secure.actblue.com Open in urlscan Pro
151.101.64.174 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u1584542.ct.sendgrid.net/ss/c/wehEm_vu1NBVXOKYSqOxTOi34aJoCJC1EivM7Ih953yUxJI1daGXW4K7uNQgCO9eSyE4I0ev2p-wbvwvggv-DEljfNq...
Effective URL:
https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b0...
Submission Tags: falconsandbox
Submission: On April 15 via api (April 15th 2022, 12:42:45 pm UTC) from US — Scanned from DE

Summary HTTP 91 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 29 IPs in 3 countries across 22 domains to perform 91 HTTP transactions. The main IP is 151.101.64.174, located in United States and belongs to FASTLY, US. The main domain is secure.actblue.com. The Cisco Umbrella rank of the primary domain is 53395.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 5th 2021. Valid for: a year.

This is the only time secure.actblue.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.115.121 167.89.115.121	11377 (SENDGRID) (SENDGRID)
10	151.101.64.174 151.101.64.174	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
2	54.231.200.249 54.231.200.249	16509 (AMAZON-02) (AMAZON-02)
4	2600:1901:0:7... 2600:1901:0:7a0b::	15169 (GOOGLE) (GOOGLE)
1	2600:1901:0:b... 2600:1901:0:bc29::	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	13.226.154.92 13.226.154.92	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
10	151.101.65.21 151.101.65.21	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:400c:c08::5c	15169 (GOOGLE) (GOOGLE)
3	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
7	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
3	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	18.66.248.4 18.66.248.4	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 3	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
15	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1 2	64.4.245.84 64.4.245.84	17012 (PAYPAL) (PAYPAL)
1	34.96.67.224 34.96.67.224	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2b5::26cf	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	34.102.232.42 34.102.232.42	15169 (GOOGLE) (GOOGLE)
1	130.211.34.183 130.211.34.183	() ()
91	29

1 167.89.115.121 (Herndon, United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789115x121.outbound-mail.sendgrid.net

u1584542.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.64.174 (United States)

ASN54113 (FASTLY, US)

secure.actblue.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.231.200.249 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

actblue-indigo-uploads.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1901:0:7a0b:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

sessions.bugsnag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:bc29:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

cdn.mxpnl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.154.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-154-92.dus51.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.65.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c08::5c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

pay.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.248.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-4.dus51.r.cloudfront.net

zgen2d20.micpn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.4.245.84 (United States) 1 redirects

ASN17012 (PAYPAL, US)

b.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dub.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.67.224 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 224.67.96.34.bc.googleusercontent.com

cdn.sift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2b5::26cf (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c6.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.232.42 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 42.232.102.34.bc.googleusercontent.com

hexagon-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.34.183 (None, )

ASN- ()

api-js.mixpanel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	google.com 1 redirects pay.google.com — Cisco Umbrella Rank: 3405 www.google.com — Cisco Umbrella Rank: 4 play.google.com — Cisco Umbrella Rank: 31	390 KB
20	paypal.com 1 redirects www.paypal.com — Cisco Umbrella Rank: 2500 t.paypal.com — Cisco Umbrella Rank: 3392 c.paypal.com — Cisco Umbrella Rank: 5906 b.stats.paypal.com — Cisco Umbrella Rank: 4652 dub.stats.paypal.com — Cisco Umbrella Rank: 17957 c6.paypal.com — Cisco Umbrella Rank: 6738	408 KB
10	actblue.com secure.actblue.com — Cisco Umbrella Rank: 53395	630 KB
6	gstatic.com fonts.gstatic.com www.gstatic.com	117 KB
4	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 95 googleads.g.doubleclick.net — Cisco Umbrella Rank: 40	3 KB
4	google-analytics.com 1 redirects ssl.google-analytics.com — Cisco Umbrella Rank: 279 www.google-analytics.com — Cisco Umbrella Rank: 37	40 KB
4	bugsnag.com sessions.bugsnag.com — Cisco Umbrella Rank: 756	251 B
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	489 B
3	google.de www.google.de — Cisco Umbrella Rank: 5383	675 B
3	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 104	31 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	149 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 138	114 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 1886	33 KB
2	amazonaws.com actblue-indigo-uploads.s3.amazonaws.com — Cisco Umbrella Rank: 248935	27 KB
1	mixpanel.com api-js.mixpanel.com	372 B
1	hexagon-analytics.com hexagon-analytics.com — Cisco Umbrella Rank: 5306	240 B
1	sift.com cdn.sift.com — Cisco Umbrella Rank: 12593	20 KB
1	micpn.com zgen2d20.micpn.com	15 KB
1	datadoghq-browser-agent.com www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 3060	12 KB
1	mxpnl.com cdn.mxpnl.com — Cisco Umbrella Rank: 2761	18 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	967 B
1	sendgrid.net 1 redirects u1584542.ct.sendgrid.net — Cisco Umbrella Rank: 47217	638 B
91	22

	Domain	Requested by
15	play.google.com	www.gstatic.com
10	www.paypal.com	secure.actblue.com www.paypal.com www.paypalobjects.com www.datadoghq-browser-agent.com
10	secure.actblue.com	secure.actblue.com
5	c.paypal.com	www.paypal.com c.paypal.com
5	www.gstatic.com	secure.actblue.com pay.google.com www.gstatic.com
4	pay.google.com	secure.actblue.com pay.google.com www.gstatic.com
4	sessions.bugsnag.com	secure.actblue.com www.datadoghq-browser-agent.com
3	www.facebook.com	secure.actblue.com
3	www.google.de	secure.actblue.com
3	www.google.com	1 redirects secure.actblue.com
3	www.google-analytics.com	www.googletagmanager.com www.datadoghq-browser-agent.com www.gstatic.com
3	www.googleadservices.com	www.googletagmanager.com www.googleadservices.com
3	www.googletagmanager.com	secure.actblue.com www.googletagmanager.com
2	connect.facebook.net	secure.actblue.com connect.facebook.net
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	t.paypal.com	secure.actblue.com
2	www.paypalobjects.com	www.paypal.com www.paypalobjects.com
2	stats.g.doubleclick.net	secure.actblue.com www.datadoghq-browser-agent.com
2	actblue-indigo-uploads.s3.amazonaws.com	secure.actblue.com
1	api-js.mixpanel.com	www.datadoghq-browser-agent.com
1	hexagon-analytics.com
1	c6.paypal.com
1	cdn.sift.com	secure.actblue.com
1	dub.stats.paypal.com	www.paypal.com
1	b.stats.paypal.com	1 redirects
1	zgen2d20.micpn.com	secure.actblue.com
1	ssl.google-analytics.com	1 redirects
1	www.datadoghq-browser-agent.com	secure.actblue.com
1	fonts.gstatic.com	fonts.googleapis.com
1	cdn.mxpnl.com	secure.actblue.com
1	fonts.googleapis.com	secure.actblue.com
1	u1584542.ct.sendgrid.net	1 redirects
91	32

This site contains links to these domains. Also see Links.

Domain
democrats.org

Subject Issuer	Validity	Valid
secure.actblue.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-05` - `2022-10-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.s3.amazonaws.com Amazon	`2021-12-15` - `2022-12-03`	a year	crt.sh
*.bugsnag.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-05` - `2022-05-05`	a year	crt.sh
*.mxpnl.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-07-15` - `2022-07-28`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.datadoghq-browser-agent.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-02-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.micpn.com Amazon	`2022-02-17` - `2023-03-18`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-22` - `2022-04-22`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.sift.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-07` - `2023-01-20`	a year	crt.sh
c.paypal.com DigiCert SHA2 Extended Validation Server CA	`2021-11-03` - `2022-12-04`	a year	crt.sh
*.hexagon-analytics.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-04`	a year	crt.sh
*.mixpanel.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-28` - `2023-04-28`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
Frame ID: BE2CFADC45CE92B3D64401225111DFB1
Requests: 42 HTTP requests in this frame

Frame: https://secure.actblue.com/pages/em-ccm-split-apr-2022/tracking_code?t=landing&refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628&auth_token=null
Frame ID: 7CF088F1A73937B77DE5B7E2EEE60101
Requests: 9 HTTP requests in this frame

Frame: https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&style.menuPlacement=below&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UmZW5hYmxlLWZ1bmRpbmc9dmVubW8iLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9mbWdpY3pibHBhZ211bHhpc2F1Z2VianVpb21iamsifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=add49c10edcd9&storageID=uid_bfcd21ca9f_mti6ndi6mzk&sessionID=uid_77d7a7f52f_mti6ndi6mzk&buttonSessionID=uid_94016e5e05_mti6ndi6mzk&buttonSize=large&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiMmU3NjAyNDA5YWRhZWVlMWEzYWFlYzM1NWQyZWQ4YzRhZDAzNWU4OSIsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19LCJndWVzdEVuYWJsZWQiOmZhbHNlfSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwiYXBwbGVwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&enableFunding.0=venmo&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
Frame ID: 1808748F093DCF8D45BBE261B9D37CE3
Requests: 7 HTTP requests in this frame

Frame: data://truncated
Frame ID: B1C1652B5431BBD4D13B7E04551EBEAA
Requests: 2 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=
Frame ID: 2FDA3E9A319FF15BC522CAF31C105507
Requests: 16 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: D567A309E925012523CAB87B9FDD4829
Requests: 2 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: 2FBB551C6B3A0AEA325395E4C674690B
Requests: 5 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_77d7a7f52f_mti6ndi6mzk&s=SMART_PAYMENT_BUTTONS
Frame ID: 4AFB3030E68829D77B3DF8268DD89DB8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Split a donation between Sen. Catherine Cortez Masto's campaign and the DNC today — Donate via ActBlue

Page URL History Show full URLs

https://u1584542.ct.sendgrid.net/ss/c/wehEm_vu1NBVXOKYSqOxTOi34aJoCJC1EivM7Ih953yUxJI1daGXW4K7uNQgCO9eSyE4I0e... HTTP 302
https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3... Page URL

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

Google Pay (Payment processors) Expand

Overall confidence: 100%
Detected patterns

pay\.google\.com/([a-z/]+)/pay\.js

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Sift (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.sift(?:science)?\.com/s\.js

