85b09065a90944ec05e47602"
x-amz-version-id: BOFrPzq4.PzHLI.jyRS..dZq.OCYYbII
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD, OPTIONS
x-amz-cf-id: bSbI2fZqdObGf0JKzP7CkP98Hm8OwAurgYTAooPi7B8e5DjW0o16GQ==
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: image/webp
last-modified: Wed, 26 Jun 2024 09:51:47 GMT
x-frame-options: DENY
x-galaxy-optimize: 1
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
cache-control: public, max-age=31023030
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
access-control-allow-origin: *
content-length: 13936
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA56-P9
server: Wizard@Edge
x-amz-server-side-encryption: AES256

GET
H2 200 superior-twin-2.jpg
image-tc.galaxy.tf/wijpeg-dg1kkf45dl8suduuud4hjmdkc/ 53 KB
54 KB 81ms
76ms Image
image/jpeg 2a02:26f0:3500:3::b818:4d2f
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wijpeg-dg1kkf45dl8suduuud4hjmdkc/superior-twin-2.jpg?width=1920

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:3::b818:4d2f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Wizard@Edge /

Resource Hash

5146a0f06c3c0816131eb1241380f9111e4435ef7b78a78e467d80f323c8a07c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

etag: "60eebd1b2da5d1a8a2fa1a54c64fbe8e"
x-amz-version-id: tSDoBPCVpnmax7S00xt16Dihoe0PZeCK
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD, OPTIONS
x-amz-cf-id: g1Y7KtGw83ai0jIFd6Z888K2Yuc3OA1QH78HVj-eqianTR7zSlS83g==
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: image/jpeg
last-modified: Thu, 13 Jan 2022 04:01:49 GMT
x-frame-options: DENY
x-galaxy-optimize: 1
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-replication-status: REPLICA
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
cache-control: public, max-age=30833102
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
access-control-allow-origin: *
content-length: 54343
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA56-P9
server: Wizard@Edge
x-amz-server-side-encryption: AES256

GET
H2 200 kr_standard.png
image-tc.galaxy.tf/wipng-bebfl6tbgbhbrk452jf6muwof/ 29 KB
0 55ms
55ms Image
image/webp 2a02:26f0:3500:3::b818:4d2f
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wipng-bebfl6tbgbhbrk452jf6muwof/kr_standard.png?crop=0%2C0%2C1000%2C750&width=600

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:3::b818:4d2f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Wizard@Edge /

Resource Hash

e57a9a7601c029b48849767d3f195bac5014472b43fd229074b5fdd5194027ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

etag: "40d84cb0168fc70190d3b1a93bebeae7"
x-amz-version-id: jCS8xUEZin5DTIuHJCS4VLufF2yPd.dE
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD, OPTIONS
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
x-amz-cf-id: R23NQqYUV9KpZH3f_2mcRFGYmi5E3OcVw_rE8vJRpqGbmmyjc5ZfLQ==
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: image/webp
last-modified: Thu, 01 Aug 2024 01:08:49 GMT
x-frame-options: DENY
x-galaxy-optimize: 1
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
cache-control: public, max-age=31535993
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30034
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA56-C1
server: Wizard@Edge
x-amz-server-side-encryption: AES256

GET
H2 200 deluxe-double_standard.jpg
image-tc.galaxy.tf/wijpeg-9vbbiwci6p9975d6eqn4ulmmy/ 40 KB
0 2ms
2ms Image
image/jpeg 2a02:26f0:3500:3::b818:4d2f
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wijpeg-9vbbiwci6p9975d6eqn4ulmmy/deluxe-double_standard.jpg?rotate=0&crop=0%2C0%2C800%2C600&width=600

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:3::b818:4d2f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Wizard@Edge /

Resource Hash

1e142682e22d63013277f3ca0f5cd72fc5ec76e5cd92aa6777924ba6728c12e3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

etag: "227d39b46e59ea9f7ff05a4cc0d4dd69"
x-amz-version-id: 0XLm8uQd8aRlXSM3ImToPTWe2I0yrJca
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD, OPTIONS
x-amz-cf-id: JqAmlgaav3CbavUW81fUvAgedmhWd_VlU_QN5Dmagp0O0PDL8VnVug==
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: image/jpeg
last-modified: Thu, 13 Jan 2022 04:01:44 GMT
x-frame-options: DENY
x-galaxy-optimize: 1
x-amz-replication-status: REPLICA
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
cache-control: public, max-age=31184098
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
access-control-allow-origin: *
content-length: 41293
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA56-P9
server: Wizard@Edge
x-amz-server-side-encryption: AES256

