www.healthsneak.com Open in urlscan Pro
2a02:4780:1:790:0:2e47:43e3:2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.healthsneak.com/tribedoce/
Submission: On November 26 via manual (November 26th 2023, 10:13:45 am UTC) from GB — Scanned from CH

Summary HTTP 106 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 17 IPs in 4 countries across 7 domains to perform 106 HTTP transactions. The main IP is 2a02:4780:1:790:0:2e47:43e3:2, located in Asheville, United States and belongs to AS-HOSTINGER, CY. The main domain is www.healthsneak.com.
TLS certificate: Issued by R3 on November 8th 2023. Valid for: 3 months.

This is the only time www.healthsneak.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	2a02:4780:1:7... 2a02:4780:1:790:0:2e47:43e3:2	47583 (AS-HOSTINGER) (AS-HOSTINGER)
20	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
2 16	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4002:410::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
2	142.251.168.156 142.251.168.156	15169 (GOOGLE) (GOOGLE)
2 2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400a:8::9	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400a:8::a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
4	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
106	17

10 2a02:4780:1:790:0:2e47:43e3:2 (Asheville, United States)

ASN47583 (AS-HOSTINGER, CY)

www.healthsneak.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4002:410::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.168.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wh-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400a:8::9 (Zurich, Switzerland)

ASN15169 (GOOGLE, US)

r4---sn-1gieen7e.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400a:8::a (Zurich, Switzerland)

ASN15169 (GOOGLE, US)

r5---sn-1gieen7e.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149 ade.googlesyndication.com — Cisco Umbrella Rank: 301	400 KB
22	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 bid.g.doubleclick.net — Cisco Umbrella Rank: 802 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439 cm.g.doubleclick.net — Cisco Umbrella Rank: 245	100 KB
16	gstatic.com csi.gstatic.com fonts.gstatic.com	63 KB
15	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1359 www.google.com — Cisco Umbrella Rank: 2	65 KB
10	healthsneak.com www.healthsneak.com	227 KB
6	2mdn.net 2 redirects gcdn.2mdn.net — Cisco Umbrella Rank: 1173 r4---sn-1gieen7e.c.2mdn.net r5---sn-1gieen7e.c.2mdn.net — Cisco Umbrella Rank: 955344	6 MB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31 imasdk.googleapis.com — Cisco Umbrella Rank: 447	270 KB
106	7

	Domain	Requested by
20	pagead2.googlesyndication.com	www.healthsneak.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com imasdk.googleapis.com
16	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
14	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
12	csi.gstatic.com	imasdk.googleapis.com
11	tpc.googlesyndication.com	googleads.g.doubleclick.net imasdk.googleapis.com tpc.googlesyndication.com pagead2.googlesyndication.com
10	www.healthsneak.com	www.healthsneak.com
4	ade.googlesyndication.com
4	fonts.gstatic.com	fonts.googleapis.com
4	imasdk.googleapis.com	googleads.g.doubleclick.net
2	cm.g.doubleclick.net
2	googleads4.g.doubleclick.net
2	r5---sn-1gieen7e.c.2mdn.net
2	r4---sn-1gieen7e.c.2mdn.net
2	gcdn.2mdn.net	2 redirects
2	bid.g.doubleclick.net	imasdk.googleapis.com
2	fonts.googleapis.com	googleads.g.doubleclick.net
1	www.google.com	tpc.googlesyndication.com
106	17

This site contains links to these domains. Also see Links.

Domain
www.healthline.com
healthsneak.com

Subject Issuer	Validity	Valid
healthsneak.com R3	`2023-11-08` - `2024-02-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-11-14` - `2024-01-23`	2 months	crt.sh

This page contains 11 frames:

Primary Page: https://www.healthsneak.com/tribedoce/
Frame ID: 6D3EF21A726517CB73A0FC6618CF07EB
Requests: 31 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: F439FC131D7A7E080B562952475FFE9C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&adk=1812271804&adf=3025194257&lmt=1700942421&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620110&bpp=4&bdt=315&idt=238&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4537793148989&frm=20&pv=2&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=253
Frame ID: F46B226A6F282282C04B05FC177DF511
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=4033564846&adf=1850635622&pi=t.ma~as.6586726127&w=820&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=820x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620192&bpp=1&bdt=396&idt=177&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=85&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=180
Frame ID: 541991E3BD76E44360B8ABEF37E46D24
Requests: 33 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=2267701741&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620195&bpp=1&bdt=400&idt=184&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=553&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=186
Frame ID: C175A8EFDD5B996FF23E5E09B273A787
Requests: 29 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=3527294503&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620196&bpp=2&bdt=400&idt=190&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280%2C718x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2228&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=1&fsb=1&dtd=192
Frame ID: 7C9CF228B8B7A9392A1F997B85F7A3F8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=600&slotname=3469227323&adk=2492714485&adf=3447496203&pi=t.ma~as.3469227323&w=258&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=258x600&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620199&bpp=3&bdt=404&idt=190&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280%2C718x280%2C718x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1090&ady=1325&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=192
Frame ID: 4B5C11C0C610627016ABB34EF202B69C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 7D69AA70D4069E1F33FB466692D687C0
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: DCE8F260335A51B999ABABB2A5DDC94D
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 052BD7364DE1A3711E14EEAA2FB63970
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AD79574447A462DB7B5F329CB1A8B4C0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Tribedoce: A Comprehensive Guide to Vitamin B Complex - Health Sneak

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Page Statistics

106
Requests

96 %
HTTPS

76 %
IPv6

7
Domains

17
Subdomains

17
IPs

4
Countries

7013 kB
Transfer

8795 kB
Size

4
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.healthline.com/nutrition/vitamin-b12-benefits
Title: into

Search URL Search Domain Scan URL

URL: https://healthsneak.com/
Title: Healthsneak

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

https://gcdn.2mdn.net/videoplayback/id/123c656e20037a62/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935105/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/593579051BE685C884AEB9943E0145FA7F7F480E.398625F21457B2C1CD6481EBC6A3C33F1B723E3E/key/ck2/file/file.mp4 HTTP 302
https://r4---sn-1gieen7e.c.2mdn.net/videoplayback/id/123c656e20037a62/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935105/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2B47436973A7292E69897106B201565D40C330A4.1B99E064A762B7E9C50B4409F8077590AF249C7D/key/cms1/cms_redirect/yes/mh/OT/mip/2a00:bd80:a929:0:38d::1/mm/42/mn/sn-1gieen7e/ms/onc/mt/1700993124/mv/u/mvi/4/pl/37/file/file.mp4

Request Chain 54

https://gcdn.2mdn.net/videoplayback/id/774e56e1e4493b29/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935112/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/7F233A54431C059BAC512A8ECDF4BA06AAD87CD7.236A5291DEE86314F79373C70D456AE7ECD0170/key/ck2/file/file.mp4 HTTP 302
https://r5---sn-1gieen7e.c.2mdn.net/videoplayback/id/774e56e1e4493b29/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935112/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/630E825B7A9EAAE5068649162569842AA55F9243.2304147EB292A4A9D4B3619027E1A5BAFD39992F/key/cms1/cms_redirect/yes/mh/1V/mip/2a00:bd80:a929:0:38d::1/mm/42/mn/sn-1gieen7e/ms/onc/mt/1700993124/mv/u/mvi/5/pl/37/file/file.mp4

Request Chain 73

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMDSn7ADEMnm6LUDGKWT1vkBIAEwAQ&v=APEucNV30cIIIvCf74IWfcfun3KjqFwlMUYtauPs2x_6bUo7v-puOGjWN1obAa1VUGWPEeZjXN6C5nYl9eO1LIcu3jkItCTuS6RASTIndazMdsubD_vJHQk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Request Chain 82

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMDSn7ADEMnm6LUDGNSU1vkBIAEwAQ&v=APEucNV63Hzsr0ce5H1HVuHYfYaBrOI62_W716xXHDEcF5s6Cnte-SeB9jreseMRKmgq0tvhy8wm97ONdTQ_1rzPeuy6A_J6YpgNMRQjanOTC80hL3V5Y8E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

106 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.healthsneak.com/tribedoce/ 204 KB
59 KB 405ms
132ms Document
text/html 2a02:4780:1:790:0:2e47:43e3:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.healthsneak.com/tribedoce/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:790:0:2e47:43e3:2 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

7f039008d170bf51251369c67509ecf6a28d810a24af777b603ea05d76cfa736

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control: public, max-age=0
content-encoding: gzip
content-length: 60048
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sun, 26 Nov 2023 10:13:39 GMT
expires: Sun, 26 Nov 2023 10:13:39 GMT
last-modified: Sat, 25 Nov 2023 20:00:21 GMT
platform: hostinger
server: LiteSpeed
vary: Accept-Encoding,Accept-Encoding

GET
H2 200 style.min.css
www.healthsneak.com/wp-includes/css/dist/block-library/ 107 KB
13 KB 138ms
137ms Stylesheet
text/css 2a02:4780:1:790:0:2e47:43e3:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.healthsneak.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1