Page Statistics

91
Requests

97 %
HTTPS

57 %
IPv6

22
Domains

32
Subdomains

29
IPs

3
Countries

2008 kB
Transfer

6012 kB
Size

32
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://democrats.org/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u1584542.ct.sendgrid.net/ss/c/wehEm_vu1NBVXOKYSqOxTOi34aJoCJC1EivM7Ih953yUxJI1daGXW4K7uNQgCO9eSyE4I0ev2p-wbvwvggv-DEljfNqExzAsVk3xnjZzHlZm_gIA-AR8zlhsI5jeAC4RNqK7KlMBQOHxeNSDQnEZ7a4rCvYMaznZpRFEytaJvLPU-gy7kjJe3z9jvRBp1obvO54K-GVh64qWizpx6iUizUj6mny1YpQvSagFXvJBwySw-oxjg4-GTgirEjJtYkVC_prQF--D28JJBCC8LGsmr0iZO-eSUtoKWcKEifQzNn-yXRYjCdbXpvzaYeINb635ZjvMFdfwd2ceMw9s0RJl4IuDPw11nOCu7H7jrZaUSRKM1wGlFKk-LX1YHsYjLJcEtFo2ZXnl14yWktOjGkjLcqCjJz-xtYyOfSRskcHcreTdL0VKlc7673HuFo-o60uMuXYhuylTLI-tzqAwDYX3otMtn-_H7gsJUGO_qWknliyatH0QaQBpu60dVbR4V33Ick9iKyAi_LmSiWKMjO6mUPUTiCLKuG8RwgieZHCitnqULC2tfq8SvRmRezdWeEfjvj46KQSEyJDE67VEFJrfdg/3l6/h7X7ZXv0SSOjvwfdKNiGCw/h3/AsL0lq5UtXgphlnqpLIrX3wXR3cbkAHciR2wrJLEGCY HTTP 302
https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.6.1&utms=1&utmn=1578875663&utmhn=secure.actblue.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=ActBlue&utmhid=1676768812&utmr=-&utmp=%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&utmht=1650026559695&utmac=UA-159696-1&utmcc=__utma%3D88171332.1492187459.1650026560.1650026560.1650026560.1%3B%2B__utmz%3D88171332.1650026560.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=978938888&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-159696-1&cid=1492187459.1650026560&jid=978938888&_v=5.6.1&z=1578875663

Request Chain 43

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/745767271/?random=1050550660&cv=9&fst=1650026560039&num=1&label=sBrwCPCVnJsBEOeCzuMC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4d0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&tiba=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Masto%27s%20campaign%20and%20the%20DNC%20today%20%E2%80%94%20Donate%20via%20ActBlue&auid=1358995643.1650026560&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=QGhZYs3cBaPImweR1qDwDA&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/745767271/?random=1050550660&cv=9&fst=1650026560039&num=1&label=sBrwCPCVnJsBEOeCzuMC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4d0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&tiba=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Masto%27s%20campaign%20and%20the%20DNC%20today%20%E2%80%94%20Donate%20via%20ActBlue&auid=1358995643.1650026560&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=QGhZYs3cBaPImweR1qDwDA&random=1433570823&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/745767271/?random=1050550660&cv=9&fst=1650026560039&num=1&label=sBrwCPCVnJsBEOeCzuMC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4d0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&tiba=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Masto%27s%20campaign%20and%20the%20DNC%20today%20%E2%80%94%20Donate%20via%20ActBlue&auid=1358995643.1650026560&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=QGhZYs3cBaPImweR1qDwDA&random=1433570823&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hAJXIe1pEZPnngIw-jzVYfiiSmVmokIkV3tNlm9Z-sejipdQtn8K05d7n7O1ukkl3RBF6NqqlVbi1UC5Uq6vc7b

Request Chain 81

https://b.stats.paypal.com/v2/counter.cgi?p=uid_77d7a7f52f_mti6ndi6mzk&s=SMART_PAYMENT_BUTTONS HTTP 302
https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_77d7a7f52f_mti6ndi6mzk&s=SMART_PAYMENT_BUTTONS

91 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request em-ccm-split-apr-2022 Show response
secure.actblue.com/donate/
Redirect Chain

https://u1584542.ct.sendgrid.net/ss/c/wehEm_vu1NBVXOKYSqOxTOi34aJoCJC1EivM7Ih953yUxJI1daGXW4K7uNQgCO9eSyE4I0ev2p-wbvwvggv-DEljfNqExzAsVk3xnjZzHlZm_gIA-AR8zlhsI5jeAC4RNqK7KlMBQOHxeNSDQnEZ7a4rCvYMazn...
https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-en...

53 KB
13 KB

58ms
26ms

Document
text/html

151.101.64.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.174 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

12b18c059bad2e9bb6fe1df491280c6720bad9c555b01a7c1fd73bab2b35f607

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'; report-uri /system/csp_reports
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 47301
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-length: 12527
content-security-policy: frame-ancestors 'none'; report-uri /system/csp_reports
content-type: text/html; charset=utf-8
date: Fri, 15 Apr 2022 12:42:39 GMT
etag: W/"d571-iyG3/LE/JninzkZcB6GRCR57Puc"
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
x-form-app: kittens! [Server: node: us]
x-frame-options: sameorigin
x-robots-tag: noindex, nofollow
x-start: 2022-04-15 12:42:39.296
x-xss-protection: 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 485
Content-Type: text/html; charset=utf-8
Date: Fri, 15 Apr 2022 12:42:39 GMT
Location: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
Server: nginx
X-Robots-Tag: noindex, nofollow

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
967 B 135ms
51ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Libre+Franklin:wght@500&display=swap

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

156f36c9b88a9f8fb201a916544ac560b75e388b367495e24a71f6350c034a3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 15 Apr 2022 12:42:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 15 Apr 2022 12:42:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 15 Apr 2022 12:42:39 GMT

GET
H2 200 5b2521c877e68d146165.css
secure.actblue.com/cf/assets/app-css/ 21 KB
5 KB 8ms
7ms Stylesheet
text/css 151.101.64.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/cf/assets/app-css/5b2521c877e68d146165.css?form_app=us

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.174 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c0a876e22dd207a67ea508bf2a41c88b3f98dbc7ebc1fd335ccf427bf39aa4ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:39 GMT
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified: Thu, 14 Apr 2022 20:19:16 GMT
age: 48933
etag: W/"5539-18029bae5a0"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
x-start: 2022-04-15 12:42:39.346
cache-control: max-age=31557600, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 5073
x-xss-protection: 1; mode=block

GET
H2 200 actblue.js Show response
secure.actblue.com/cf/assets/ 30 KB
10 KB 7ms
7ms Script
application/javascript 151.101.64.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/cf/assets/actblue.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.174 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7c78dae7530508b4e79cbc6b1be7297cb854dc8d34e1ecad9890c461624632c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:39 GMT
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified: Thu, 14 Apr 2022 20:17:33 GMT
age: 48933
etag: W/"7717-18029b95348"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
x-start: 2022-04-15 12:42:39.347
cache-control: max-age=600, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 9589
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK ec91e1bc-19df-4164-8a71-6e038707259e-832dfc58-32ba-4949-9315-2369542aa3b1-DNCSplitSeries_Unsub_1.png
actblue-indigo-uploads.s3.amazonaws.com/uploads/list-editor/0c70420e-2186-47fc-8360-260a08ac078e-brandings/177361/header/mobile_image_url/ 13 KB
14 KB 451ms
131ms Image
image/png 54.231.200.249
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://actblue-indigo-uploads.s3.amazonaws.com/uploads/list-editor/0c70420e-2186-47fc-8360-260a08ac078e-brandings/177361/header/mobile_image_url/ec91e1bc-19df-4164-8a71-6e038707259e-832dfc58-32ba-4949-9315-2369542aa3b1-DNCSplitSeries_Unsub_1.png
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.200.249 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: f9f9523cacc66c00e75f409346ae3cf59b4232019669f4d849e437b468f0b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 12:42:40 GMT
Last-Modified: Fri, 18 Feb 2022 18:20:37 GMT
Server: AmazonS3
x-amz-request-id: GS0J3K4TSWBJRCGE
ETag: "d0a63e39d7b27b2850616350c10ee619"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 13615
x-amz-id-2: o+caj89gRMuM0GXeDXPSEOOEoau3lfj6VA1fCXAaGmx9+rrCmpYcGTMwuoPncu9c04X72JZFHg0=

GET
H2 200 5b2521c877e68d146165.js Show response
secure.actblue.com/cf/assets/app/ 2 MB
479 KB 8ms
7ms Script
application/javascript 151.101.64.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/cf/assets/app/5b2521c877e68d146165.js?form_app=us

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.174 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1d3abe392831b66c0dc950e68819cf3a200eb8f0560f2da389b9a000c60c3e29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:39 GMT
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified: Thu, 14 Apr 2022 20:19:16 GMT
age: 48933
etag: W/"1a9b57-18029bae5a0"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
x-start: 2022-04-15 12:42:39.356
cache-control: max-age=31557600, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 489669
x-xss-protection: 1; mode=block

OPTIONS
H2 200 /
sessions.bugsnag.com/ Frame 0
0 249ms
169ms Preflight 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Access-Control-Request-Method: POST
Origin: https://secure.actblue.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers: Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods: POST
access-control-allow-origin: *
alt-svc: clear
content-length: 0
date: Fri, 15 Apr 2022 12:42:39 GMT
via: 1.1 google

GET
H2 200 mixpanel-2-latest.min.js Show response
cdn.mxpnl.com/libs/ 50 KB
18 KB 114ms
30ms Script
text/javascript 2600:1901:0:bc29::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:bc29:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: da7a511c69cdf1e0f950a29019d09854b8919bc154bb95fe5d5ec580ed2f0997

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:37:15 GMT
content-encoding: gzip
age: 324
x-guploader-uploadid: ADPycdvAkNT5KqYZz02cXqSZ8AIsuPkGXJ7spscdeWLA2WN5zVkPkYYXcwJj4ozhfUQUUQyhnzL13vzCeOf9Yt40oLNniA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17435
last-modified: Thu, 17 Feb 2022 20:21:50 GMT
server: UploadServer
etag: "caa762087e9d75cecc34b5d6626cb7b9"
vary: Accept-Encoding
x-goog-hash: crc32c=PPVzJA==, md5=yqdiCH6ddc7MNLXWYmy3uQ==
x-goog-generation: 1645129310876382
access-control-allow-origin: *
cache-control: public,max-age=600
x-goog-stored-content-length: 17435
accept-ranges: bytes
content-type: text/javascript
expires: Fri, 15 Apr 2022 12:47:15 GMT

POST
H2 202 / Show response
sessions.bugsnag.com/ 21 B
140 B 170ms
170ms XHR
application/json 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/5b2521c877e68d146165.js?form_app=us
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version: 1
Referer: https://secure.actblue.com/
Bugsnag-Sent-At: 2022-04-15T12:42:39.509Z
accept-language: de-DE,de;q=0.9
Bugsnag-Api-Key: 04c1a9de88bb73e22614162ba813a0b9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Fri, 15 Apr 2022 12:42:39 GMT
via: 1.1 google
bugsnag-session-uuid: 121d5ca8-fb72-43c4-9d37-63718ab55ddd
alt-svc: clear
content-length: 21
content-type: application/json