GET
H2 200 superior-double-2_standard.jpg
image-tc.galaxy.tf/wijpeg-46h4e0ccctsrsfutk8xnfet65/ 23 KB
0 3ms
3ms Image
image/jpeg 2a02:26f0:3500:3::b818:4d2f
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wijpeg-46h4e0ccctsrsfutk8xnfet65/superior-double-2_standard.jpg?rotate=0&crop=0%2C0%2C800%2C600&width=600

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:3::b818:4d2f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Wizard@Edge /

Resource Hash

c90926026b6de4adb3f86648bff6b6e9588306774e9704393bfaee5e53d162c0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

etag: "2f2bc823e1e90ba5df802c62f9eedf5a"
x-amz-version-id: 1Pan5uobv4tfuLr0ZkSmw2n5egzY76Zo
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD, OPTIONS
x-amz-cf-id: Tu-bBh_msKSVbO23G8R6CYrgDBOMoyLyCrTbiLfnoVRNv3ApbsOsVg==
date: Thu, 21 Nov 2024 05:06:20 GMT
content-type: image/jpeg
last-modified: Thu, 13 Jan 2022 04:01:44 GMT
x-frame-options: DENY
x-galaxy-optimize: 1
x-amz-replication-status: REPLICA
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
cache-control: public, max-age=31184062
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23280
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA56-P9
server: Wizard@Edge
x-amz-server-side-encryption: AES256

GET
H2 403 info Show response
tc.galaxy.tf/tc/entity/v1/hotel/78916/ 54 B
302 B 52ms
52ms XHR
application/json 2a02:26f0:e200::213:508b
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://tc.galaxy.tf/tc/entity/v1/hotel/78916/info

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/integration/tc-theme/public/js/bundle.js?va4fe286fcaa96bee8aca6af687b56d90

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:e200::213:508b Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

adbcce82fb9ab89bbb7e4ef7779f3abeea54498a4c2972e928f49300146e24df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer: https://www.cititelmidvalley.com/
X-Galaxy-Key: 3cf99296f962fd457ba04fcb33bfca8d
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
access-control-allow-credentials: true
expires: Thu, 21 Nov 2024 05:06:21 GMT
apigw-requestid: BlLoIhsSFiAEMBQ=
access-control-allow-origin: https://www.cititelmidvalley.com
content-length: 54
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: application/json

POST
H/1.1 200
OK 2025 Show response
dynamic.travelclick-websolutions.com/view/ 14 KB
5 KB 562ms
350ms XHR
application/json 195.244.31.25
IGUANA-WORLDWIDE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.travelclick-websolutions.com/view/2025

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/integration/tc-theme/public/js/bundle.js?va4fe286fcaa96bee8aca6af687b56d90

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

195.244.31.25 Newark, United States, ASN63140 (IGUANA-WORLDWIDE, US),

Reverse DNS

xo7-viplb-01-new.ny.ig-1.net

Software

Apache /

Resource Hash

49b74a51bd68278421f6c50c6b471a35f461d393955f217f8488372f3ceb749e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cititelmidvalley.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-request-id: 4b589c81
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS
expires: Thu, 19 Nov 1981 08:52:00 GMT
server-timing: 1-bootstrap;dur=3.3040, 2-routing;dur=11.7030, b-time-l-sql;dur=21.71, b-time-unit;dur=102.44, b-time-partial;dur=0, b-time;dur=254.46009635925, d-mem-cur;desc="d-mem-cur: 57.54 MB", d-req-unit;desc="d-req-unit: 2 call - 2 cached", d-req-partial;desc="d-req-partial: 0", d-req-l-sql;desc="d-req-l-sql: 14", g-sql-all-time;dur=31.65, g-sql-all-req;desc="g-sql-all-req: 33"
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: application/json
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate
x-real-hostname: xo7-web-06
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: *
content-length: 4069
x-xss-protection: 1; mode=block
server: Apache

GET
H3 200 chunk-tc-hotel-dropdown-765fb40e4c9fd585a009.js Show response
www.cititelmidvalley.com/integration/tc-theme/public/js/chunk/ 368 B
766 B 20ms
20ms Script
application/javascript 2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cititelmidvalley.com/integration/tc-theme/public/js/chunk/chunk-tc-hotel-dropdown-765fb40e4c9fd585a009.js