Requested by

Host: www.healthsneak.com
URL: https://www.healthsneak.com/tribedoce/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:790:0:2e47:43e3:2 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/tribedoce/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:39 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 16 Nov 2023 05:05:46 GMT
server: LiteSpeed
vary: Accept-Encoding,Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000,public
accept-ranges: bytes
platform: hostinger
content-length: 13320
expires: Mon, 25 Nov 2024 10:13:39 GMT

GET
H2 200 screen.min.css
www.healthsneak.com/wp-content/plugins/easy-table-of-contents/assets/css/ 6 KB
1 KB 138ms
138ms Stylesheet
text/css 2a02:4780:1:790:0:2e47:43e3:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.healthsneak.com/wp-content/plugins/easy-table-of-contents/assets/css/screen.min.css?ver=2.0.58

Requested by

Host: www.healthsneak.com
URL: https://www.healthsneak.com/tribedoce/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:790:0:2e47:43e3:2 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

0806ff4935144c0e146860185404e24577e79c60a063bc5b33b493fb14c2d941

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/tribedoce/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:39 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 16 Nov 2023 05:06:41 GMT
server: LiteSpeed
vary: Accept-Encoding,Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000,public
accept-ranges: bytes
platform: hostinger
content-length: 1347
expires: Mon, 25 Nov 2024 10:13:39 GMT

GET
H2 200 main.min.css
www.healthsneak.com/wp-content/themes/generatepress/assets/css/ 19 KB
4 KB 139ms
138ms Stylesheet
text/css 2a02:4780:1:790:0:2e47:43e3:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.healthsneak.com/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.3.1

Requested by

Host: www.healthsneak.com
URL: https://www.healthsneak.com/tribedoce/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:790:0:2e47:43e3:2 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

0468af8d74ba377eec707308168b6bfcd146fe0a2669a11a9af0128ad85b3bc2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/tribedoce/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:39 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 16 Nov 2023 05:00:28 GMT
server: LiteSpeed
vary: Accept-Encoding,Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000,public
accept-ranges: bytes
platform: hostinger
content-length: 4358
expires: Mon, 25 Nov 2024 10:13:39 GMT

GET
H2 200 style.css
www.healthsneak.com/wp-content/cache/min/1/wp-content/plugins/yesno/css/ 746 B
307 B 139ms
139ms Stylesheet
text/css 2a02:4780:1:790:0:2e47:43e3:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.healthsneak.com/wp-content/cache/min/1/wp-content/plugins/yesno/css/style.css?ver=1700933056

Requested by

Host: www.healthsneak.com
URL: https://www.healthsneak.com/tribedoce/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:790:0:2e47:43e3:2 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

cffec342643f47dddcde6bd4ff467d22e46ef29d474745daa67bc268a819fd61

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/tribedoce/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:39 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 25 Nov 2023 17:24:16 GMT
server: LiteSpeed
vary: Accept-Encoding,Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000,public
accept-ranges: bytes
platform: hostinger
content-length: 250
expires: Mon, 25 Nov 2024 10:13:39 GMT

GET
H2 200 columns.min.css
www.healthsneak.com/wp-content/plugins/gp-premium/blog/functions/css/ 2 KB
741 B 139ms
139ms Stylesheet
text/css 2a02:4780:1:790:0:2e47:43e3:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.healthsneak.com/wp-content/plugins/gp-premium/blog/functions/css/columns.min.css?ver=2.3.2

Requested by

Host: www.healthsneak.com
URL: https://www.healthsneak.com/tribedoce/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:790:0:2e47:43e3:2 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

da36b1d37d4c2d313937fb1f970edeaa046d339979656c92db8705e8b254b37f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/tribedoce/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:39 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 16 Nov 2023 05:02:45 GMT
server: LiteSpeed
vary: Accept-Encoding,Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000,public
accept-ranges: bytes
platform: hostinger
content-length: 683
expires: Mon, 25 Nov 2024 10:13:39 GMT

GET
H2 200 navigation-branding-flex.min.css
www.healthsneak.com/wp-content/plugins/gp-premium/menu-plus/functions/css/ 3 KB
602 B 140ms
140ms Stylesheet
text/css 2a02:4780:1:790:0:2e47:43e3:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.healthsneak.com/wp-content/plugins/gp-premium/menu-plus/functions/css/navigation-branding-flex.min.css?ver=2.3.2

Requested by

Host: www.healthsneak.com
URL: https://www.healthsneak.com/tribedoce/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:790:0:2e47:43e3:2 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

7c8eb7fd8354e29e58e77290872b6e05a65404a4d16fe26996b72b6f2f606281

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/tribedoce/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:39 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 16 Nov 2023 05:02:46 GMT
server: LiteSpeed
vary: Accept-Encoding,Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000,public
accept-ranges: bytes
platform: hostinger
content-length: 544
expires: Mon, 25 Nov 2024 10:13:39 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 154 KB
52 KB 130ms
82ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3509641213902901

Requested by

Host: www.healthsneak.com
URL: https://www.healthsneak.com/tribedoce/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84c8ffc4490640354db630c982486ef8b2643c3743cddbb7de21835945e48e0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
Origin: https://www.healthsneak.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53227
x-xss-protection: 0
server: cafe
etag: 8871232059991411194
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 10:13:40 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 154 KB
52 KB 125ms
77ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3509641213902901&host=ca-host-pub-2644536267352236

Requested by

Host: www.healthsneak.com
URL: https://www.healthsneak.com/tribedoce/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da376d7ffa34c9f353a777a4aee93014a17cf3fd04cf4b9071d5fb72d37ce05a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
Origin: https://www.healthsneak.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53174
x-xss-protection: 0
server: cafe
etag: 15361488572634739037
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 10:13:40 GMT

GET
H2 200 cropped-Animated-Logo-500x500-px-e1640985394288.png
www.healthsneak.com/wp-content/uploads/2021/12/ 7 KB
7 KB 389ms
389ms Image
image/png 2a02:4780:1:790:0:2e47:43e3:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.healthsneak.com/wp-content/uploads/2021/12/cropped-Animated-Logo-500x500-px-e1640985394288.png

Requested by

Host: www.healthsneak.com
URL: https://www.healthsneak.com/tribedoce/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:790:0:2e47:43e3:2 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

6f00386ae8e3dc2cf7f1dea9548b1a352f5012d25ccb28e7407c84e30ef07baf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/tribedoce/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:40 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Fri, 31 Dec 2021 21:21:48 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=10368000,public
accept-ranges: bytes
platform: hostinger
content-length: 6962
expires: Mon, 25 Mar 2024 10:13:40 GMT

GET
H2 200 Tribedoce-HealthSneak-704x1024.jpg
www.healthsneak.com/wp-content/uploads/2023/03/ 125 KB
125 KB 255ms
255ms Image
image/webp 2a02:4780:1:790:0:2e47:43e3:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.healthsneak.com/wp-content/uploads/2023/03/Tribedoce-HealthSneak-704x1024.jpg

Requested by

Host: www.healthsneak.com
URL: https://www.healthsneak.com/tribedoce/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:790:0:2e47:43e3:2 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

bb2d650cbfbe2ccbc6ec9f337d51acb0e6c0bafad5f19ce434c8b586932eb9ab

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/tribedoce/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:39 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Thu, 16 Nov 2023 05:39:54 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=10368000
accept-ranges: bytes
platform: hostinger
content-length: 127707
expires: Mon, 25 Mar 2024 10:13:39 GMT

GET
H2 200 icon.png
www.healthsneak.com/wp-content/plugins/chp-ads-block-detector/assets/img/ 15 KB
15 KB 387ms
387ms Image
image/png 2a02:4780:1:790:0:2e47:43e3:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.healthsneak.com/wp-content/plugins/chp-ads-block-detector/assets/img/icon.png

Requested by

Host: www.healthsneak.com
URL: https://www.healthsneak.com/tribedoce/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:790:0:2e47:43e3:2 Asheville, United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/tribedoce/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:40 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 25 Nov 2023 17:21:11 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=10368000,public
accept-ranges: bytes
platform: hostinger
content-length: 15671
expires: Mon, 25 Mar 2024 10:13:40 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/ 397 KB
134 KB 141ms
99ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_fy2021.js?bust=31079757

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3509641213902901

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

39ad9a054662965f4a2dc4a0dae920718de6fb2bef9f31185c3bacd9685cfc82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137248
x-xss-protection: 0
server: cafe
etag: 15965821609705221782
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 10:13:40 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame F439 9 KB
4 KB 68ms
20ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3509641213902901

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

age: 9195
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 07:40:25 GMT
etag: 16674218716276178799
expires: Sun, 10 Dec 2023 07:40:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F46B 12 KB
1 KB 255ms
255ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&adk=1812271804&adf=3025194257&lmt=1700942421&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620110&bpp=4&bdt=315&idt=238&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4537793148989&frm=20&pv=2&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=253