GET
H2 200 em-ccm-split-apr-2022
secure.actblue.com/donate/ 53 KB
53 KB 8ms
8ms Image
text/html 151.101.64.174
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.174 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'; report-uri /system/csp_reports
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'; report-uri /system/csp_reports
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
etag: W/"d571-iyG3/LE/JninzkZcB6GRCR57Puc"
age: 47301
x-start: 2022-04-15 12:42:39.542
content-encoding: gzip
vary: Accept-Encoding
content-length: 12527
x-xss-protection: 1; mode=block
x-frame-options: sameorigin
date: Fri, 15 Apr 2022 12:42:39 GMT
strict-transport-security: max-age=31536000
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
x-robots-tag: noindex, nofollow
x-form-app: kittens! [Server: node: us]

GET
H2 200 jizOREVItHgc8qDIbSTKq4XkRg8T88bjFuXOnduhHMWkANDJ.woff2
fonts.gstatic.com/s/librefranklin/v11/ 14 KB
14 KB 125ms
39ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/librefranklin/v11/jizOREVItHgc8qDIbSTKq4XkRg8T88bjFuXOnduhHMWkANDJ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Libre+Franklin:wght@500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c655f3891478c0b239e88184195be8dcbe152780f3871525c3ea0ed7e2fdbbfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://secure.actblue.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 12 Apr 2022 03:55:18 GMT
x-content-type-options: nosniff
age: 290841
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14132
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:34:00 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 12 Apr 2023 03:55:18 GMT

GET
H2 200 datadog-logs.js Show response
www.datadoghq-browser-agent.com/ 33 KB
12 KB 42ms
11ms Script
application/javascript 13.226.154.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/datadog-logs.js
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/5b2521c877e68d146165.js?form_app=us
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.154.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-154-92.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 912bc848d461e328a48863196601323b69ed445926c856f23a426efe674e67eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:32 GMT
content-encoding: br
last-modified: Tue, 27 Jul 2021 15:01:20 GMT
server: AmazonS3
age: 13
etag: W/"9eb57181f3149e3310d96317ef9188ac"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c51e3be89c14e3f859ea898f7e36ecec.cloudfront.net (CloudFront)
cache-control: max-age=14400, s-maxage=60
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: NiIIdaZXnsSdi-TozROemVigOWqC0KCz3oXvRS0ORgW0cdK2L_pRuw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 149 KB
56 KB 138ms
53ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-745767271

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/5b2521c877e68d146165.js?form_app=us

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3f70fb85474794f672907ef4438fba81520dfef8e94b4fec97a32159478591cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:39 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56664
x-xss-protection: 0
last-modified: Fri, 15 Apr 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 15 Apr 2022 12:42:39 GMT

GET
H2 200 auth_token Show response
secure.actblue.com/api/cf/ 104 B
580 B 116ms
116ms Fetch
application/json 151.101.64.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/api/cf/auth_token

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/5b2521c877e68d146165.js?form_app=us

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.174 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

96c2c63197bfee2a19012f544990e02f7c286c540d2448feeac12e11856e9889

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
status: 200 OK
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-start: 2022-04-15 12:42:39.622
x-frame-options: SAMEORIGIN
etag: W/"96c2c63197bfee2a19012f544990e02f"
x-download-options: noopen
vary: Accept, Accept-Encoding
content-type: application/json; charset=utf-8
via: 1.1 varnish
cache-control: private, no-store
accept-ranges: bytes

GET
H2 200 tracking_code Show response
secure.actblue.com/pages/em-ccm-split-apr-2022/ Frame 7CF0 2 KB
1 KB 431ms
431ms Document
text/html 151.101.64.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/pages/em-ccm-split-apr-2022/tracking_code?t=landing&refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628&auth_token=null

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/5b2521c877e68d146165.js?form_app=us

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.174 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

33c86e8166977b2fe508467d0223c1663b8689dd20e1a8bc6bcec04aa63b89a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: no-store
content-encoding: gzip
content-length: 1033
content-type: text/html; charset=utf-8
date: Fri, 15 Apr 2022 12:42:40 GMT
etag: W/"33c86e8166977b2fe508467d0223c166"
referrer-policy: strict-origin-when-cross-origin
status: 200 OK
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: 1.1 varnish
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: ALLOWALL
x-permitted-cross-domain-policies: none
x-robots-tag: noindex, nofollow
x-start: 2022-04-15 12:42:39.661
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK 4f72692a-e88d-4c02-983e-5ba9c85b4fce-832dfc58-32ba-4949-9315-2369542aa3b1-DNCSplitSeries_Unsub_1.png
actblue-indigo-uploads.s3.amazonaws.com/uploads/list-editor/a098bb78-44cb-496b-82fc-23ccf1aa037e-brandings/177361/header/image_url/ 13 KB
14 KB 314ms
112ms Image
image/png 54.231.200.249
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://actblue-indigo-uploads.s3.amazonaws.com/uploads/list-editor/a098bb78-44cb-496b-82fc-23ccf1aa037e-brandings/177361/header/image_url/4f72692a-e88d-4c02-983e-5ba9c85b4fce-832dfc58-32ba-4949-9315-2369542aa3b1-DNCSplitSeries_Unsub_1.png
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.200.249 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: f9f9523cacc66c00e75f409346ae3cf59b4232019669f4d849e437b468f0b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 12:42:40 GMT
Last-Modified: Fri, 18 Feb 2022 18:20:30 GMT
Server: AmazonS3
x-amz-request-id: GS0YDCTNC4MRJ0PS
ETag: "d0a63e39d7b27b2850616350c10ee619"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 13615
x-amz-id-2: 4vfBG7v89T4AKqyEJtw7jNtbNNOtC5I7Rx7NsYkDu4NuhTk9KmYUiuvW6GTGrJeCzL13w7G4M84=

GET
H2 200 ga.js Show response
secure.actblue.com/cf/static/ 40 KB
16 KB 7ms
6ms Script
application/javascript 151.101.64.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/cf/static/ga.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.174 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

653e7cf0591c3856565188ac0fe9b6baa746f318b2cd4f205ac4e08a76edf338

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:39 GMT
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
last-modified: Thu, 14 Apr 2022 20:15:31 GMT
age: 48932
etag: W/"9fe9-18029b776b8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
x-start: 2022-04-15 12:42:39.663
cache-control: max-age=31557600, must-revalidate
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-encoding: gzip
content-length: 16100
x-xss-protection: 1; mode=block

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.6.1&utms=1&utmn=1578875663&utmhn=secure.actblue.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=A...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-159696-1&cid=1492187459.1650026560&jid=978938888&_v=5.6.1&z=1578875663

35 B
430 B

58ms
20ms

Image
image/gif

2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-159696-1&cid=1492187459.1650026560&jid=978938888&_v=5.6.1&z=1578875663

Requested by

Protocol

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 15 Apr 2022 12:42:39 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:39 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-159696-1&cid=1492187459.1650026560&jid=978938888&_v=5.6.1&z=1578875663
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 368
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 /
sessions.bugsnag.com/ Frame 0
0 169ms
169ms Preflight 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Access-Control-Request-Method: POST
Origin: https://secure.actblue.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers: Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods: POST
access-control-allow-origin: *
alt-svc: clear
content-length: 0
date: Fri, 15 Apr 2022 12:42:39 GMT
via: 1.1 google

POST
H2 202 / Show response
sessions.bugsnag.com/ 21 B
111 B 172ms
171ms XHR
application/json 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-logs.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7a0b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version: 1
Referer: https://secure.actblue.com/
Bugsnag-Sent-At: 2022-04-15T12:42:39.757Z
accept-language: de-DE,de;q=0.9
Bugsnag-Api-Key: 04c1a9de88bb73e22614162ba813a0b9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Fri, 15 Apr 2022 12:42:40 GMT
via: 1.1 google
bugsnag-session-uuid: afdbf4e3-394c-4678-8f2d-4c10cf74fd7a
alt-svc: clear
content-length: 21
content-type: application/json

GET
H2 200 em-ccm-split-apr-2022
secure.actblue.com/donate/ 53 KB
53 KB 7ms
7ms Image
text/html 151.101.64.174
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.174 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'; report-uri /system/csp_reports
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'none'; report-uri /system/csp_reports
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
etag: W/"d571-iyG3/LE/JninzkZcB6GRCR57Puc"
age: 47301
x-start: 2022-04-15 12:42:39.767
content-encoding: gzip
vary: Accept-Encoding
content-length: 12527
x-xss-protection: 1; mode=block
x-frame-options: sameorigin
date: Fri, 15 Apr 2022 12:42:39 GMT
strict-transport-security: max-age=31536000
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
x-robots-tag: noindex, nofollow
x-form-app: kittens! [Server: node: us]

GET
H2 200 js Show response
www.paypal.com/sdk/ 320 KB
98 KB 59ms
9ms Script
application/javascript 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false&enable-funding=venmo

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/5b2521c877e68d146165.js?form_app=us

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5cb01f600db539a62074c9fb1dc8898929651ee8fa3dd48f21e75fb4fdcb5f40

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-YfPVGwfgJwd0THl4GFuWodVPUCeQ1Ju4reALlNRMhIAjWxJ0' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-YfPVGwfgJwd0THl4GFuWodVPUCeQ1Ju4reALlNRMhIAjWxJ0' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-YfPVGwfgJwd0THl4GFuWodVPUCeQ1Ju4reALlNRMhIAjWxJ0' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-YfPVGwfgJwd0THl4GFuWodVPUCeQ1Ju4reALlNRMhIAjWxJ0' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
age: 8390
via: 1.1 varnish
x-cache: HIT
p3p: true
paypal-debug-id: f524589092b5a
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 99664
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4037-HHN
x-timer: S1650026560.890342,VS0,VE2
x-frame-options: SAMEORIGIN
date: Fri, 15 Apr 2022 12:42:39 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=10800
etag: W/"18550-1eoMlpfDKVZb8X1Vivvo3cPjT2g"
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 pay.js Show response
pay.google.com/gp/p/js/ 95 KB
31 KB 116ms
64ms Script
application/javascript 2a00:1450:400c:c08::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/js/pay.js

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/5b2521c877e68d146165.js?form_app=us

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d9b157d7d07680e7a086016c2407b912e07a0240676e0f2519ca181db578d68

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fF9AEeErZD+AeXGZXKk0vA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-fF9AEeErZD+AeXGZXKk0vA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
cross-origin-opener-policy: same-origin; report-to="InstantbuyFrontendHttp"
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"InstantbuyFrontendHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendHttp/external"}]}
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: private, max-age=600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-fF9AEeErZD+AeXGZXKk0vA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'nonce-fF9AEeErZD+AeXGZXKk0vA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
expires: Fri, 15 Apr 2022 12:42:39 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 132ms
58ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-745767271

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

b9dff679ff9931afbbb8019d522a7d03d7787a7d7818037d48f3a502c652e2b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14892
x-xss-protection: 0
server: cafe
etag: 4605403730725282575
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 12:42:39 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
38 KB 54ms
53ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-70251-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-745767271

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2b126f2e718314c1f9760ad798e9dc8b670868d7740bdf89a182caadc8674090