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/integration/tc-theme/public/js/bundle.js?va4fe286fcaa96bee8aca6af687b56d90

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c961b29531f353ba0031756f0fd674bbe41bd32d638360287dc4805658868b76

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"e58e1750b0c3b14e2aecf6496a7b83b0"
age: 3012609
x-content-type-options: nosniff
expires: Fri, 21 Nov 2025 05:06:21 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: ZdkpXp2oFTlI7BIG1OIU9TEZl_ZkiKk_DxqoFtiqZbOp5lDowxvAYw==
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 02:26:47 GMT
vary: Accept-Encoding
priority: u=3,i=?0
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
server-timing: cfExtPri
cache-control: public, max-age=31536000
speculation-rules: "/cdn-cgi/speculation"
referrer-policy: no-referrer-when-downgrade
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
cf-ray: 8e5e2661fe0fdcb2-FRA
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA50-C1
server: cloudflare

GET
H2 200 78916 Show response
api.tsa-db.com/v1/data/hotelID/ 630 B
1 KB 125ms
124ms XHR
application/json 2600:9000:223f:be00:16:41f8:18c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.tsa-db.com/v1/data/hotelID/78916
Requested by: Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:be00:16:41f8:18c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ed033afb9515800bdbd5f47d41492073e127ce7603756cb34b6d6895f14aca4c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.cititelmidvalley.com/

Response headers

cache-control: max-age=600
x-amz-apigw-id: BlLoIEY8joEEEcQ=
x-amzn-trace-id: Root=1-673ebfcd-185aa20411b13f82063915ce;Parent=20da9c5062f922b1;Sampled=0;Lineage=1:688c80a0:0
access-control-allow-credentials: true
x-amzn-requestid: e3d4f74c-e052-49f1-bc34-ce6b09b5b19e
via: 1.1 b6be6ee8d445cfa291adcacd75a3fb12.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
content-length: 630
x-amz-cf-id: AxzKYqEJDPm1ilU3OArN3GD8nOJgFssEz78RwHzmnl4GKEr-IrmUNw==
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: application/json; charset=utf-8
x-amz-cf-pop: FRA56-P5

GET
H3 200 /
www.facebook.com/tr/ 0
19 B 29ms
7ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=638516299930245&ev=PageView&dl=https%3A%2F%2Fwww.cititelmidvalley.com%2F&rl=&if=false&ts=1732165581177&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=12318&fbp=fb.1.1732165581176.7748871642086483&ler=empty&cdl=API_unavailable&it=1732165580950&coo=false&rqm=GET

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=23, mss=1232, tbw=4504, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
196 B 197ms
176ms Image
image/png 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=638516299930245&ev=PageView&dl=https%3A%2F%2Fwww.cititelmidvalley.com%2F&rl=&if=false&ts=1732165581177&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=12318&fbp=fb.1.1732165581176.7748871642086483&ler=empty&cdl=API_unavailable&it=1732165580950&coo=false&rqm=FGET

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7439594522032120805"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: rvmkvxC8rS3pQfj0zN6AMHYt6+xHpl7JQxdUsb5g1+maBCwbiykVzF+P9oCps0iLVbH6PZURe8KKHgsomq4r8Q==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7439594522032120805", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=23, mss=1232, tbw=4872, tp=13, tpl=0, uplat=169, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net blob: data: 'self' 'wasm-unsafe-eval' 'report-sample' 'nonce-s5T4LwVw';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4bj0/ Frame 2D38 0
0 36ms
15ms Document
text/html 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4bj0/sw_iframe.html?origin=https%3A%2F%2Fwww.cititelmidvalley.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-926151693

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Nov 2024 05:06:21 GMT
expires: Fri, 21 Nov 2025 05:06:21 GMT
last-modified: Tue, 19 Nov 2024 10:38:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 central-market.jpg
image-tc.galaxy.tf/wijpeg-ateyysw2okykeb6ags4rpx99j/ 397 KB
398 KB 54ms
49ms Image
image/jpeg 2a02:26f0:3500:3::b818:4d2f
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://image-tc.galaxy.tf/wijpeg-ateyysw2okykeb6ags4rpx99j/central-market.jpg?width=1920

Requested by

Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:3::b818:4d2f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Wizard@Edge /