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_fy2021.js?bust=31079757

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

635fd4ad7f24901bbaac70cb2fd9547edee1faa0272820079e25e14d0cf38a73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 1217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 10:13:40 GMT
expires: Sun, 26 Nov 2023 10:13:40 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5419 89 KB
28 KB 259ms
259ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=4033564846&adf=1850635622&pi=t.ma~as.6586726127&w=820&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=820x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620192&bpp=1&bdt=396&idt=177&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=85&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=180

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_fy2021.js?bust=31079757

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c56f2c7fe40d7053055c8e4492d187a078e70e95357add4e4111c44c48bd26dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 28386
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 10:13:40 GMT
expires: Sun, 26 Nov 2023 10:13:40 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C175 89 KB
28 KB 262ms
262ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=2267701741&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620195&bpp=1&bdt=400&idt=184&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=553&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=186

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_fy2021.js?bust=31079757

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

71020a2f49cbea5130b56528debae2c254bb4ebf4013f9593b042418adc4a244

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 28346
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 10:13:40 GMT
expires: Sun, 26 Nov 2023 10:13:40 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7C9C 726 B
532 B 271ms
271ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=3527294503&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620196&bpp=2&bdt=400&idt=190&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280%2C718x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=2228&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=1&fsb=1&dtd=192

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_fy2021.js?bust=31079757

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f663ad02d6da194e710652896c7e85553fcd619d8bf71f2656778f4bcfacf902

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 360
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 10:13:40 GMT
expires: Sun, 26 Nov 2023 10:13:40 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4B5C 726 B
531 B 293ms
293ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=600&slotname=3469227323&adk=2492714485&adf=3447496203&pi=t.ma~as.3469227323&w=258&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=258x600&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620199&bpp=3&bdt=404&idt=190&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280%2C718x280%2C718x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1090&ady=1325&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=2&fsb=1&dtd=192

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_fy2021.js?bust=31079757

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5ae23d948b0e852242ea58f57e56baf23152b95aaf29a140a596b4d2355e43c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 359
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 10:13:40 GMT
expires: Sun, 26 Nov 2023 10:13:40 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ca-pub-3509641213902901 Show response
fundingchoicesmessages.google.com/i/ 161 KB
53 KB 104ms
53ms Script
application/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-3509641213902901?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_fy2021.js?bust=31079757

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

20c497e465f1d7e6238b08b59e56d8d27c78b3617abeb358debce227a30a005b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bg624OZwDPui4njgxBtOUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:40 GMT
content-security-policy: script-src 'report-sample' 'nonce-bg624OZwDPui4njgxBtOUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 5419 23 KB
9 KB 77ms
27ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=4033564846&adf=1850635622&pi=t.ma~as.6586726127&w=820&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=820x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620192&bpp=1&bdt=396&idt=177&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=85&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=180

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:09:15 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 5419 8 KB
1 KB 80ms
30ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 26 Nov 2023 10:13:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 26 Nov 2023 09:13:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 26 Nov 2023 10:13:40 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/ Frame 5419 15 KB
3 KB 74ms
20ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 08:27:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92788
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2920
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 11:34:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 08:27:12 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/ Frame 5419 376 KB
131 KB 78ms
23ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28c5732eefa979245ff326045f37b6b7cdfc92385c594caea33e265e4a066c7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 11:54:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80371
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133672
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 11:34:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 11:54:09 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 5419 20 KB
9 KB 66ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64581
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Dec 2023 16:17:19 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame C175 23 KB
9 KB 77ms
43ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=2267701741&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620195&bpp=1&bdt=400&idt=184&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=553&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=186

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:09:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 10 Dec 2023 10:09:15 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C175 8 KB
824 B 64ms
30ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=2267701741&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620195&bpp=1&bdt=400&idt=184&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=553&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=186

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 26 Nov 2023 10:13:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 26 Nov 2023 09:39:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 26 Nov 2023 10:13:40 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/ Frame C175 15 KB
3 KB 59ms
21ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.css

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=2267701741&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620195&bpp=1&bdt=400&idt=184&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=553&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=186

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 08:27:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92788
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2920
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 11:34:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 08:27:12 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/ Frame C175 376 KB
131 KB 84ms
46ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=2267701741&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620195&bpp=1&bdt=400&idt=184&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=553&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=186

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28c5732eefa979245ff326045f37b6b7cdfc92385c594caea33e265e4a066c7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 11:54:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80371
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133672
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 11:34:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 11:54:09 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame C175 20 KB
8 KB 56ms
23ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=2267701741&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620195&bpp=1&bdt=400&idt=184&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=553&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=186

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 16:17:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64581
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 09 Dec 2023 16:17:19 GMT

GET
H2 200 AGSKWxUnN_Dibq92d8ZUN3Na4yIsIjShEgd1lfHLZqcHxB8jd-6F4NbpFrqwG5S2OwDn3_14BqlzOR-ZyKLwf8bkSoi15mqC3mOHCdP07DB1MU0YqwMvjMTSygiwnRpEG8cJUu8XwL-54A== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 54ms
54ms Script
application/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUnN_Dibq92d8ZUN3Na4yIsIjShEgd1lfHLZqcHxB8jd-6F4NbpFrqwG5S2OwDn3_14BqlzOR-ZyKLwf8bkSoi15mqC3mOHCdP07DB1MU0YqwMvjMTSygiwnRpEG8cJUu8XwL-54A==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAwOTkzNjIwLDc4ODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuaGVhbHRoc25lYWsuY29tL3RyaWJlZG9jZS8iLG51bGwsW1s4LCJOdHM1THZZSW9iayJdLFs5LCJkZSJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.Nts5LvYIobk.es5.O/am=CAM/d=1/rs=AJlcJMyTmwD9vZzPw60_wPGGncvG1CmM1A/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a6b8e1121c3e7cfc41bcc347d569dcd94b5ba3342ed5adbe244b2d1989f56be6

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-MOhi-zRH23hVkIo3KGZsgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:40 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-MOhi-zRH23hVkIo3KGZsgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5419 0
45 B 92ms
36ms Ping
image/gif 2a00:1450:4002:410::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lpfbols3&c=3518113075039&slotId=1759056537519.5&qqid=COnziIS34YIDFVqf_QcdU08K1g&fb=outstream-lima&sei=44752538%2C44807615%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4002:410::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 5419 15 KB
16 KB 70ms
22ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 16:39:21 GMT
x-content-type-options: nosniff
age: 149659
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 16:39:21 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 5419 15 KB
15 KB 74ms
27ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 13:37:09 GMT
x-content-type-options: nosniff
age: 74191
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 13:37:09 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5419 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CdaSiVBpjZen5F9q-9u8P056psA3kmNG3dOvF3YeAEvAuEAEg1vaenwFg9YWAgPwDyAEFqQJONYqLVgCzPqgDAcgDmwSqBLoCT9CU7fFuxkVLw0s3HsF7vbYo_P_xmOotb5Z0TZLyloiy7Gca0-RZ1WktZavS53VeH9KHlJ9Met_k4zSEQIyLsSHbm_D_FuaGH0VVMArm3vkNPQ2MMHqrbXfCnHCKb4Y3VK7aTMxRPWjW5lD_uzMAbk_uFG_UY1I0g-Ur2JiM07jDWiNVFrDyiNfsrebbTPdxQfdKGYsI1TxRFANb_q3hub3Q1jj_zi9oN0qLlXRzjj5LOdyPVj7GvyULOWXVJnimD1x2nkwekV9Jk7C6gvSmKpj1Y6L69KBJ3KHfnZ0fuUOofK_EtguqzCHMEOxpMzBhg0wpyBbb27gxofrapvE-8jug9IHhUbz884Q4KK5bhfwKsDbXZcBsgofw4ZVU4onfDxehDDHvMb5xeoqYumCo1jih6l55J_ClTTHABOP6ptCkBOAEA4gF5OmoyUmQBgGgBk6AB7yr068DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB8yAooCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CQ0iwE72oiRXIE8Xn-eED2BMKiBQF2BQB0BUB-BYBgBcB6BcF&eventType=clickstring&clientTime=1700993620815&ai=CdaSiVBpjZen5F9q-9u8P056psA3kmNG3dOvF3YeAEvAuEAEg1vaenwFg9YWAgPwDyAEFqQJONYqLVgCzPqgDAcgDmwSqBLoCT9CU7fFuxkVLw0s3HsF7vbYo_P_xmOotb5Z0TZLyloiy7Gca0-RZ1WktZavS53VeH9KHlJ9Met_k4zSEQIyLsSHbm_D_FuaGH0VVMArm3vkNPQ2MMHqrbXfCnHCKb4Y3VK7aTMxRPWjW5lD_uzMAbk_uFG_UY1I0g-Ur2JiM07jDWiNVFrDyiNfsrebbTPdxQfdKGYsI1TxRFANb_q3hub3Q1jj_zi9oN0qLlXRzjj5LOdyPVj7GvyULOWXVJnimD1x2nkwekV9Jk7C6gvSmKpj1Y6L69KBJ3KHfnZ0fuUOofK_EtguqzCHMEOxpMzBhg0wpyBbb27gxofrapvE-8jug9IHhUbz884Q4KK5bhfwKsDbXZcBsgofw4ZVU4onfDxehDDHvMb5xeoqYumCo1jih6l55J_ClTTHABOP6ptCkBOAEA4gF5OmoyUmQBgGgBk6AB7yr068DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB8yAooCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CQ0iwE72oiRXIE8Xn-eED2BMKiBQF2BQB0BUB-BYBgBcB6BcF