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:39 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38551
x-xss-protection: 0
last-modified: Fri, 15 Apr 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 15 Apr 2022 12:42:39 GMT

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 13 KB
5 KB 36ms
36ms Script
application/x-javascript 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=secure.actblue.com&t=xo&v=5.0.304&source=payments_sdk&client_id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&vault=false

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?client-id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&locale=en_US&disable-funding=credit,card&intent=capture&commit=false&enable-funding=venmo

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1db03c3f707ce5d244869ef88043447c67d311313fa4c24c74024ad4d87d33da

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-je1MdzQaBmXnY2BvLSYKvLfc3IYbVduEtZUBZDH2CXLBNYJX' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-je1MdzQaBmXnY2BvLSYKvLfc3IYbVduEtZUBZDH2CXLBNYJX' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
age: 80723
x-cache: HIT
paypal-debug-id: f9462227d7b39
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 4744
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4037-HHN
x-timer: S1650026560.934120,VS0,VE3
x-frame-options: SAMEORIGIN
date: Fri, 15 Apr 2022 12:42:39 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/x-javascript; charset=utf-8
via: 1.1 varnish
cache-control: public, max-age=3600
etag: W/"353b-KoGUz6J8W7xP0ShcaauBk4nzkao"
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 buttons Show response
www.paypal.com/smart/ Frame 1808 385 KB
160 KB 356ms
356ms Document
text/html 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&style.menuPlacement=below&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UmZW5hYmxlLWZ1bmRpbmc9dmVubW8iLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9mbWdpY3pibHBhZ211bHhpc2F1Z2VianVpb21iamsifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=add49c10edcd9&storageID=uid_bfcd21ca9f_mti6ndi6mzk&sessionID=uid_77d7a7f52f_mti6ndi6mzk&buttonSessionID=uid_94016e5e05_mti6ndi6mzk&buttonSize=large&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiMmU3NjAyNDA5YWRhZWVlMWEzYWFlYzM1NWQyZWQ4YzRhZDAzNWU4OSIsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19LCJndWVzdEVuYWJsZWQiOmZhbHNlfSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwiYXBwbGVwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&enableFunding.0=venmo&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

876e028c1650abc6cbd9387b060f1ae9cf3735192eaf36aa79fbfc8eb698608b

Security Headers

Name	Value
Content-Security-Policy	form-action 'self' https://.paypal.com https://.cardinalcommerce.com; default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com: https://.paypalobjects.com https://.googleapis.com https://.firebaseio.com wss://.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://.qualtrics.com; frame-src 'self' https://.paypal.com:* https://.paypalobjects.com https://.cardinalcommerce.com https://.firebaseapp.com https://.qualtrics.com; script-src 'self' https://.paypal.com: https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://.paypal.com:* https://.paypalobjects.com 'unsafe-inline'; font-src 'self' https://.paypal.com https://.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: none
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-disposition: inline
content-encoding: br
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
date: Fri, 15 Apr 2022 12:42:40 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"605f0-YWBN0YiRgZNajy0a2QnFg/z6mzs"
p3p: true
paypal-debug-id: f180746d6f850
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-csrf-jwt: __blank__
x-served-by: cache-hhn4037-HHN
x-timer: S1650026560.986011,VS0,VE325
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ Frame B1C1 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B1C1 9 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ 55 KB
17 KB 42ms
14ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/tagmanager/pptm.js?id=secure.actblue.com&t=xo&v=5.0.304&source=payments_sdk&client_id=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&vault=false

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a4b749626aab6395c52aed1a8016aa5f6c4c8ca60cf771c0d8ce54202a53e725

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
paypal-debug-id: f8b7c154659f9
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 16529
x-served-by: cache-sjc10043-SJC, cache-hhn4058-HHN
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
x-timer: S1650026560.021574,VS0,VE0
etag: W/"622a407f-dad7"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 35289, 463321

GET
H2 200 ts
t.paypal.com/ 42 B
697 B 178ms
153ms Image
image/gif 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3ANGJ83G9Z8QXZ8-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&fltp=analytics&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Masto%27s%20campaign%20and%20the%20DNC%20today%20%E2%80%94%20Donate%20via%20ActBlue&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1650026559987&g=0&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FDE) /

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:40 GMT
content-type: image/gif
server: ECAcc (frc/8FDE)
strict-transport-security: max-age=63072000; includeSubDomains; preload
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 533b19bcea57a
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=148
timing-allow-origin: *
content-length: 42
expires: Fri, 15 Apr 2022 12:42:40 GMT

GET
H3 200 payframe Show response
pay.google.com/gp/p/ui/ Frame 2FDA 18 KB
7 KB 216ms
196ms Document
text/html 2a00:1450:400c:c08::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c08::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c1769d4c5b24098e61ca9fad03d979f314b82f15da317d06652c4b9cc7fca244

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-CAFqfe3W5JSWIlsp4M4DDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-CAFqfe3W5JSWIlsp4M4DDQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure.actblue.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=3600
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-CAFqfe3W5JSWIlsp4M4DDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'nonce-CAFqfe3W5JSWIlsp4M4DDQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin; report-to="InstantbuyFrontendBuyflowPayframeUi"
cross-origin-resource-policy: same-site
date: Fri, 15 Apr 2022 12:42:40 GMT
expires: Fri, 15 Apr 2022 12:42:40 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"InstantbuyFrontendBuyflowPayframeUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayframeUi/external"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 124ms
39ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-70251-1&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1529
date: Fri, 15 Apr 2022 12:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 15 Apr 2022 14:17:11 GMT

GET
H2 200 dark_gpay.svg
www.gstatic.com/instantbuy/svg/ 2 KB
1 KB 126ms
39ms Image
image/svg+xml 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/instantbuy/svg/dark_gpay.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f383d270511912b2da11555947cb3e6012e6375cb5f0d90493c25f6048169073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 08:57:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 186300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 928
x-xss-protection: 0
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 13 Apr 2023 08:57:40 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/745767271/ 3 KB
2 KB 136ms
49ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/745767271/?random=1650026560034&cv=9&fst=1650026560034&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4d0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&tiba=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Masto%27s%20campaign%20and%20the%20DNC%20today%20%E2%80%94%20Donate%20via%20ActBlue&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef4c2ea911b39f73062e133a65ee42d472fc85d0be55d1436d5b729e2fdbea73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/745767271/ 2 KB
1 KB 87ms
44ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/745767271/?random=1650026560039&cv=9&fst=1650026560039&num=1&label=sBrwCPCVnJsBEOeCzuMC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4d0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&tiba=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Masto%27s%20campaign%20and%20the%20DNC%20today%20%E2%80%94%20Donate%20via%20ActBlue&auid=1358995643.1650026560&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

77448e7273af58a49cc3149efa9f7195f9a60ae7e956bca0ec7e076c9ddd4328

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1457
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 index.html Show response
www.paypalobjects.com/muse/analytics/ Frame D567 54 KB
17 KB 7ms
7ms Document
text/html 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/muse.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1b8f3d676f1df1ca5867197fb16660fe565e70b9c6cd4176985a522df98e6d14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.actblue.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: gzip
content-length: 16790
content-type: text/html
date: Fri, 15 Apr 2022 12:42:40 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"622a407f-d994"
last-modified: Thu, 10 Mar 2022 18:16:31 GMT
paypal-debug-id: 2e5f1924de6ae
strict-transport-security: max-age=31557600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 36963, 494290
x-content-type-options: nosniff
x-served-by: cache-sjc10062-SJC, cache-hhn4058-HHN
x-timer: S1650026560.054110,VS0,VE0

GET
H2 200 ts
t.paypal.com/ 42 B
438 B 170ms
169ms Image
image/gif 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1&page=muse%3Aoffer%3A%3A%3ANGJ83G9Z8QXZ8-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=fe4dca86-323c-4442-b2a6-6bd13ac56ad7&es=visitorInfoFlowStarted&mrid=NGJ83G9Z8QXZ8&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Masto%27s%20campaign%20and%20the%20DNC%20today%20%E2%80%94%20Donate%20via%20ActBlue&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1650026560083&g=0&completeurl=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FDE) /

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:40 GMT
content-type: image/gif
server: ECAcc (frc/8FDE)
strict-transport-security: max-age=63072000; includeSubDomains; preload
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 4961ccf0865a8
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=164
timing-allow-origin: *
content-length: 42
expires: Fri, 15 Apr 2022 12:42:40 GMT

POST
H2 200 graphql Show response
www.paypal.com/targeting/ Frame D567 434 B
2 KB 274ms
274ms Fetch
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8208c5f8216f0842486938eaa1aaf9225f43a0d0b526725910e439dd1836b085

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; img-src 'self' https:; script-src 'nonce-Ty38n5MZZg2cXuhqgKz5Zv51x5JkQhP54U0pNJm+NYDPfqlD' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypalobjects.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-Ty38n5MZZg2cXuhqgKz5Zv51x5JkQhP54U0pNJm+NYDPfqlD' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
via: 1.1 varnish
vary: Accept-Encoding
x-cache: MISS
paypal-debug-id: f18074654399e
date: Fri, 15 Apr 2022 12:42:40 GMT
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4037-HHN
x-timer: S1650026560.284886,VS0,VE266
x-frame-options: SAMEORIGIN
etag: W/"1b2-lhZ8XWVuL6oFYiCtgWTO8xRjFqw"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypalobjects.com
content-encoding: br
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

OPTIONS
H2 204 graphql
www.paypal.com/targeting/ Frame 0
0 195ms
176ms Preflight 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.paypalobjects.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Fri, 15 Apr 2022 12:42:40 GMT
dc: ccg11-origin-www-1.paypal.com
paypal-debug-id: f180746d32e69
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-hhn4036-HHN
x-timer: S1650026560.107250,VS0,VE170

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame 7CF0 149 KB
55 KB 55ms
54ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-745767271

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/pages/em-ccm-split-apr-2022/tracking_code?t=landing&refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628&auth_token=null

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e169e9828d28266770007da767945dadd70706b94b98556626df8e4fe4b88485

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56661
x-xss-protection: 0
last-modified: Fri, 15 Apr 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 15 Apr 2022 12:42:40 GMT