Resource Hash

403246ef1e4ba05c100184fe12973476c5a0a69714269343dbbf6ccb6e260cd0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

etag: "db9b638d7beac6d61128bd47d965cdc5"
x-amz-version-id: Pvdd7xy1EabGFHWYOwTU8kLpUCBFu9Sw
x-content-type-options: nosniff
access-control-allow-methods: GET, HEAD, OPTIONS
x-amz-cf-id: CT4okPfHnUSWkHMp-CBonWgYaLwUxZw8IjN7bsiXTHfpxqrz6ObcIA==
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: image/jpeg
last-modified: Thu, 07 Oct 2021 06:20:03 GMT
x-frame-options: DENY
x-galaxy-optimize: 1
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-replication-status: REPLICA
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
cache-control: public, max-age=30962709
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
access-control-allow-origin: *
content-length: 406368
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA56-C1
server: Wizard@Edge
x-amz-server-side-encryption: AES256

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 306 KB
103 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=G-3R5SJEDWK4&l=dataLayer&cx=c&gtm=45He4bk0v830021505za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TL2MM4B

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

925c9ab2ea2fda1947b24fd8ea0b42911d1fe9292d2cc7ad367a4c0626dfc438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Thu, 21 Nov 2024 05:06:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 105550
x-xss-protection: 0
server: Google Tag Manager

POST
H3 200 8e5e265d5f2adcb2 Show response
www.cititelmidvalley.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame B678 0
716 B 19ms
14ms XHR
text/plain 2606:4700::6811:b73a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cititelmidvalley.com/cdn-cgi/challenge-platform/h/b/jsd/r/8e5e265d5f2adcb2
Requested by: Host: www.cititelmidvalley.com
URL: https://www.cititelmidvalley.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:b73a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

cf-ray: 8e5e26634816dcb2-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 0
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare
priority: u=1,i

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 305 KB
103 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Z08ZHXE9BQ&l=dataLayer&cx=c&gtm=45He4bk0v810964027za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MZXRBGF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4615827a59280e7cecb9ab0272d898d0fcb84950bdba3ce09e68f9b9bb9033b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 05:06:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 105617
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 306 KB
103 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3R5SJEDWK4&l=dataLayer&cx=c&gtm=45He4bk0v830021505za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TL2MM4B

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

249ecdbab641db6a00b87486388ad83368072e48c3c42781d94d22d9daecf4d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 21 Nov 2024 05:06:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 105559
x-xss-protection: 0
server: Google Tag Manager

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 36ms
13ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-3R5SJEDWK4&gtm=45je4bk0v888369804z8830021505za200zb830021505&_p=1732165580522&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1646867635.1732165581&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1732165581&sct=1&seg=0&dl=https%3A%2F%2Fwww.cititelmidvalley.com%2F&dt=Cititel%20Mid%20Valley%27s%20Official%20Site%20%7C%20Best%20Hotels%20in%20Kuala%20Lumpur&en=pop_up&_fv=1&_ss=1&ep.interaction_type=displayed&ep.interactive=no&tfd=1057
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-3R5SJEDWK4&l=dataLayer&cx=c&gtm=45He4bk0v830021505za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.cititelmidvalley.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 17ms
16ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-Z08ZHXE9BQ&gtm=45je4bk0v874691219z8810964027za200zb810964027&_p=1732165580522&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1646867635.1732165581&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&dl=https%3A%2F%2Fwww.cititelmidvalley.com%2F&sid=1732165581&sct=1&seg=0&dt=Cititel%20Mid%20Valley%27s%20Official%20Site%20%7C%20Best%20Hotels%20in%20Kuala%20Lumpur&en=page_view&_fv=1&_ss=1&ep.page_subsection=not_applicable&ep.page_language=en&ep.hotel_city=not_applicable&ep.hotel_country=not_applicable&ep.hotel_brand_name=CHM%20Hotels&ep.hotel_id=78916&ep.hotel_name=Cititel%20Mid%20Valley&up.user_logged_in_session=no&tfd=1121
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Z08ZHXE9BQ&l=dataLayer&cx=c&gtm=45He4bk0v810964027za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.cititelmidvalley.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 1570172686_5d96ef0e47d31.png
cdn.galaxy.tf/uploads/3s/website/001/570/172/ 4 KB
5 KB 19ms
18ms Other
image/webp 2606:4700::6811:ba3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.galaxy.tf/uploads/3s/website/001/570/172/1570172686_5d96ef0e47d31.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:ba3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23fee214c59bb90fdc61eb94ebd46eedeaf9663f55c72c4a5c6b75627682c30a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.cititelmidvalley.com/