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5419 0
54 B 81ms
37ms Ping
image/gif 2a00:1450:4002:410::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lpfbolsh&c=3518113075039&slotId=1759056537519.5&qqid=COnziIS34YIDFVqf_QcdU08K1g&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.cl&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4002:410::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 5419 31 KB
18 KB 123ms
55ms XHR
text/xml 142.251.168.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-D33andu6oA-ByrIJeisDq7Wm52LPF8GOROAd2LiIpco7s4ZLLEnPlaVdGKhiJUqE3EfCysjQWZ2jQvVSVyKqa0WC0gUA&cry=1&dbm_d=AKAmf-AxS1Yhl2gISuhFPyRMI-yhij40i9ckffoZdU2B9x4-cTqPVVmonxiH1_1t84u4dJ5bJgw681PoQyr-6hNZx3X8zveD72xY7bq4GfkJ2C67FegeZvSNGBVFyoR4LHCenVZDpkbeiOgpgEMwf-7I2wf1HwHomyuVUqnzEZ8vhsaXtKQeDoqw5UKyVHU0BNwp1ilyMxCn86v5gbZ6NKHAGEukkEzKCzJ2Cz-cWrh3FZi5x6QpWaBh2RCbwVzz-SGNc74rG_s-VvkKvTg6R48-MSFBkNwppC5aKMvYZ8mIUxNbEbhZoIdPNSZK6X_UqoHgoqwi126QyxZ3nlkyrRI3SokfmNdQG_v1s-6cNXPTNpJ6ayV2GM9o3i6hl0bWx1UCmM2urgoGp8yxCksGZ4FD381yjTvfPh-6WU06-X-bwzBcEF9CYJsFVFThCQpGaz3JYuY6g0IUKs0fwVBoFg3hk6Fy7f-0_1oz9EoHAu4KI_YqxY2C0KpphCQQd_RcTvVZJ7kLC54_LwnjsA8evwXcztRAgl8wV2u5TEhSjzwv5P1xLFkxNQiJUWWYkLBeavktpAUnsbUQj10R1q_cFS3KZQWEfKqHNZSmSYHLR5GKvrz3fwgNnLvWTXJ79MJA8LvrpxsfPdy8dID20yWNbq5LU83HWGUhErs0Hz7nlZmpO0zsL04kaOdohZElhEZIUZ6zqb4B6vgXrLQJMshTuMXrhQYECBTxUvEI09g0jVXWw0x9X8g6eUxFy17m0VQ1YOUtiUs9iPyDarRywA69tNmhnTcmG0uSgZcXN1lKUl5tYuPDsS5GQ4GthJ8rFViUMWfbeib81-fPHm5cyLSeXn_-ffgTQ1flfyPe0GXnUVAONFuRKSWD66SaQFqpf_DSEj28hFdhyjH7ISZUKjogTtn7X9Ws2XHvxYARYvVBAdcEtffhYhsMAmH8xfTEO8GNVzBsGXCf7-T-PtXmUVk7IXQHeZA4IljK8SMjt1qCBd81uwXfGAIvHEt8VFu6jPYAEubphjrHI_dG1ZVyd_fXSxF66bn8jEG2IU6oATYLeWQf573LDLCJRQ8E8DwFpvBgzgcAUs1moRIGLCitXltRh4h1VGaHiDWtLgadYW-B3OgfzsfV7KdFcz8sRAAi_R78N1Xf8i8YnFW3xiY_PdPkJ4b53jLmL1u8eiN1SWIm2DXBecYEpnSyp_DyT4qjosqFcDgUS4XNyM01u0_gEm-REaUafX6Xf_Q25cg_KvzburBbGcEBS4WuZg4JRjDzuwTH5xRjzba3cJpkbzL-3Q8SBlFvca1iAEmbxU3ta3G7ydPe28cov5XrNui1kcbnak7UXMZSHXN4SNeGAmZZqA1sAuip9A1yQEA92G_ufC-dCGFJHAthR28JNpKuyb0v4nW8rrPmZFdn2eqgMITPJn34dx_sue1swC73JgFAMB3FDQ2kviLjPA4reNY7NDMp_uLJKzticYBQzasBDXkJgaQtpl5fSsPC3pkuZQh8crTcHl1JuFX5_lzYIuVtQYvfRDKy6qUWVx-4I2V0vZh_ebv8XS3CkR_w-Y6n6evYhoXToGYNKqb6ak-O4PKD00QbMhf-M1amVj-0UjoE2KduFhCyHFB5cP2Msji6_1GzA7R1gBjd8uQ6wH3ufg6sH4jC8iP9k0c6kHhT7ITpc58R68VhwTIaAdF-q63ygYrU_68s3edrC-OzhhKHlsAfXmPfKYJYslkrkSAqR4YgThSohJcGraKoHsPIO1shEgs8vE5P5JCkrWd32dsRP_FR_bFidSA_C54661xQdl_0BmCIjFrivUZbivMIQoF5ziYHHs13Izc0NpUcQpKWrSCAHbt9hIe7YCFAr65OG1rjKp8Fs1P1noosb5TnQe-NjUw8NFdg-K22MYZRgRB2cFxM5IRsTkdT2sP_LsNVJedr3KJvpcimFVKlJtvA3ZM-g-Br-kcK99DSnBVqZCqUYDdqLbr3Qa0fHqaPnG0eSi-XaPS_oA5-p5easMAch1qLmUD_GYpU4-zAUEB4s_osbB1lLASNCYMQx4qulZJDBHlYSstPBL366d3IGG7n-6flNbX7O0wESpITVqlvxqBUVbyahFDO3RlGNS7jCoPY-IQm-THUM0Xs29KaBeFJT7Glt7MqDPrjN5z-E05EDvxU-ynOqIS2HbWcRjp45LQeKJOmTxXO9sheW4XbANJIHfiVNNZkSg07JiPKEva4LP_o9g_6sppUVysVOWKXwNqivqjVXx3sHBtYh_-6k8G3dwaSGGY55uBMRzYyMmxqYViWoh0QAUT73ob7GEd5e6aHKMOM0XdPJMX2ykDwgej75_s4tyxzU8EWq2nrzyA1shHuf8GImaLiQphkfX3M4p_2K-UCgOux8aS1UX6CVMxtlUu7AY8q1IgK87IT__WX3Xoki3O0BC_kvGRkkMyRUsuKnZ20uBQJdwmoRBeR0Fk8uNZcjfhyDNC8ptFqHPjJp0pwTUWcQL4UHV6HAhlnrO8Vfb9QeDJk6u7BMrfo0W8HwQwJaetb0mYefcS6JLIgmTMfXWC-cO6IoPJ4MjTIMLO6R8r5EoQ8rrJOMK-d-QEvdnqxbzWEMiYKhf5-4gw1ns4cGY6Wy2lISKrhZ7LCI0cDko_kUgUA1w6pHc6kEP10YFW4B3AqS5ZKoKFbsu3J0KnyQuqgr-KPR1WBCXHDg5kVLrsDtvAJ-N4wfvo7-nHcGoa8E4cTXqyKOxa9EsGoBj-Rt7JZ0ThQI4CzsL8ulDO4rxa0h_ORjikNAQKNb2od8gYGfh5mfO5CFEIMbiOH6f67gs6UHP6rdkXc4ANYxulwHvN_zKL7eC6A_65DPvFbOwkPdUwre3P3Ye0tuRhmL8P_HTSlFASTsPqhLZdEAwwDrmB7VhFre6LB0vkdVfke3a9jy5Emeo-_yvRUnCVn84a7jRhPruJlq-aXsKTqyo_6sPkX4VK2D6dF0PsXigbyuGrjuk7oAx6ym77dFfqHsL044ldG_OCK2J646Tz44ssgFGduGyf0P46gvo9iqCAkRclG_OwRmoT5Qqz9A4yzbxtC3PUhOZQ-pBf-nWdd9jf8qs369-AlaMgF14Yg1Vw3KpYJx6bufdgaHlvgr1Z4rOtHhJT7IC3_Oc8cFJ-jqjBU7Q3rZNXURV91-fuERQ7od3t5Ndw94zOKK5fusz9b7jqvv25x_gn8awdC8QCJ1eVa40Lx8Gnos3n4K6sV3o8Ihu2FO0vNBkPEqoCcx7GHhfZ_fRChANxSUM5iKWn5clYXm1JyTT1A-ljlPGeAfBqhO30TJamNRmBkiKBNmmY4m65a3AHi7wkCiFB65vs1XCMEqhOaOMqTV8oSBmv5XN5LnHm-uIVxT5X1xjrbqKLRGXRACx90F6ipyVmVmB0Py_jKCTGLcdZHW8yyUskGlCqEK9J9VAScphD6If575GRq8ueMQIXyGd6_yKlcoQ-QiTVH11qlpCZpC8b0_RJ1e6RESvY5fOg0KanCMUMfw7jloiin1E2rXGlthPXYFSaCQohN012rB1U8uUTOKcApIs46OLScU9HxNGb0s2kiL3vyhD1QjK07RFdZb_kYi0MFhAWEZZxOgJ2UVKejhoViFsUq2Mb90u2I2Hgc9rZvWa4bJXg4iTFSloQwTSckOCnbImw18GDPiTMdHgaKxFfARlddT_P_pO4sukBOc0fDDJEwaA_SA_uWKVwckurPKMoQRGbC0E5QF_Z-9RgTt4933ozHJz5ABf9t4oQWTe1Wd_RPZL-xrgaRcpIQMgEmX34nyV2YIxwEvI0Zz12NPZdK1z5mHl5k7kzgx341w1MN-ZNglr3XdlPNvEaBD7qXAKctjNcxWFZzaK_8GPJNXTdhJvxKXWpjuAvLimVyMGY-LmOHQbp7ak_28WIJvnEs-mBkuhj7VUQjJ_8VB5Cox3x6INGP7qctaQ&cid=CAQSTwDICaaNpipWBVF29PajmrgbRbuxnvuTIzB9s9R1uKOjodVL_UB6AgjhfPQt3Q2ZtzyMmJD7OvvEFelx602B7Nn9mkC0v9Vy6KuEh2b-0WgYAQ&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.168.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wh-in-f156.1e100.net