GET
H2 200 1.js Show response
zgen2d20.micpn.com/p/js/ Frame 7CF0 42 KB
15 KB 217ms
174ms Script
text/javascript 18.66.248.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://zgen2d20.micpn.com/p/js/1.js
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/pages/em-ccm-split-apr-2022/tracking_code?t=landing&refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628&auth_token=null
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-4.dus51.r.cloudfront.net
Software: /
Resource Hash: 4d8257d86f0acd9b1cbdce411355c60acdbfc08a8de197cbb7efb422803d15d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
p3p: policyref="https://movableink.com/w3c/p3p.xml", CP="DEVa PSAa PSDa IVAa IVDa OUR IND DSP NON COR NAV UNI"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
via: 1.1 ed18d8ae19db26837eda53bbf8f03c08.cloudfront.net (CloudFront)
cache-control: no-cache max-age=0
timing-allow-origin: https://secure.actblue.com
x-amz-cf-id: eH6_A3pX8mw7EAZGKwdc8Nfst8v7rU0IFVlukSGlqSvxxARuHGRidw==
x-uuid: 31045380-ca1e-4184-881a-2e52c13fed1e
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 7CF0 99 KB
27 KB 23ms
7ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: YeEcfXszII4Y6CtTNcA4yiadW7DfffLZxbpSr7cREjtrXMekIjvrFiC0dkmaBHsoSvP2bkjFBkG+Xh19HD8UMw==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Fri, 15 Apr 2022 12:42:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 368391443763157 Show response
connect.facebook.net/signals/config/ Frame 7CF0 307 KB
87 KB 98ms
90ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/368391443763157?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

00cc2d556e6b31ec42d94548a50a411006a029ce55ca4f467200b78b71353812

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: MFDUUVS4SKHkM6ZZwkNxsnFzLheG4cLd4NphMoVMlry+cjUrqpBGQ9mH9EQTPt+seoSAK9cX0u+SGaggfVP/+A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 15 Apr 2022 12:42:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/745767271/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/745767271/?random=1050550660&cv=9&fst=1650026560039&num=1&label=sBrwCPCVnJsBEOeCzuMC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=120...
https://www.google.com/pagead/1p-conversion/745767271/?random=1050550660&cv=9&fst=1650026560039&num=1&label=sBrwCPCVnJsBEOeCzuMC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&...
https://www.google.de/pagead/1p-conversion/745767271/?random=1050550660&cv=9&fst=1650026560039&num=1&label=sBrwCPCVnJsBEOeCzuMC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u...

42 B
64 B

59ms
58ms

Image
image/gif

2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/745767271/?random=1050550660&cv=9&fst=1650026560039&num=1&label=sBrwCPCVnJsBEOeCzuMC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4d0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&tiba=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Masto%27s%20campaign%20and%20the%20DNC%20today%20%E2%80%94%20Donate%20via%20ActBlue&auid=1358995643.1650026560&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=QGhZYs3cBaPImweR1qDwDA&random=1433570823&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hAJXIe1pEZPnngIw-jzVYfiiSmVmokIkV3tNlm9Z-sejipdQtn8K05d7n7O1ukkl3RBF6NqqlVbi1UC5Uq6vc7b

Requested by

Protocol

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:40 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/745767271/?random=1050550660&cv=9&fst=1650026560039&num=1&label=sBrwCPCVnJsBEOeCzuMC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4d0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&tiba=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Masto%27s%20campaign%20and%20the%20DNC%20today%20%E2%80%94%20Donate%20via%20ActBlue&auid=1358995643.1650026560&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=QGhZYs3cBaPImweR1qDwDA&random=1433570823&resp=GooglemKTybQhCsO&ipr=y&prhg=0&ezwbk=AZuM4hAJXIe1pEZPnngIw-jzVYfiiSmVmokIkV3tNlm9Z-sejipdQtn8K05d7n7O1ukkl3RBF6NqqlVbi1UC5Uq6vc7b
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 92ms
45ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1676768812&t=pageview&_s=1&dl=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022&ul=en-us&de=UTF-8&dt=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Masto%27s%20campaign%20and%20the%20DNC%20today%20%E2%80%94%20Donate%20via%20ActBlue&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=88171332.1492187459.1650026560.1650026560.1650026560.1&_utmz=88171332.1650026560.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1650026560170&_u=YQBCAUABAAAAAC~&jid=1340026691&gjid=603273966&cid=1492187459.1650026560&tid=UA-70251-1&_gid=299026185.1650026560&_r=1&gtm=2ou4d0&z=1616331931

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-logs.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.actblue.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.actblue.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/745767271/ 42 B
548 B 143ms
58ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/745767271/?random=1650026560034&cv=9&fst=1650024000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4d0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&tiba=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Masto%27s%20campaign%20and%20the%20DNC%20today%20%E2%80%94%20Donate%20via%20ActBlue&async=1&fmt=3&is_vtc=1&random=1637121567&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/745767271/ 42 B
548 B 133ms
51ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/745767271/?random=1650026560034&cv=9&fst=1650024000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4d0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&tiba=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Masto%27s%20campaign%20and%20the%20DNC%20today%20%E2%80%94%20Donate%20via%20ActBlue&async=1&fmt=3&is_vtc=1&random=1637121567&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ Frame 7CF0 39 KB
15 KB 55ms
55ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-745767271

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

b9dff679ff9931afbbb8019d522a7d03d7787a7d7818037d48f3a502c652e2b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14892
x-xss-protection: 0
server: cafe
etag: 4605403730725282575
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 12:42:40 GMT

POST
H3 404 cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame 2FDA 2 KB
2 KB 18ms
17ms Other
text/html 2a00:1450:400c:c08::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c08::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
referrer-policy: no-referrer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1608
content-type: text/html; charset=UTF-8

GET
H3 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AM... Frame 2FDA 148 KB
52 KB 86ms
40ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Requested by

Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fsecure.actblue.com&mid=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

688e4b7ed1d03bfad759eed610b711dacde97db49c4a45dee7dc0d49c48d99f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 16:25:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 159406
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52929
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 04:24:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 13 Apr 2023 16:25:54 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 7CF0 44 B
297 B 24ms
7ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=368391443763157&ev=PageView&dl=https%3A%2F%2Fsecure.actblue.com%2Fpages%2Fem-ccm-split-apr-2022%2Ftracking_code%3Ft%3Dlanding%26refcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628%26auth_token%3Dnull&rl=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&if=true&ts=1650026560272&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650026560270.1278790317&it=1650026560136&coo=false&exp=p1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Fri, 15 Apr 2022 12:42:40 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 7CF0 44 B
101 B 24ms
8ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=368391443763157&ev=AddToCart&dl=https%3A%2F%2Fsecure.actblue.com%2Fpages%2Fem-ccm-split-apr-2022%2Ftracking_code%3Ft%3Dlanding%26refcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628%26auth_token%3Dnull&rl=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&if=true&ts=1650026560274&sw=1600&sh=1200&v=2.9.57&r=stable&ec=1&o=30&fbp=fb.1.1650026560270.1278790317&it=1650026560136&coo=false&exp=p1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Fri, 15 Apr 2022 12:42:40 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 38ms
18ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-70251-1&cid=1492187459.1650026560&jid=1340026691&gjid=603273966&_gid=299026185.1650026560&_u=YQBCAUAAAAAAAC~&z=127861975

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-logs.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure.actblue.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 15 Apr 2022 12:42:40 GMT
content-type: text/plain
access-control-allow-origin: https://secure.actblue.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 67ms
66ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-70251-1&cid=1492187459.1650026560&jid=1340026691&_u=YQBCAUAAAAAAAC~&z=74213696

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 114ms
65ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-70251-1&cid=1492187459.1650026560&jid=1340026691&_u=YQBCAUAAAAAAAC~&z=74213696

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 1808 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.iRG... Frame 2FDA 77 KB
28 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.iRGKty8UOIM.L.B1.O/am=DAAC/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrhDJka1kg7ehDd8ZSP1RMD2qa47eg/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6fff41cc7237157d027108f0eff7b36eafef45f20a873bdb5d9602a46294514

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 16:44:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158263
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28618
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 22:39:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 13 Apr 2023 16:44:57 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ Frame 2FDA 49 KB
20 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.iRGKty8UOIM.L.B1.O/am=DAAC/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrhDJka1kg7ehDd8ZSP1RMD2qa47eg/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=IZT63,ws9Tlc,p8L0ob,vfuNJf,PrPYRd,Ru0Pgb,hc6Ubd,ZyYHPb,Das5Le

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1529
date: Fri, 15 Apr 2022 12:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 15 Apr 2022 14:17:11 GMT

GET
H3 200 pay Show response
pay.google.com/gp/p/ui/ Frame 2FDA 1 MB
347 KB 83ms
82ms XHR
text/html 2a00:1450:400c:c08::5c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pay.google.com/gp/p/ui/pay

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c08::5c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6e5676871a4bb28c031c088acdbc7583dc080dc10ef5cd657a855edb0a8f94c2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-WFmfoKWgcGuKQyR2FZ44Cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-WFmfoKWgcGuKQyR2FZ44Cg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge
server: ESF
cross-origin-opener-policy: unsafe-none; report-to="InstantbuyFrontendBuyflowPayUi"
date: Fri, 15 Apr 2022 12:42:40 GMT
x-frame-options: DENY
report-to: {"group":"InstantbuyFrontendBuyflowPayUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/InstantbuyFrontendBuyflowPayUi/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: private, max-age=3600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-WFmfoKWgcGuKQyR2FZ44Cg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'nonce-WFmfoKWgcGuKQyR2FZ44Cg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
expires: Fri, 15 Apr 2022 12:42:40 GMT

GET
DATA 200
OK truncated
/ Frame 1808 9 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame 1808 320 KB
98 KB 20ms
20ms Script
application/javascript 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&style.menuPlacement=below&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UmZW5hYmxlLWZ1bmRpbmc9dmVubW8iLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9mbWdpY3pibHBhZ211bHhpc2F1Z2VianVpb21iamsifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=add49c10edcd9&storageID=uid_bfcd21ca9f_mti6ndi6mzk&sessionID=uid_77d7a7f52f_mti6ndi6mzk&buttonSessionID=uid_94016e5e05_mti6ndi6mzk&buttonSize=large&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiMmU3NjAyNDA5YWRhZWVlMWEzYWFlYzM1NWQyZWQ4YzRhZDAzNWU4OSIsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19LCJndWVzdEVuYWJsZWQiOmZhbHNlfSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwiYXBwbGVwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&enableFunding.0=venmo&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5cb01f600db539a62074c9fb1dc8898929651ee8fa3dd48f21e75fb4fdcb5f40

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-YfPVGwfgJwd0THl4GFuWodVPUCeQ1Ju4reALlNRMhIAjWxJ0' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-YfPVGwfgJwd0THl4GFuWodVPUCeQ1Ju4reALlNRMhIAjWxJ0' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&style.menuPlacement=below&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UmZW5hYmxlLWZ1bmRpbmc9dmVubW8iLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9mbWdpY3pibHBhZ211bHhpc2F1Z2VianVpb21iamsifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=add49c10edcd9&storageID=uid_bfcd21ca9f_mti6ndi6mzk&sessionID=uid_77d7a7f52f_mti6ndi6mzk&buttonSessionID=uid_94016e5e05_mti6ndi6mzk&buttonSize=large&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiMmU3NjAyNDA5YWRhZWVlMWEzYWFlYzM1NWQyZWQ4YzRhZDAzNWU4OSIsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19LCJndWVzdEVuYWJsZWQiOmZhbHNlfSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwiYXBwbGVwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&enableFunding.0=venmo&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-YfPVGwfgJwd0THl4GFuWodVPUCeQ1Ju4reALlNRMhIAjWxJ0' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-YfPVGwfgJwd0THl4GFuWodVPUCeQ1Ju4reALlNRMhIAjWxJ0' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
age: 8391
via: 1.1 varnish
x-cache: HIT
p3p: true
paypal-debug-id: f524589092b5a
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 99664
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4037-HHN
x-timer: S1650026560.487563,VS0,VE3
x-frame-options: SAMEORIGIN
date: Fri, 15 Apr 2022 12:42:40 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=10800
etag: W/"18550-1eoMlpfDKVZb8X1Vivvo3cPjT2g"
accept-ranges: bytes
x-cache-hits: 2