Response headers

cf-bgj: imgq:85,h2pri
etag: "2402-594104f2c6082"
age: 2063706
cf-cache-status: HIT
expires: Fri, 21 Nov 2025 05:06:21 GMT
cf-polished: origFmt=png, origSize=9218
alt-svc: h3=":443"; ma=86400
date: Thu, 21 Nov 2024 05:06:21 GMT
content-type: image/webp
content-disposition: inline; filename="1570172686_5d96ef0e47d31.webp"
vary: Accept
last-modified: Fri, 04 Oct 2019 07:04:12 GMT
cache-control: public, max-age=31536000
speculation-rules: "/cdn-cgi/speculation"
cf-ray: 8e5e26646f1edc9e-FRA
accept-ranges: bytes
content-length: 4576
server: cloudflare

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cititelmidvalley.com/	1970-01-21 01:10:51	Name: _gid Value: GA1.2.800623456.1732165581
.cititelmidvalley.com/	1970-01-21 01:09:25	Name: _gat_UA-12601563-4 Value: 1
.cititelmidvalley.com/	1970-01-21 01:09:25	Name: _gat_UA-122458240-1 Value: 1
.cititelmidvalley.com/	1970-01-21 01:09:25	Name: _gat_UA-12601563-2 Value: 1
.cititelmidvalley.com/	1970-01-21 03:19:01	Name: _gcl_au Value: 1.1.605012610.1732165581
.cititelmidvalley.com/	1970-01-21 03:19:01	Name: _fbp Value: fb.1.1732165581176.7748871642086483
www.cititelmidvalley.com/	1970-01-21 01:09:27	Name: galaxy-session-cookie-en Value: true
.www.cititelmidvalley.com/	1970-01-21 09:55:01	Name: cf_clearance Value: CnLTP.EaOfyqyb1af92n6IeAs7JaAksbzEjhTNxfZUM-1732165581-1.2.1.1-tKDZtTaznS7d.cZ3wdqa7bfNXvhXqFviXMEIG7SWf0a575ltkbczl1FfXY0warGGsVdvy5j5SqJplxws5qbQgX2JoJXd9mYCWRsYiGrRTeZCH61ej936cCGsfApsml7MbM5ui4vk.FKol3n7RJDwN9dF2qbPJYjEIGK0033D_YQKX6u1MDKnA8dSr6964Mn9BLZ2y.ziNbYGVmHSh0eL7KOB_r.aU6neIrEdBQQlGar68JskmaTCwdJErdc_kGg.TpY1h0ALjVNCUGi7SyyHsOXqXTB.rDJY8fBGBywTK0j5OIwPLGQC_NIBQG_mhCfKY3aMm4JZf4xCGOEixk_W6PzOlfK5VqDfmNZfpx2ZChgVYbwGAKa7Q2v_g5lCUUXm
.cititelmidvalley.com/	1970-01-21 10:45:25	Name: _ga Value: GA1.1.1646867635.1732165581
.cititelmidvalley.com/	1970-01-21 10:45:25	Name: _ga_3R5SJEDWK4 Value: GS1.1.1732165581.1.1.1732165581.0.0.0
.cititelmidvalley.com/	1970-01-21 10:45:25	Name: _ga_Z08ZHXE9BQ Value: GS1.1.1732165581.1.0.1732165581.0.0.0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://tc.galaxy.tf/tc/entity/v1/hotel/78916/info Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.tsa-db.com
cdn.galaxy.tf
connect.facebook.net
dynamic.travelclick-websolutions.com
fonts.googleapis.com
fonts.gstatic.com
image-tc.galaxy.tf
region1.google-analytics.com
tc.galaxy.tf
www.cititelmidvalley.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
195.244.31.25
2001:4860:4802:32::36
2600:9000:223f:be00:16:41f8:18c0:93a1
2606:4700::6811:b73a
2606:4700::6811:ba3a
2a00:1450:4001:800::200a
2a00:1450:4001:80b::2003
2a00:1450:4001:828::200e
2a00:1450:4001:830::2008
2a00:1450:4001:831::2004
2a02:26f0:3500:3::b818:4d2f
2a02:26f0:e200::213:508b
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
01eadf02da4d0ab6c46d8921d02aa45159c4c1550f23692c7201585883b83319
050b86ff82c9199341c8f4b69ac77124338fb3cca489d0e7d1e274ce417ffc60
0deeac40ee53899291070a45e4c900277d2358ece0fdb020d4b221be87691f97
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
17aedace7afe7acaef80c95013876afd8a8b2827780b7c0ca93d587fd56849e4
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1e142682e22d63013277f3ca0f5cd72fc5ec76e5cd92aa6777924ba6728c12e3