Software

cafe /

Resource Hash

2d1d04274baf9043a591a2c49a1baf9759bbe4179c6b284cd8bb45e0e0531973

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17710
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame C175 0
54 B 78ms
36ms Ping
image/gif 2a00:1450:4002:410::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lpfbols9&c=4609883207743&slotId=2304941603871.5&qqid=CPKPioS34YIDFbOd_QcdyGIKzA&fb=outstream-lima&sei=44752538%2C44807614%2C44807615%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4002:410::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C175 15 KB
16 KB 83ms
43ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 16:39:21 GMT
x-content-type-options: nosniff
age: 149659
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 16:39:21 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C175 15 KB
15 KB 90ms
50ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 13:37:09 GMT
x-content-type-options: nosniff
age: 74191
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 13:37:09 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C175 0
20 B 55ms
55ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CPqnRVBpjZfKVGbO79u8PyMWp4AzkmNG3dKvI3YeAEvAuEAEg1vaenwFg9QXIAQWpAk41iotWALM-qAMByAObBKoEwAJP0LFrW5bdoVbpho_WtdBIM_hiwe9ufyVgBXwGLsRujIxqbqtXy2xjlbFJRaEAV69J17fBjpQjS_SYad_5Mfq9L6DD__uO9LzXHaiobQ6KHIaHCsm8yyOqe76im9CvNIVDxO0TiqI80g9ZgDFg3R19Ekbu81UL2aohM7-y0bO2PNV73_bMdXkpUF0BLLw9wCcQjR4T_dzDy0iNbtU7yXLtW3Cl_TiK-JhrnPxfzBJC1B1fWH9D6OYNy0xkOrghSQvOlPJDV4dbGR7HZ5AjB_P4F890DpMdjMuJV_nZfwnwxZPHRM_yP-QhQz2_6O7eBv5S76qsmKjFvdSVsAyqS3G_r3Otp-lglO0iijmkfFf9cuYNQUfw5AinN6Yq9eI0AB88YiGJuYNk5Y8Ge7g1xJz5XdEZviPcr6ptfdc1XOmST8AE4_qm0KQE4AQDiAXk6ajJSZAGAaAGToAHvKvTrwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIBhEAEYHzICigI6AoBASL39wTqACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJDSLATvaiJFcgTxef54QPYEwqIFATYFAHQFQH4FgGAFwHoFwU&eventType=clickstring&clientTime=1700993620831&ai=CPqnRVBpjZfKVGbO79u8PyMWp4AzkmNG3dKvI3YeAEvAuEAEg1vaenwFg9QXIAQWpAk41iotWALM-qAMByAObBKoEwAJP0LFrW5bdoVbpho_WtdBIM_hiwe9ufyVgBXwGLsRujIxqbqtXy2xjlbFJRaEAV69J17fBjpQjS_SYad_5Mfq9L6DD__uO9LzXHaiobQ6KHIaHCsm8yyOqe76im9CvNIVDxO0TiqI80g9ZgDFg3R19Ekbu81UL2aohM7-y0bO2PNV73_bMdXkpUF0BLLw9wCcQjR4T_dzDy0iNbtU7yXLtW3Cl_TiK-JhrnPxfzBJC1B1fWH9D6OYNy0xkOrghSQvOlPJDV4dbGR7HZ5AjB_P4F890DpMdjMuJV_nZfwnwxZPHRM_yP-QhQz2_6O7eBv5S76qsmKjFvdSVsAyqS3G_r3Otp-lglO0iijmkfFf9cuYNQUfw5AinN6Yq9eI0AB88YiGJuYNk5Y8Ge7g1xJz5XdEZviPcr6ptfdc1XOmST8AE4_qm0KQE4AQDiAXk6ajJSZAGAaAGToAHvKvTrwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIBhEAEYHzICigI6AoBASL39wTqACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJDSLATvaiJFcgTxef54QPYEwqIFATYFAHQFQH4FgGAFwHoFwU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=2267701741&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620195&bpp=1&bdt=400&idt=184&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=553&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=186