POST
H3 200 log Show response
play.google.com/ Frame 2FDA 131 B
155 B 99ms
51ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 15 Apr 2022 12:42:40 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 134ms
46ms Preflight
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 15 Apr 2022 12:42:40 GMT
expires: Fri, 15 Apr 2022 12:42:40 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 2FDA 131 B
155 B 98ms
51ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 15 Apr 2022 12:42:40 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 129ms
46ms Preflight
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 15 Apr 2022 12:42:40 GMT
expires: Fri, 15 Apr 2022 12:42:40 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 2FDA 131 B
155 B 95ms
49ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 15 Apr 2022 12:42:40 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 127ms
48ms Preflight
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 15 Apr 2022 12:42:40 GMT
expires: Fri, 15 Apr 2022 12:42:40 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 2FDA 131 B
155 B 105ms
58ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 15 Apr 2022 12:42:40 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 120ms
47ms Preflight
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 15 Apr 2022 12:42:40 GMT
expires: Fri, 15 Apr 2022 12:42:40 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 2FDA 131 B
155 B 97ms
51ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 15 Apr 2022 12:42:40 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 113ms
47ms Preflight
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 15 Apr 2022 12:42:40 GMT
expires: Fri, 15 Apr 2022 12:42:40 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 2FDA 131 B
155 B 95ms
50ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 15 Apr 2022 12:42:40 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 109ms
47ms Preflight
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 15 Apr 2022 12:42:40 GMT
expires: Fri, 15 Apr 2022 12:42:40 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 2FDA 131 B
155 B 102ms
56ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 15 Apr 2022 12:42:40 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 104ms
48ms Preflight
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://pay.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://pay.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Fri, 15 Apr 2022 12:42:40 GMT
expires: Fri, 15 Apr 2022 12:42:40 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.iRG... Frame 2FDA 18 KB
7 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.iRGKty8UOIM.L.B1.O/am=DAAC/d=1/exm=Das5Le,IZT63,PrPYRd,Ru0Pgb,ZyYHPb,_b,_tp,hc6Ubd,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrhDJka1kg7ehDd8ZSP1RMD2qa47eg/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7365371a15c90f4fad5ce73db0143325579f90af5ddcddf80d07879e00bafa52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 16:45:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158252
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7448
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 22:39:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 13 Apr 2023 16:45:08 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c Show response
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.iRG... Frame 2FDA 37 KB
14 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.iRGKty8UOIM.L.B1.O/am=DAAC/d=1/exm=Das5Le,FCpbqb,IZT63,PrPYRd,Ru0Pgb,WhJNk,Wt6vjf,ZyYHPb,_b,_tp,hc6Ubd,hhhU8,p8L0ob,vfuNJf,ws9Tlc/excm=_b,_tp,payframeview/esmo=1/ed=1/wt=2/rs=AMitfrhDJka1kg7ehDd8ZSP1RMD2qa47eg/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:siKnQd;iFQyKf:vfuNJf;dIoSBb:SpsfSb;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a761272fd9d6f72fe1a8bbbeb3191dcc4377f2bb992d26aeea4e257393b5df7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pay.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 16:45:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 158252
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14138
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 22:39:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 13 Apr 2023 16:45:08 GMT

POST
H2 200 log Show response
play.google.com/ Frame 2FDA 131 B
671 B 133ms
49ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.enNfB0U1mGI.es5.O/am=DAAC/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/esmo=1/rs=AMitfriZIKCvcPwStkRodjQ_EuZCl2U9WQ/m=_b,_tp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pay.google.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 15 Apr 2022 12:42:40 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://pay.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 15 Apr 2022 12:42:40 GMT

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame 1808 56 KB
19 KB 33ms
8ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F22) /

Resource Hash

cdd271b86f93710e10a49e074bacf5a5462ebad6af7ed4c9d2325682371960ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 625836
x-cache: HIT
paypal-debug-id: 115186a73ec4b
access-control-max-age: 86400
access-control-allow-methods: GET
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=2
dc: ccg11-origin-www-1.paypal.com
content-length: 19339
last-modified: Mon, 28 Mar 2022 22:49:15 GMT
server: ECAcc (frc/8F22)
etag: "62423b6b-de68"
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Apr 2022 12:42:41 GMT

POST
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 1808 850 B
1 KB 176ms
175ms Ping
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dd12caa33cf6570be283e16459a5babb9089344c02146458633dc801675d2a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&style.menuPlacement=below&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UmZW5hYmxlLWZ1bmRpbmc9dmVubW8iLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9mbWdpY3pibHBhZ211bHhpc2F1Z2VianVpb21iamsifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=add49c10edcd9&storageID=uid_bfcd21ca9f_mti6ndi6mzk&sessionID=uid_77d7a7f52f_mti6ndi6mzk&buttonSessionID=uid_94016e5e05_mti6ndi6mzk&buttonSize=large&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiMmU3NjAyNDA5YWRhZWVlMWEzYWFlYzM1NWQyZWQ4YzRhZDAzNWU4OSIsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19LCJndWVzdEVuYWJsZWQiOmZhbHNlfSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwiYXBwbGVwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&enableFunding.0=venmo&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 15 Apr 2022 12:42:41 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: f632751c52fdf
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4037-HHN
x-timer: S1650026561.275855,VS0,VE166
etag: W/"352-DFPdhukao+ZpglTBWj8AowZ7sWA"
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

GET
H2 200 i Show response
c.paypal.com/v1/r/d/ Frame 2FBB 160 B
813 B 161ms
161ms Document
text/html 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FDE) /

Resource Hash

9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypal.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 141
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: a8bf3d4ac779b
date: Fri, 15 Apr 2022 12:42:41 GMT
paypal-debug-id: a8bf3d4ac779b
server: ECAcc (frc/8FDE)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=155
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

counter2.cgi
dub.stats.paypal.com/v2/ Frame 4AFB
Redirect Chain

https://b.stats.paypal.com/v2/counter.cgi?p=uid_77d7a7f52f_mti6ndi6mzk&s=SMART_PAYMENT_BUTTONS
https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_77d7a7f52f_mti6ndi6mzk&s=SMART_PAYMENT_BUTTONS

42 B
299 B

104ms
35ms

Image
image/jpeg

64.4.245.84
PAYPAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_77d7a7f52f_mti6ndi6mzk&s=SMART_PAYMENT_BUTTONS
Requested by: Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&style.menuPlacement=below&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UmZW5hYmxlLWZ1bmRpbmc9dmVubW8iLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9mbWdpY3pibHBhZ211bHhpc2F1Z2VianVpb21iamsifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=add49c10edcd9&storageID=uid_bfcd21ca9f_mti6ndi6mzk&sessionID=uid_77d7a7f52f_mti6ndi6mzk&buttonSessionID=uid_94016e5e05_mti6ndi6mzk&buttonSize=large&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiMmU3NjAyNDA5YWRhZWVlMWEzYWFlYzM1NWQyZWQ4YzRhZDAzNWU4OSIsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19LCJndWVzdEVuYWJsZWQiOmZhbHNlfSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwiYXBwbGVwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&enableFunding.0=venmo&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
Protocol: HTTP/1.1
Server: 64.4.245.84 , United States, ASN17012 (PAYPAL, US),
Reverse DNS
Software: PayPal-B.Stats/1.0 /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 12:42:41 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 42
Content-Type: image/jpeg

Redirect headers

Location: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_77d7a7f52f_mti6ndi6mzk&s=SMART_PAYMENT_BUTTONS
Date: Fri, 15 Apr 2022 12:42:41 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 0
Content-Type: application/octet-stream

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame 2FBB 56 KB
19 KB 8ms
7ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8F22) /

Resource Hash

cdd271b86f93710e10a49e074bacf5a5462ebad6af7ed4c9d2325682371960ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 625836
x-cache: HIT
paypal-debug-id: 115186a73ec4b
access-control-max-age: 86400
access-control-allow-methods: GET
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=2
dc: ccg11-origin-www-1.paypal.com
content-length: 19339
last-modified: Mon, 28 Mar 2022 22:49:15 GMT
server: ECAcc (frc/8F22)
etag: "62423b6b-de68"
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 16 Apr 2022 12:42:41 GMT

POST
H2 200 trackables Show response
secure.actblue.com/ 0
413 B 336ms
335ms Fetch
text/html 151.101.64.174
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.actblue.com/trackables

Requested by

Host: secure.actblue.com
URL: https://secure.actblue.com/cf/assets/app/5b2521c877e68d146165.js?form_app=us

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.174 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json; charset=utf-8

Response headers

date: Fri, 15 Apr 2022 12:42:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
status: 200 OK
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-start: 2022-04-15 12:42:41.664
x-frame-options: SAMEORIGIN
x-download-options: noopen
vary: Accept-Encoding
content-type: text/html
via: 1.1 varnish
cache-control: private, no-store
accept-ranges: bytes

GET
H2 200 s.js Show response
cdn.sift.com/ 61 KB
20 KB 84ms
15ms Script
application/javascript 34.96.67.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.sift.com/s.js
Requested by: Host: secure.actblue.com
URL: https://secure.actblue.com/donate/em-ccm-split-apr-2022?refcode=em_20220413_ccm_nd&amount=100&link_id=3&can_id=45468342d4b08c221cbacd4eebe20cbc&source=email-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3&email_referrer=email_1508628&email_subject=just-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority&refcodeEmailReferrer=email_1508628
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.67.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.67.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 7921df86278b7fa9be0cbd78d9990071763ec4e9e88aaff2c3d466723090b8ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 22:29:15 GMT
content-encoding: gzip
age: 51206
x-guploader-uploadid: ADPycduwpIIbkqflscZvPgL3W0dachWYB-Wdea3GkGRW9XW-SG54uhIzLu4TRqNspcn2qdXeDF43r750F-VS9YxR1kRzgsgZE-_t
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 20452
last-modified: Thu, 09 Apr 2020 21:59:13 GMT
server: UploadServer
etag: "07cb8203158abb26b3c18318350e7b36"
vary: Accept-Encoding
x-goog-hash: crc32c=fIrBTA==, md5=B8uCAxWKuyazwYMYNQ57Ng==
x-goog-generation: 1586469553682331
cache-control: public, max-age=86400
x-goog-stored-content-length: 20452
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 15 Apr 2022 22:29:15 GMT