2262f0a371b574523b2b1bc93968b7744a5d3572fe2c08ac7b0b62f1f8ec8d97
23fee214c59bb90fdc61eb94ebd46eedeaf9663f55c72c4a5c6b75627682c30a
249ecdbab641db6a00b87486388ad83368072e48c3c42781d94d22d9daecf4d8
26f594e5d2b454a39e994e008ac1b34323c65cb06808a69c52f9eb307f184f4a
2c072d451dc2211abd3f0aa1a97f13f82116cab75640f3f972151f02de59ce27
3126e06923cca9d2e53a0c64b569dd17e190e1844ca13e495f6e36113cc5356e
403246ef1e4ba05c100184fe12973476c5a0a69714269343dbbf6ccb6e260cd0
4615827a59280e7cecb9ab0272d898d0fcb84950bdba3ce09e68f9b9bb9033b3
49b74a51bd68278421f6c50c6b471a35f461d393955f217f8488372f3ceb749e
4a5981a69e205f38fcb55e3577c9ca03c45b10cd56cafe1af6f112e4c67eed06
5146a0f06c3c0816131eb1241380f9111e4435ef7b78a78e467d80f323c8a07c
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
561dc6588384c0f99df69195964f164bfc4d58573f2eaeff5c96801044769d62
638e0a9696a1287622b2881fce4aa2450101d9f7e29cb7811fb4c737a4e7e8e0
660d951e110d504a03f98ce3a68bf012d664e4ee7f587edaabc292926d92cd81
66422c10150bbbf5d79f3a90635fc2259f4bea25ff591b3a7a7d2078204ff7b0
6b78976e0a15138b3b1bde71abfa5bbb603eff6bdf1fc4d4eaffaeeaab0abc26
6c510954a0d8959f49cd869166c391a0b133ce83dfa747faad43f6f55d4d03c3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8aa46c880b43a6e1e1a84db63b393ef429637e3343c607dfc8d00074f20dc020
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
925c9ab2ea2fda1947b24fd8ea0b42911d1fe9292d2cc7ad367a4c0626dfc438
a961366b4346f6078cc2f164d2c019f63b37e2693f6fc93a995048a98b25c083
a9ce7e787de2b09df47e1b9e743440a4a0ec90fc1ea23c8410d1191191499e88
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
adbcce82fb9ab89bbb7e4ef7779f3abeea54498a4c2972e928f49300146e24df
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
afb59214ba30577a4fb8b82fb4f290c799fcc694371621cef74f8af010e73746
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
ba8e78e567b2a77ab74108a2a71e47904148b57134842ae1f49842981f12a59a
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c726c5d35e6bcc2d73c0bb65f32bb0f9c9b4b5e460526ef26056841583ec337d
c7e8a4d57f83becfc273a15d8b3ec1216b0075ae3e06b4438606948416c9673a
c90926026b6de4adb3f86648bff6b6e9588306774e9704393bfaee5e53d162c0
c961b29531f353ba0031756f0fd674bbe41bd32d638360287dc4805658868b76
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e57a9a7601c029b48849767d3f195bac5014472b43fd229074b5fdd5194027ba
ebfd0494493275cc3cfa7d640f1be08115243660b0cbdee028a946f080ab14cd
ed033afb9515800bdbd5f47d41492073e127ce7603756cb34b6d6895f14aca4c
f78bb4fead90ea6966383155118b67afbc0bdb0f870f4918944de11227d583e7
fc115a86e287390c6df2c3e4bfa64b6a0dc6afa92349e1302cc2431ce8b6f74b

www.cititelmidvalley.com Open in urlscan Pro 2606:4700::6811:b73a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

62 Requests

98 %HTTPS

93 %IPv6

11 Domains

14 Subdomains

15 IPs

2 Countries

2318 kBTransfer

6589 kBSize

11 Cookies

9 Outgoing links

Redirected requests

62 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cititelmidvalley.com Open in urlscan Pro
2606:4700::6811:b73a Public Scan

Screenshot
Live screenshot

Full Image

62
Requests

98 %
HTTPS

93 %
IPv6

11
Domains

14
Subdomains

15
IPs

2
Countries

2318 kB
Transfer

6589 kB
Size

11
Cookies

62 HTTP transactions
1 data transactions