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame C175 0
234 B 75ms
36ms Ping
image/gif 2a00:1450:4002:410::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lpfbolsv&c=4609883207743&slotId=2304941603871.5&qqid=CPKPioS34YIDFbOd_QcdyGIKzA&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.cj&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4002:410::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame C175 31 KB
18 KB 126ms
62ms XHR
text/xml 142.251.168.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-D2f1Xs8SRb1A9wvnCQHmVYhhZE159wKM9MKRAhFAQql4KPkD1cvadSD9zF1z1gFN1mRH58HINmm8CON8YCoa_phM2Fyw&cry=1&dbm_d=AKAmf-DDLOaBhQw0uSXvX0_Q5aDewdBH_NAHKkbFsNILDA3xT9iJ1crdoQNPT5BsTj2GTaGfKUIXfZiEPUMsbmXLvSMJ54h756-WQT6nU3mhYcrWU0Avemc428_2EJsyEJuDjEoYqpz8facjoDIGLXLlFj7LIgfizcwNr_-Ljwv3wTRmqY_u6Zyt0-o7LiakkORT-vRnLFYI04oIoNO_o2gSohDGHngk88wb9LJsRgzF3jbjl6cu4u7xdiXORTmeolAm20r4aN6lvVYyIofn_sc50CJauDqXO-IQGdaSonxgqFqqqM_SN2P0le8dng7S2AldlCcA8kgRlDJjO5Cf3cK9PaddGbNO6CJQdLLQr74SvlU19EMJm5QkXXvVQHuu-oKY3tf2SboBEj4AiSIR4e3w3Y7x_eP9LjQVci2-WQaz16y_etjIqX0haIrzDEFAhY3P2qtpcZYAiPWc_pA8UYry0Xw-BfTCEGqD7STBHil9dfy7mt0HZyOf1RT1-tvWP2lRIPJx-f96sqoabjp6YCRKJHPfytqX8tTbIE8qK9zAxpvkSZGKTx7HWr28c85xLzJ6C91viQHjrYHF6OsoiTittolMMFOXsXCEC1cuT0evIDvf5O0E0hyLfXkNx_76EzGRGtSDn9I64aV3Ae8Bu-ecvWVIlHlCS5fiY8u5-FABVn0gNkkRiuWitXz-DzTRGs-jzohiQWGvb6Ca-XCOn9Ss9NKMDIRrhvac22oPdJMoqegk8TJxw2rZRYIeScxhd8LkcEG-OLauOCIpYiwi4WJ9pwqo3gO8GETCFUMowjd7SKP4C2jlbpz4572ukeokVe-RMRzMGUxNuB-rVAsfOau8JWglIVQq9uUMTqdbVJijRT-KJ2-vcUtR4c1xyRitxkANi7XCjliRKWBiBUXpcY_HQH2HtCTmdKe-l9tbtyMFmAXZPpxoSWgX7qyK_VXKdYNUdHVocNu3pAM2vHjW37cAuivuZg8mdSeugzRcE7v13SpFPTur_YAT3cqKFrqw_OFNtJ38kkInoOCTPTGh7mqY7Sul87Evg3ZC6aCwjD2PESaf0jRI4jtb4VmfVBbW3JlKdNID71BZ50kCiY5667pmoR4uMCFk_VFkXulU382jyGH2vYyOhIptq2S1Ui4x13Zhroj-sSsbNpZenb0tyYD1IYhxCbbSBhmZa04fPaRC3L9k-SNeRTYqt5UEfAHynrmjsORXRbupRrBG9HW0qhAGEWvlViP_35O0RJzBzyJSF_gvV3lJgTTnltFL2H8cgCXbvIgES-HAPU6seTL7dnhHgiZSBZjwY8FI_AVGpAmkXCl6f4jbz6-xgo2dXQovJZ3E3nJUZCTs_Bwo5nGUskPZdGdLHJlBiNyYCbj0wK0Fb3hqNW2dk7g5NFBvCNOcZd4PsAVNoAlRC6drUqJzIT9DJIitJXI8QPnEqASsKc3qSbmBRVssYp2_Cub_Q7e1fvn5TISeCqxG03wLY4gZICDU-C1pB-e13bdQmHSL6S_gXhbWTtCOCFOcKwo5KI2cTJVC4LA-Sx5GCH57lhf9JYFqolDDCor-RH3lVNcHjJeChyiEYdTWR5kAXkYhtAzZOFzxvj21K1ryAktDzRkFvnSLnmwhaeba819acumEAiEIJYhMRB4E5sKy0ahNByTfSzY1dapQ5jzxBxA5u3I2lRCtm55SPycMpfslKUex84pj9CBsb7VTKQVer1HqaysQbADQ6pySO8FiOD8Y9nBDadhOeCGcZ4rO3dF8D_eh9mrkVIUwIbhUJlJs4l5fsLNnxhzMMshXCVDnTIcnT7KXzYZSzNO6_lC9d7Yz3MlUCW1FTF05aSHZN5bJ3hP46blA-dA25czvARr1swdqU6ZAv2bosAs5IfMQDvcBttBlFbzpgn_c0VN-emHLvqyPOESaJhR2wYhpaCdkinkyeb1Z75aJaegv4ss1t1OqlAfIhZD6f2FcnvvxXKZq4MNkPRIKTj0OB66fvhk6EUIPBvsyRJGXao7qkp8eC4l5TZZAotHPQXBeepTSf8Hht2qPdCPWhZzqE_my2TwT-5V49N5a1AlKrfDF-hKw7noLDkn5_NNpat7iQXb1AmB3FNOhhGuQ0oU99vTr6xfQ4NbRX3tnckRTDRCb2JgZVo1Z42f9mK6fbSuG4S4QoPSOu7qzo-M_Xe0jA9EtWkpYNVfu-s8MEoqb8bw7H7Hn7K4wwcx-pGDTuRItSnNNvmdsExxGhkem-rni82IDEdflTw-3m3z1AJOVKO50Z232_JsKVKORLYE_Dpbe2gmA-_l4fLhIHTY46WPfMx__oV3z6URYCuqbx2ZHB3PWgMXhSD8MUmgtz7GysQN2k3hSWqovWD_PIOK1wytDJrEE3tilNMug9vUom71g4qDkd0R-e3YXMRdT0dKpz7NEr4KmxIjJUFC2weSLqWXfWGb5p36NCpITxt8SCpx_jr2Zb3SlVGH8JLkb39DmPS8CZLXGw74CY9Jhr_xsiTYSGre6ZheLNoD62m8GBH3s_ObmfTl9RrVd9nx7cqQJ_RHRO1s7_UEACWXAq-9_cG_iy_jczl94NbMeh0Wt5KBFrFHxh8YhcTKEENOvuUTIzfXcNUdmG9cLVpI8z-twtCenIQf7pb2vzpSG95dsZkCJhXTQ8HUmg3nbi6WwEZE4Ypk2eHxoTvaR6ss1sKWJjc2e78HuVs1oowsEtl35qx4S2nwBE4_4tnVlI8bxGa8dLqSRqhcyILLvTv-Bfx3S9k_stewCIOUtGG_GiWEZ8jnx9MsRIe-eV6mpbBES0rPA59aogw4OwLp4Nv6cy0GkKhsHLkGiU0BULH3y-Np0IWUlokeUgsODG-OoajG2coAC2rSHwwDqyDkagwZAYhgKn85dCpTetnWTebQONS_ZcrsXPfVWI00CTkigSkDOZ1duJapC8uhL6Q_hEUXdVzFhbApzH6tQGzJH0NabT2m0oypj_IWMKR9S8LNKHOCmpuLTKxCQViTqCBVap_pza8hBuEB2whIKA8VcMXhzg4JzoGeNuuufNHVQlBIYlJzWDZZL0lPpc-E9__BJIz0kHkBnvxeRK75qMOwu83oiMJfB0Hp5vA5ZWbpGBh7flom2na7FSVVga6qLzbM1KIA-NR9m5v6hWQNSTubRZ-TBJE8dwehbo8FS_gijCM3h9_y9aaNPjVJRhcZnENR8RZ5I-bQ_Uyb9HV6fm9BF2Rq5p3Cnd5IXOg46krLhIkIftzz2atLFpjWVBKHWplV-mOB-Yc4Vaxq_XJhR-NLYRwNWHMN4pA210vsKUyveC-Om5Tg-uwrKvtkB44tEssh4em4KVQDjpMquZr0ZwiF9TKq1pZlqVVeH3iDI6wdWIuD8doTwdOUfLAMJu4zZdvz9Sg2I3K-xqnhkI0B1K26dDcPHUyGzWLlGtwS8iGpW_eLuizkqwrF3H1YIEt2kAEiQXgTsjrknxP92UgL1-GwfWY2yHJzjrAw2Ry0tfYEC5LAsqtGxx8m0JEw3LJrxMOcnWuNW4bMFPZ9TWDIFuT03GujkSybGvLRSq4NmqIk5nvQc1oIaW26kpS_PRQqeOVQYW20dYa8xKEVx9Q-e9BChmka_Scmv1pVCHbF-8ZhBzhf4m1lgrXUwlGKl95DQey7z-oaBWS75IdVNyfcsIi1CuXvkOskkG0uNAx_4CCmmQehE54-CYIZeysm1QSN7IhSeoDObqTphAdsrbC60FMIZmyyh6LOON3EDNuy-8vwi3iVpREbxl3bTVsnkg5lemcWPBQZzrGwlELN9dMjppN3M_KVeN27l8FkDvEKs4iIwQsWMaNHj_7JpUojF4SGcFjel9ZqcGdCf-xEli6mRn8lm3oTGeHWoix4p0HvdexW4c_SJShE_-mEoBmqI3PJ-cb3c2Hnr91BcZwbmy5G79-yIsHGpwXYf01AQMJsNhD0nBA&cid=CAQSTgDICaaNBhTUWL3zkudtw13lziXCfn9bpmbRATT1NAF-q0rQSEQl1q3rJm_xPrZqkkhd7NDAFGTJEzXauClf2ZE7lp3dyTBVttXiN17RpBgB&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.168.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wh-in-f156.1e100.net

Software

cafe /

Resource Hash

b8515cf419a56e3005519abfcbc9099c620d817433a205f6333c3f9dcae6a041

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:40 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17761
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame C175 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0fa67c31f3a1e99abf9c9bf772f3826245448d157ee8e9c5b849e350b03644b5

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 5419 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba93bbf9e83e16761b4ee7238e4915c98215f8b0c777ad9cd45a5ef31a75cc23