POST
H2 200 p1 Show response
c.paypal.com/v1/r/d/b/ Frame 2FBB 125 B
645 B 209ms
209ms XHR
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/p1

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FDE) /

Resource Hash

c927af06fe2fff6ea13255759b370fb4f1dfffd0b8fc1e7a9676f7b34d3250f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 15 Apr 2022 12:42:41 GMT
correlation-id: d6a9eb12e1de8
content-type: application/json
server: ECAcc (frc/8FDE)
strict-transport-security: max-age=63072000; includeSubDomains; preload
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: d6a9eb12e1de8
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=203
timing-allow-origin: *
content-length: 125

POST
H2 200 e Show response
c.paypal.com/v1/r/d/b/ Frame 2FBB 15 B
130 B 168ms
168ms XHR
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/e

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FDE) /

Resource Hash

d44c1f2a6531d774fda6e6eba865f1ba8aed10f372fe97f395895a8a1e1fa2a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 15 Apr 2022 12:42:41 GMT
correlation-id: a0295d4a150a8
server: ECAcc (frc/8FDE)
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json
paypal-debug-id: a0295d4a150a8
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=162
timing-allow-origin: *
content-length: 15

GET
H/1.1 200
OK p3
c6.paypal.com/v1/r/d/b/ Frame 2FBB 0
266 B 683ms
634ms Image
text/plain 2a02:26f0:6c00:2b5::26cf
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c6.paypal.com/v1/r/d/b/p3?f=uid_77d7a7f52f_mti6ndi6mzk&s=SMART_PAYMENT_BUTTONS
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b5::26cf Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 12:42:42 GMT
CORRELATION-ID: af49b5d7615fc
Paypal-Debug-Id: af49b5d7615fc
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Fri, 15 Apr 2022 12:42:42 GMT

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame 1808 834 B
711 B 164ms
164ms XHR
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5c4f59664f0f5afa44251092be7b914a159c032fce8f8799b5fb49d32be7eba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.paypal.com/smart/buttons?env=production&style.label=paypal&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.height=44&style.menuPlacement=below&components.0=buttons&locale.lang=en&locale.country=US&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QWJIbzZoQkVEbUNIdWxEaFJNa0NWazdGRGVkNXpFMS1tTm83U1F2b195eGVMdkd5bE01bUdoNUlPangwQVY5c1RIaEhEakQ0QTQ0M0R5YmImbG9jYWxlPWVuX1VTJmRpc2FibGUtZnVuZGluZz1jcmVkaXQsY2FyZCZpbnRlbnQ9Y2FwdHVyZSZjb21taXQ9ZmFsc2UmZW5hYmxlLWZ1bmRpbmc9dmVubW8iLCJhdHRycyI6eyJkYXRhLXVpZCI6InVpZF9mbWdpY3pibHBhZ211bHhpc2F1Z2VianVpb21iamsifX0&clientID=AbHo6hBEDmCHulDhRMkCVk7FDed5zE1-mNo7SQvo_yxeLvGylM5mGh5IOjx0AV9sTHhHDjD4A443Dybb&sdkCorrelationID=add49c10edcd9&storageID=uid_bfcd21ca9f_mti6ndi6mzk&sessionID=uid_77d7a7f52f_mti6ndi6mzk&buttonSessionID=uid_94016e5e05_mti6ndi6mzk&buttonSize=large&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwibWVyY2hhbnRDb25maWdIYXNoIjoiMmU3NjAyNDA5YWRhZWVlMWEzYWFlYzM1NWQyZWQ4YzRhZDAzNWU4OSIsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjpmYWxzZSwiYnJhbmRlZCI6dHJ1ZSwiaW5zdGFsbG1lbnRzIjpmYWxzZSwidmVuZG9ycyI6eyJ2aXNhIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJtYXN0ZXJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJhbWV4Ijp7ImVsaWdpYmxlIjp0cnVlLCJ2YXVsdGFibGUiOnRydWV9LCJkaXNjb3ZlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImhpcGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjpmYWxzZX0sImVsbyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX0sImpjYiI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6dHJ1ZX19LCJndWVzdEVuYWJsZWQiOmZhbHNlfSwidmVubW8iOnsiZWxpZ2libGUiOmZhbHNlfSwiaXRhdSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJjcmVkaXQiOnsiZWxpZ2libGUiOmZhbHNlfSwiYXBwbGVwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwic2VwYSI6eyJlbGlnaWJsZSI6dHJ1ZX0sImlkZWFsIjp7ImVsaWdpYmxlIjpmYWxzZX0sImJhbmNvbnRhY3QiOnsiZWxpZ2libGUiOmZhbHNlfSwiZ2lyb3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJlcHMiOnsiZWxpZ2libGUiOmZhbHNlfSwic29mb3J0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sIm15YmFuayI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwMjQiOnsiZWxpZ2libGUiOmZhbHNlfSwiemltcGxlciI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ3ZWNoYXRwYXkiOnsiZWxpZ2libGUiOmZhbHNlfSwicGF5dSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJibGlrIjp7ImVsaWdpYmxlIjpmYWxzZX0sInRydXN0bHkiOnsiZWxpZ2libGUiOmZhbHNlfSwib3h4byI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJtYXhpbWEiOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1lcmNhZG9wYWdvIjp7ImVsaWdpYmxlIjpmYWxzZX19&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&enableFunding.0=venmo&disableFunding.0=credit&disableFunding.1=card&renderedButtons.0=paypal&renderedButtons.1=sepa&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
content-type: application/json

Response headers

date: Fri, 15 Apr 2022 12:42:41 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: f54059978ba56
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4037-HHN
x-timer: S1650026562.708033,VS0,VE158
etag: W/"342-MrKZ5i41V+4vp5cUHdWUQBt/HIc"
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 827 B
1 KB 162ms
162ms XHR
application/json 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-logs.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e5b97f0c781a5ed26c316237cc607a4cd5103b8ca75036f342ebd4b09d342b4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://secure.actblue.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
content-type: application/json

Response headers

date: Fri, 15 Apr 2022 12:42:42 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
paypal-debug-id: f5405992c15ec
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
x-served-by: cache-hhn4036-HHN
x-timer: S1650026562.889072,VS0,VE154
etag: W/"33b-4qKZMoOD+sPWl3Jv/RpqeddyOZQ"
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://secure.actblue.com
content-encoding: br
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 176ms
175ms Preflight 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://secure.actblue.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

accept-ranges: none
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://secure.actblue.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: br
date: Fri, 15 Apr 2022 12:42:41 GMT
dc: ccg11-origin-www-1.paypal.com
paypal-debug-id: f5405998838df
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: accept-encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-served-by: cache-hhn4036-HHN
x-timer: S1650026562.713160,VS0,VE166

GET
H2 200 695802.gif
hexagon-analytics.com/images/ 43 B
240 B 198ms
124ms Image
image/gif 34.102.232.42
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hexagon-analytics.com/images/695802.gif?bk=19482a20cc&tm=67&r=796108237&v=105&cs=UTF-8&h=secure.actblue.com&l=en-US&S=56e0866084bcc1e0c7017fd7c134c360&uu=d9b3d1ebc320a0037c27b87ada729bc&t=Split%20a%20donation%20between%20Sen.%20Catherine%20Cortez%20Mast&u=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F100.0.4896.75%20Safari%2F537.36&nm=4&mh=fe407dda3b01b3e3c72476fe7bf9f870&np=3&ph=596d9e73a4a75c4ceee60ad7b54864b3&sh=1200&sw=1600&cd=24&p=Linux%20x86_64&to=0&d=0&ce=true&tp=0&ol=true&pr=Gecko&ps=20030107&vd=Google%20Inc.&vs=&hc=4&je=false&ss=true&ls=true&in=true&db=false&tl=false&tr=false&ts=true&tb=false&ab=false&cf=64d58bfddb44af6942e7931de5174ca7&z=z

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.232.42 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

42.232.102.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 12:42:41 GMT
via: 1.1 google
x-content-type-options: nosniff
server: nginx
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: clear
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ Frame 7CF0 44 B
91 B 17ms
8ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=368391443763157&ev=Microdata&dl=https%3A%2F%2Fsecure.actblue.com%2Fpages%2Fem-ccm-split-apr-2022%2Ftracking_code%3Ft%3Dlanding%26refcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628%26auth_token%3Dnull&rl=https%3A%2F%2Fsecure.actblue.com%2Fdonate%2Fem-ccm-split-apr-2022%3Frefcode%3Dem_20220413_ccm_nd%26amount%3D100%26link_id%3D3%26can_id%3D45468342d4b08c221cbacd4eebe20cbc%26source%3Demail-capture-firstname3-firstname-sanitize-endcapture-if-firstname3-firstname-sanitize-this-else-this-endif-is-so-important-3%26email_referrer%3Demail_1508628%26email_subject%3Djust-one-senate-seat-stands-between-a-democratic-or-republican-senate-majority%26refcodeEmailReferrer%3Demail_1508628&if=true&ts=1650026561817&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.57&r=stable&ec=2&o=30&fbp=fb.1.1650026560270.1278790317&it=1650026560136&coo=false&es=automatic&tm=3&exp=p1&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secure.actblue.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 12:42:41 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Fri, 15 Apr 2022 12:42:41 GMT

POST
H2 200 / Show response
api-js.mixpanel.com/track/ 25 B
372 B 179ms
90ms XHR
application/json 130.211.34.183

General

Check archive.org

Show headers Download Go to

Full URL

https://api-js.mixpanel.com/track/?verbose=1&ip=1&_=1650026564675

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-logs.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

130.211.34.183 -, , ASN (),

Reverse DNS

Software

envoy /

Resource Hash

e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800; includeSubDomains

Request headers

Referer: https://secure.actblue.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=604800; includeSubDomains
via: 1.1 google
server: envoy
access-control-allow-headers: X-Requested-With
date: Fri, 15 Apr 2022 12:42:44 GMT
access-control-max-age: 1728000
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://secure.actblue.com
access-control-expose-headers: X-MP-CE-Backoff
cache-control: no-cache, no-store
access-control-allow-credentials: true
x-envoy-upstream-service-time: 18
alt-svc: clear
content-length: 25