Request headers

accept-language: de-CH,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 AGSKWxX-ImB0_TghCXC7viDb_Wihv09RQ4oJccymH3qV8HDucU4aD0iJX4zAiRhXJBIJndeKpj7MOHbai4uEvxKzDNiCzULnmU7kMMD6tvCfcUMFBra4nhl4G8TOPzlJu0mWyq7f2gcJLw== Show response
fundingchoicesmessages.google.com/f/ 13 KB
6 KB 68ms
68ms Script
application/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxX-ImB0_TghCXC7viDb_Wihv09RQ4oJccymH3qV8HDucU4aD0iJX4zAiRhXJBIJndeKpj7MOHbai4uEvxKzDNiCzULnmU7kMMD6tvCfcUMFBra4nhl4G8TOPzlJu0mWyq7f2gcJLw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAwOTkzNjIwLDg1MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vd3d3LmhlYWx0aHNuZWFrLmNvbS90cmliZWRvY2UvIixudWxsLFtbOCwiTnRzNUx2WUlvYmsiXSxbOSwiZGUiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

efa8892eb258552c4944dd13e9b5287817b5e228c487b8a3de64270cf59532bc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uX0tzMbInQeoH-szjOx6Zg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:40 GMT
content-security-policy: script-src 'report-sample' 'nonce-uX0tzMbInQeoH-szjOx6Zg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5419 0
0 59ms
59ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CNESrVBpjZen5F9q-9u8P056psA3kmNG3dOvF3YeAEvAuEAEg1vaenwFg9YWAgPwDyAEFqQJONYqLVgCzPqgDAaoEtwJP0JTt8W7GRUvDSzcewXu9tij8__GY6i1vlnRNkvKWiLLsZxrT5FnVaS1lq9LndV4f0oeUn0x63-TjNIRAjIuxIdub8P8W5oYfRVUwCube-Q09DYwweqttd8KccIpvhjdUrtpMzFE9aNbmUP-7MwBuT-4Ub9RjUjSD5SvYmIzTuMNaI1UWsPKI1-yt5ttM93FB90oZiwjVPFEUA1v-reG5vdDWOP_OL2g3SouVdHOOPks53I9WPsa_JQs5ZdUmeKYPXHaeTB6RX0mTsLqC9KYqmPVjovr0oEncod-dnR-5Q6h8r8S2C6rMIcwQ7GkzMGGDTCnIFtvb4DBTVElc7KxcijarHXdFemjveaw9JOq4dZPAEt3GykWaYCttialUcvIhD0-nmNK4LaJUpoAW5CaJpMIGKoy3oMAE4_qm0KQE4AQDiAXk6ajJSZIFBggDEAEYAZIFBggbEAEYAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGToAHvKvTrwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHChDm2j4Y1JTW-QHSCBQIgGEQARgfMgKKAjoCgEBIvf3BOoAKAcgLAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxArATvaiJFcgTxef54QPYEwqIFAXYFAHQFQGAFwGyFxwKGggAEhRwdWItMzUwOTY0MTIxMzkwMjkwMRgA6BcF&sigh=HUV_u5tRZf4&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNpipWBVF29PajmrgbRbuxnvuTIzB9s9R1uKOjodVL_UB6AgjhfPQt3Q2ZtzyMmJD7OvvEFelx602B7Nn9mkC0v9Vy6KuEh2b-0WgYAQ&vt=10&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=4033564846&adf=1850635622&pi=t.ma~as.6586726127&w=820&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=820x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620192&bpp=1&bdt=396&idt=177&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=85&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=180
Attribution-Reporting-Eligible: event-source
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 10:13:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 26 Nov 2023 10:13:40 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C175 0
0 59ms
59ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CmCRAVBpjZfKVGbO79u8PyMWp4AzkmNG3dKvI3YeAEvAuEAEg1vaenwFg9QXIAQWpAk41iotWALM-qAMBqgS9Ak_QsWtblt2hVumGj9a10Egz-GLB725_JWAFfAYuxG6MjGpuq1fLbGOVsUlFoQBXr0nXt8GOlCNL9Jhp3_kx-r0voMP_-470vNcdqKhtDoochocKybzLI6p7vqKb0K80hUPE7ROKojzSD1mAMWDdHX0SRu7zVQvZqiEzv7LRs7Y81Xvf9sx1eSlQXQEsvD3AJxCNHhP93MPLSI1u1TvJcu1bcKX9OIr4mGuc_F_MEkLUHV9Yf0Po5g3LTGQ6uCFJC86U8kNXh1sZHsdnkCMH8_gXz3QOkx2My4lX-dl_CfDFk8dEz_I_5CFDPb_o7t4G_lLvqqyYqMW91JWwDKoTcCVa4D_he84le30Wr7C6w-GPchjL9s1tkdcTrIn_yyznxLB-3D9Crkr9Ya3ShbxXT9dxybU6rYMzyYEJIqUMwATj-qbQpATgBAOIBeTpqMlJkgUGCAMQARgBkgUGCBsQARgBkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAZOgAe8q9OvA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcKELmzMhilk9b5AdIIFAiAYRABGB8yAooCOgKAQEi9_cE6gAoByAsBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECsBO9qIkVyBPF5_nhA9gTCogUBNgUAdAVAYAXAbIXHAoaCAASFHB1Yi0zNTA5NjQxMjEzOTAyOTAxGADoFwU&sigh=u2SzGFApqsU&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgDICaaNBhTUWL3zkudtw13lziXCfn9bpmbRATT1NAF-q0rQSEQl1q3rJm_xPrZqkkhd7NDAFGTJEzXauClf2ZE7lp3dyTBVttXiN17RpBgB&vt=10&cbvp=2&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=2267701741&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620195&bpp=1&bdt=400&idt=184&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=553&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=186

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=2267701741&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620195&bpp=1&bdt=400&idt=184&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=553&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=186
Attribution-Reporting-Eligible: event-source
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 10:13:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 26 Nov 2023 10:13:40 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 70ms
70ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_fy2021.js?bust=31079757

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7685463cca923a5698128c66e1263020c56d259935e0d7577aaa92f857a61fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:40 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12397
x-xss-protection: 0

POST
H2 204 csi
csi.gstatic.com/ Frame 5419 0
54 B 35ms
35ms Ping
image/gif 2a00:1450:4002:410::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lpfbolss&c=3518113075039&slotId=1759056537519.5&qqid=COnziIS34YIDFVqf_QcdU08K1g&fb=outstream-lima&vast_v=2.0&vmfc=11&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4002:410::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 5419 41 KB
15 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 22:32:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 560451
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Nov 2024 22:32:49 GMT

HEAD
H/1.1

200
OK

file.mp4
r4---sn-1gieen7e.c.2mdn.net/videoplayback/id/123c656e20037a62/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935105/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 5419
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/123c656e20037a62/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935105/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signa...
https://r4---sn-1gieen7e.c.2mdn.net/videoplayback/id/123c656e20037a62/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935105/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

53ms
20ms

Fetch
video/mp4

2a00:1450:400a:8::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-1gieen7e.c.2mdn.net/videoplayback/id/123c656e20037a62/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935105/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2B47436973A7292E69897106B201565D40C330A4.1B99E064A762B7E9C50B4409F8077590AF249C7D/key/cms1/cms_redirect/yes/mh/OT/mip/2a00:bd80:a929:0:38d::1/mm/42/mn/sn-1gieen7e/ms/onc/mt/1700993124/mv/u/mvi/4/pl/37/file/file.mp4

Protocol

HTTP/1.1

Server

2a00:1450:400a:8::9 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 26 Nov 2023 10:13:41 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1722629
Last-Modified: Thu, 05 Oct 2023 06:18:18 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Sun, 26 Nov 2023 10:13:41 GMT

Redirect headers

date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 653
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r4---sn-1gieen7e.c.2mdn.net/videoplayback/id/123c656e20037a62/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935105/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2B47436973A7292E69897106B201565D40C330A4.1B99E064A762B7E9C50B4409F8077590AF249C7D/key/cms1/cms_redirect/yes/mh/OT/mip/2a00:bd80:a929:0:38d::1/mm/42/mn/sn-1gieen7e/ms/onc/mt/1700993124/mv/u/mvi/4/pl/37/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 5419 0
45 B 37ms
37ms Ping
image/gif 2a00:1450:4002:410::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lpfbolwh&c=3518113075039&slotId=1759056537519.5&qqid=COnziIS34YIDFVqf_QcdU08K1g&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2085&mt=video%2Fmp4&vs=1024x576&msm=1&aits=18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=347&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.ge~videopreviewvisible.gi&ua_e=1&ape=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4002:410::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame C175 0
45 B 36ms
36ms Ping
image/gif 2a00:1450:4002:410::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lpfbolsy&c=4609883207743&slotId=2304941603871.5&qqid=CPKPioS34YIDFbOd_QcdyGIKzA&fb=outstream-lima&vast_v=2.0&vmfc=11&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4002:410::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame C175 41 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 19 Nov 2023 22:32:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 560451
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Nov 2024 22:32:49 GMT

HEAD
H/1.1

200
OK

file.mp4
r5---sn-1gieen7e.c.2mdn.net/videoplayback/id/774e56e1e4493b29/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935112/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame C175
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/774e56e1e4493b29/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935112/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signa...
https://r5---sn-1gieen7e.c.2mdn.net/videoplayback/id/774e56e1e4493b29/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935112/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

49ms
17ms

Fetch
video/mp4

2a00:1450:400a:8::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r5---sn-1gieen7e.c.2mdn.net/videoplayback/id/774e56e1e4493b29/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935112/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/630E825B7A9EAAE5068649162569842AA55F9243.2304147EB292A4A9D4B3619027E1A5BAFD39992F/key/cms1/cms_redirect/yes/mh/1V/mip/2a00:bd80:a929:0:38d::1/mm/42/mn/sn-1gieen7e/ms/onc/mt/1700993124/mv/u/mvi/5/pl/37/file/file.mp4

Protocol

HTTP/1.1

Server

2a00:1450:400a:8::a Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 26 Nov 2023 10:13:41 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 4306953
Last-Modified: Thu, 05 Oct 2023 06:24:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Sun, 26 Nov 2023 10:13:41 GMT