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
secure.actblue.com/cf/assets/app-css	1969-12-31 23:59:59	Name: skip_prefill_check Value: true
secure.actblue.com/cf/assets/app	1969-12-31 23:59:59	Name: skip_prefill_check Value: true
secure.actblue.com/cf/assets	1969-12-31 23:59:59	Name: skip_prefill_check Value: true
secure.actblue.com/cf/static	1969-12-31 23:59:59	Name: skip_prefill_check Value: true
secure.actblue.com/donate	1969-12-31 23:59:59	Name: skip_prefill_check Value: true
secure.actblue.com/	1970-01-20 02:20:27	Name: _dd_s Value: logs=1&id=29ad7004-3abb-4459-a700-786d65218ae2&created=1650026559668&expire=1650027459668
.actblue.com/	1970-01-20 11:06:02	Name: mp_1498bce7991dd9e45621a9bf2dbfa01b_mixpanel Value: %7B%22distinct_id%22%3A%20%221802d3f38be3c6-00e25caaea6aad-1a343370-1d4c00-1802d3f38bf73e%22%2C%22%24device_id%22%3A%20%221802d3f38be3c6-00e25caaea6aad-1a343370-1d4c00-1802d3f38bf73e%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
.actblue.com/	1970-01-20 19:51:38	Name: __utma Value: 88171332.1492187459.1650026560.1650026560.1650026560.1
.actblue.com/	1969-12-31 23:59:59	Name: __utmc Value: 88171332
.actblue.com/	1970-01-20 06:43:14	Name: __utmz Value: 88171332.1650026560.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.actblue.com/	1970-01-20 02:20:27	Name: __utmt Value: 1
.actblue.com/	1970-01-20 02:20:28	Name: __utmb Value: 88171332.1.10.1650026560
.secure.actblue.com/	1970-01-20 02:20:30	Name: _session_id Value: 3339b16a4161ad925ab1f1e0dc29a908
.actblue.com/	1970-01-20 04:30:02	Name: _gcl_au Value: 1.1.1358995643.1650026560
.google.com/	1970-01-20 06:43:57	Name: NID Value: 511=H43agsdsvjkIlZPJUSqGabqv8LjeBpQ2vRC8fwbT7rqFxU33-Jwod7hB2ejKI-S8oJLXbABG_yloHc76owet3SCc3TgYCeeAUb-dAe-Y-Sma1Aqu1bHI2bz9epB2o0cld_51QJxVh8js8oN7Dus01156ZX9797-iQKxPB4x_Caw
.actblue.com/	1970-01-20 19:51:38	Name: _ga Value: GA1.2.1492187459.1650026560
.actblue.com/	1970-01-20 02:21:52	Name: _gid Value: GA1.2.299026185.1650026560
.actblue.com/	1970-01-20 02:20:26	Name: _gat_gtag_UA_70251_1 Value: 1
.doubleclick.net/	1970-01-20 02:20:27	Name: test_cookie Value: CheckForPermission
.actblue.com/	1970-01-20 04:30:02	Name: _fbp Value: fb.1.1650026560270.1278790317
.paypal.com/	1970-01-20 02:20:28	Name: l7_az Value: dcg14.slc
.paypal.com/	1970-01-20 11:06:02	Name: enforce_policy Value: gdpr_v2.1
.paypal.com/	1970-01-20 02:20:58	Name: LANG Value: de_DE%3BDE
.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTY1MDAyNjU2MDQ2NSIsImwiOiIwIiwibSI6IjAifQ
www.paypal.com/	1969-12-31 23:59:59	Name: nsid Value: s%3A3odDJVy87XLgDWxQOgd0zMXP0nedrueF.YKe9WzqwRXrYeW4quNJ3Zaqdo7Eu2GCcYGhfrkyeAMo
.paypalobjects.com/	1970-01-20 02:21:52	Name: paypal-offers--cust Value: null:null:null
.paypal.com/	1970-01-20 02:24:45	Name: tsrce Value: loggernodeweb
.paypal.com/	1970-01-21 04:37:14	Name: ts Value: vreXpYrS%3D1744720961%26vteXpYrS%3D1650028361%26vr%3D2d3f3f521800a780600cc10dfd724530%26vt%3D2d3f3f521800a780600cc10dfd72452f%26vtyp%3Dnew
.paypal.com/	1970-01-21 04:37:14	Name: ts_c Value: vr%3D2d3f3f521800a780600cc10dfd724530%26vt%3D2d3f3f521800a780600cc10dfd72452f
.actblue.com/	1970-01-21 13:24:16	Name: __ssid Value: d9b3d1ebc320a0037c27b87ada729bc
.c.paypal.com/	1970-01-21 22:08:26	Name: sc_f Value: R5FWtTd4av3yCenTJWUHQTdw2H-XlQLGxS1wgaT0CbUy6rF2hkwyaOyGsKSIXlwhhfRt1AUBJDans5Xq6t68DMC3NDGCWRTh8iRK4m
.paypal.com/	1970-01-27 09:32:26	Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK Value: k6fa_bnXOpjo7Jv-UGXme7eg9z2qSZgThqoF-th02LT4klbcftJTHi-9Nh0fgoLADkIC3C45XvliUOZz

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'none'; report-uri /system/csp_reports
Strict-Transport-Security	max-age=31536000
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

actblue-indigo-uploads.s3.amazonaws.com
api-js.mixpanel.com
b.stats.paypal.com
c.paypal.com
c6.paypal.com
cdn.mxpnl.com
cdn.sift.com
connect.facebook.net
dub.stats.paypal.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hexagon-analytics.com
pay.google.com
play.google.com
secure.actblue.com
sessions.bugsnag.com
ssl.google-analytics.com
stats.g.doubleclick.net
t.paypal.com
u1584542.ct.sendgrid.net
www.datadoghq-browser-agent.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
zgen2d20.micpn.com
13.226.154.92
130.211.34.183
142.250.185.130
151.101.2.133
151.101.64.174
151.101.65.21
167.89.115.121
18.66.248.4
192.229.221.25
2600:1901:0:7a0b::
2600:1901:0:bc29::
2a00:1450:4001:803::2008
2a00:1450:4001:810::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2004
2a00:1450:4001:829::2003
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2003
2a00:1450:4001:831::200e
2a00:1450:400c:c00::9d
2a00:1450:400c:c08::5c
2a02:26f0:6c00:2b5::26cf
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
34.102.232.42
34.96.67.224
54.231.200.249
64.4.245.84
00cc2d556e6b31ec42d94548a50a411006a029ce55ca4f467200b78b71353812
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12b18c059bad2e9bb6fe1df491280c6720bad9c555b01a7c1fd73bab2b35f607
156f36c9b88a9f8fb201a916544ac560b75e388b367495e24a71f6350c034a3b
1b8f3d676f1df1ca5867197fb16660fe565e70b9c6cd4176985a522df98e6d14
1d3abe392831b66c0dc950e68819cf3a200eb8f0560f2da389b9a000c60c3e29
1db03c3f707ce5d244869ef88043447c67d311313fa4c24c74024ad4d87d33da
25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b
2b126f2e718314c1f9760ad798e9dc8b670868d7740bdf89a182caadc8674090
33c86e8166977b2fe508467d0223c1663b8689dd20e1a8bc6bcec04aa63b89a9
3f70fb85474794f672907ef4438fba81520dfef8e94b4fec97a32159478591cc
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4d8257d86f0acd9b1cbdce411355c60acdbfc08a8de197cbb7efb422803d15d0
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5a761272fd9d6f72fe1a8bbbeb3191dcc4377f2bb992d26aeea4e257393b5df7
5c4f59664f0f5afa44251092be7b914a159c032fce8f8799b5fb49d32be7eba6
5cb01f600db539a62074c9fb1dc8898929651ee8fa3dd48f21e75fb4fdcb5f40
653e7cf0591c3856565188ac0fe9b6baa746f318b2cd4f205ac4e08a76edf338
688e4b7ed1d03bfad759eed610b711dacde97db49c4a45dee7dc0d49c48d99f3
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
6e5676871a4bb28c031c088acdbc7583dc080dc10ef5cd657a855edb0a8f94c2
7365371a15c90f4fad5ce73db0143325579f90af5ddcddf80d07879e00bafa52
77448e7273af58a49cc3149efa9f7195f9a60ae7e956bca0ec7e076c9ddd4328
7921df86278b7fa9be0cbd78d9990071763ec4e9e88aaff2c3d466723090b8ae
7c78dae7530508b4e79cbc6b1be7297cb854dc8d34e1ecad9890c461624632c3
8208c5f8216f0842486938eaa1aaf9225f43a0d0b526725910e439dd1836b085
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
876e028c1650abc6cbd9387b060f1ae9cf3735192eaf36aa79fbfc8eb698608b
8d9b157d7d07680e7a086016c2407b912e07a0240676e0f2519ca181db578d68
912bc848d461e328a48863196601323b69ed445926c856f23a426efe674e67eb
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
96c2c63197bfee2a19012f544990e02f7c286c540d2448feeac12e11856e9889
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4b749626aab6395c52aed1a8016aa5f6c4c8ca60cf771c0d8ce54202a53e725
b9dff679ff9931afbbb8019d522a7d03d7787a7d7818037d48f3a502c652e2b6
c0a876e22dd207a67ea508bf2a41c88b3f98dbc7ebc1fd335ccf427bf39aa4ec
c1769d4c5b24098e61ca9fad03d979f314b82f15da317d06652c4b9cc7fca244
c655f3891478c0b239e88184195be8dcbe152780f3871525c3ea0ed7e2fdbbfa
c927af06fe2fff6ea13255759b370fb4f1dfffd0b8fc1e7a9676f7b34d3250f1
cdd271b86f93710e10a49e074bacf5a5462ebad6af7ed4c9d2325682371960ae
d44c1f2a6531d774fda6e6eba865f1ba8aed10f372fe97f395895a8a1e1fa2a5
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
da7a511c69cdf1e0f950a29019d09854b8919bc154bb95fe5d5ec580ed2f0997
dd12caa33cf6570be283e16459a5babb9089344c02146458633dc801675d2a2e
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0d38886fe77a4f965380f314f56745ee497d565a4918afb98fc0f8823de25b6
e169e9828d28266770007da767945dadd70706b94b98556626df8e4fe4b88485
e39a8118ec6cdf6ac33e6961518e9fe6ba3f6caf099aeeaec1389c2108ba90ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5b97f0c781a5ed26c316237cc607a4cd5103b8ca75036f342ebd4b09d342b4d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4c2ea911b39f73062e133a65ee42d472fc85d0be55d1436d5b729e2fdbea73
f383d270511912b2da11555947cb3e6012e6375cb5f0d90493c25f6048169073
f6fff41cc7237157d027108f0eff7b36eafef45f20a873bdb5d9602a46294514
f9f9523cacc66c00e75f409346ae3cf59b4232019669f4d849e437b468f0b945

secure.actblue.com Open in urlscan Pro 151.101.64.174 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

91 Requests

97 %HTTPS

57 %IPv6

22 Domains

32 Subdomains

29 IPs

3 Countries

2008 kBTransfer

6012 kBSize

32 Cookies

1 Outgoing links

Page URL History

Redirected requests

91 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

secure.actblue.com Open in urlscan Pro
151.101.64.174 Public Scan

Screenshot
Live screenshot

Full Image

91
Requests

97 %
HTTPS

57 %
IPv6

22
Domains

32
Subdomains

29
IPs

3
Countries

2008 kB
Transfer

6012 kB
Size

32
Cookies

91 HTTP transactions
4 data transactions