Redirect headers

date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 653
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r5---sn-1gieen7e.c.2mdn.net/videoplayback/id/774e56e1e4493b29/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935112/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/630E825B7A9EAAE5068649162569842AA55F9243.2304147EB292A4A9D4B3619027E1A5BAFD39992F/key/cms1/cms_redirect/yes/mh/1V/mip/2a00:bd80:a929:0:38d::1/mm/42/mn/sn-1gieen7e/ms/onc/mt/1700993124/mv/u/mvi/5/pl/37/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame C175 0
54 B 36ms
35ms Ping
image/gif 2a00:1450:4002:410::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lpfbolx4&c=4609883207743&slotId=2304941603871.5&qqid=CPKPioS34YIDFbOd_QcdyGIKzA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2095&mt=video%2Fmp4&vs=1024x576&msm=1&aits=18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=347&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.gr~videopreviewvisible.gt&ua_e=1&ape=1
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4002:410::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 7D69 23 KB
8 KB 21ms
20ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 80506
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 11:51:55 GMT
expires: Sun, 24 Nov 2024 11:51:55 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_fy2021.js?bust=31079757

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 26 Nov 2023 10:13:41 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame DCE8 23 KB
8 KB 22ms
21ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 80506
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 25 Nov 2023 11:51:55 GMT
expires: Sun, 24 Nov 2024 11:51:55 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 7D69 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 09:37:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2186
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 09:37:15 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame DCE8 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 09:37:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2186
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 09:37:15 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 052B 13 KB
5 KB 21ms
20ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: bytes
age: 270
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 10:09:11 GMT
expires: Mon, 25 Nov 2024 10:09:11 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AD79 829 B
1 KB 78ms
30ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

70aa563b12de7a32bd4fa3d7348a13750dee2da317e331801f91e2662cee1ac6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KqKIBV_g5nskZsOl_vhL0g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.healthsneak.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-KqKIBV_g5nskZsOl_vhL0g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 10:13:41 GMT
expires: Sun, 26 Nov 2023 10:13:41 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 052B 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 09:37:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2186
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 09:37:15 GMT

GET
H3 206 file.mp4
r5---sn-1gieen7e.c.2mdn.net/videoplayback/id/774e56e1e4493b29/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935112/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame C175 4 MB
4 MB 36ms
16ms Media
video/mp4 2a00:1450:400a:8::a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400a:8::a Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

a618f954ca5935f3c0ade0622be52c653601b57084f060e4e52a6cd002be83ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

expires: Sun, 26 Nov 2023 10:13:41 GMT
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-4306952/4306953
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 4306953
last-modified: Thu, 05 Oct 2023 06:24:10 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3 206 file.mp4
r4---sn-1gieen7e.c.2mdn.net/videoplayback/id/123c656e20037a62/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3840935105/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 5419 2 MB
2 MB 41ms
19ms Media
video/mp4 2a00:1450:400a:8::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400a:8::9 Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

083d9070df2776c0abbf15d0b3fe68184e3c4671f0928f03af6822b6cee2f92d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

expires: Sun, 26 Nov 2023 10:13:41 GMT
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-1722628/1722629
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1722629
last-modified: Thu, 05 Oct 2023 06:18:18 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7D69 0
20 B 57ms
57ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=B48jrVBpjZYiAOJKG9fgPm7ixuAQAAAAAOAHgBAI&bg=!6-il6KfNAAZxrfrxUa07ADQBe5WfOFxSCriTcw7KKUdpnEgrzTXnebmddOlmefVnsNGLYLLvIwe0VUqxvnjgQ0aduuekAgAAAENSAAAAAWgBBwoAT_cqpY8M8KY3K0s8GhSzpA_RgxmqmNd0xkFWwjNrrwkO3ptAyV9r2CFLSGSpb657FAeWhw7k3eF3f3hyyW99JtE2LR7tmYtkmL2gfoBLy5OZAujDpew08WruwrKFbGi-yGlXqO-CUH4h7CJAEAGS4pCOm1hz5aRSOGWb2COAUmpacAfx-8AhOWqiGYZ-mVi-rUfuZ_WAS_oNmoG89VHE1pjMEN7pU5kE3oPo9HTOLd1SfSJ3_bfb3GavDA5bvF5lAWT-SeGMJWVqpKXsNFhpPI-MJlQltgFo6GsIbABVNnnPTjRwjHebimAfVXAsycrDMcgPTAA91pQFYss0B6rpNHIZb1qhKTQSuv71lDGxe4MfAS-6KQhmSZZy0T3Jm3Y6LOX1_0kUjSCEGktQLJhsfLNKZQNQYratBt8L1cJ6KmEaVyI6PZjPMQ_Oqojq8EUo3afumGekQU5rx6DdxJC7MSwYAdP6fmhfBCYK0qjXbGxRoF8Y4DOdayu7Iv5pHhhQg1sCEPZQQeXCF9sjtRJPraItp0muhvNe7BSUCmjubkpQORiSHUfOle2n_clg6RDKvCajkpDE8MTQIT9PrV3NBS_zmD0LORu2xLM4ZuH0rYtc3EVNN29JD_qREkyK3hZJLWihFvn7XSxPxGyE4QkSw695xK6T79472j18SO11E9XgNsZxERYnVHkR_cupnl4Xgoj6PrVX2FLGPPKzkR0gK-UNTDyVAq0WnzPz-VZNzvnkCi99x0mgoQtOI8N2GMUrQ57kV0gqkXduU3IOBdIWb7bPdblMjCli3ojqTcI7juug06ZLLvVeoPJUu7b_sg2QRVybWS35nNvWARBgOPEELQd0JdIhb0qdQC5pNcEneudLsZ5UKWQrxzgHWmBRKGU31aeBMMCgEmLptZkccQkfhNhbiEQoQo8zCPwLIChkJZFO9Isa4_0yGguu08lfawpsRCvOrl83LFey9Q67pQ8NKqxhNmcswcUtkT-JH0aNPPZdeawvHuIdvt4kxnphJlJBxIIk7xBgYT_GuQ1TmNSji-Ng3EvWLp5GDEuyce4cH1oRJUnio-jdgXeFeyOEZjpq3VSZGr1UXaDhgDU

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AD79 0
0 55ms
55ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=2385063870962070&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DCE8 0
20 B 57ms
57ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BCelkVBpjZZ30N6SP9fgPzZiZsAIAAAAAOAHgBAI&bg=!b2ylbCPNAAZxrfrxUa07ADQBe5WfOBoGEeSqMkdVNweyXS6Y4Z7zroG6FmufVazLqFGgh6fVHisuKpdzvgUbvcv5r8owAgAAAEpSAAAAAWgBB5kC-0-U4eketmivmlldYGAJ9IAHkjhdeyUeVaeUz97JDjbOQelqIseG0UsbhTZ31H5JxVHMS5P72KGRKM8J-Yv_GTH4a5w8LMzxV15sEkmAjLw9EZp0fkxKUAbwfXV1Plso4Sszc50juWnaRXYVN92tupJZiKySPFooz9w6SYYenYe0FrWOnpnU9PbMsFJ9AwsWXdiLIy_Y7qpK89Iih7t-W9O5zB_4TMppJ3yl69flreKFcUCUfOadnTnQSDlacEsFSVo6Gk2lxhflAKDi4cDShOmX1hZ8mKpkumwUFEFtUw3Wnxzo_Us_584D5Jr6pzViPNM9hYmobFnQL52effOUTTFolL33j4yV_EzcV2xELTH9MxrwvyXXqOAJAiH1HNte_JSLFHuMJwS9QD6WM6DlgVmcpXjxEGmrZ5lfc9vjo3UvmuAVk-2Lh-GrWvWkGtAkmYqy_M9oEIuUfadAKwAheEvchFI8Zd-U33kBmE0ga5Gha4h9BdLrSuX_knO4yZ3AANNr6mv4sFxBKMs-QCalTCsNK2eY3KWQfYoQWmQhFR6Cank4v-evDcXFUaFb5aV7R4cfD5Q8gEdG4dbE7TmsZnSTRTvROC7d8SFvAYfQ4p9U3umPjDOmv3QJfVrEamfrfm8o1CHwzncifXWlf7ns8tOUgI84DPq5Y_ecPaXdyL5VRoLISQ3P0AemmPMaLgKsCvnskOAXYoLFQxkpfrVWrfUpFlNguJJqPF95Rq8F4leg1q0kEGevMJZHM2wEbkgi3t7Qjl5SAHV-NZCexJnghZAN3q2oHHnfl0mPnGNYZtGETIxk28XKSls58S6xVWYazdoQdlunw3ST5CAUdIjk4HDoaXWvoxYRLxSh8DwJzkuJzRcYEYeF-s9bMWrE70utN9vMnIVcw11tOUPTSzhKpeCPgGs1G3r8X1bqtUwDN33kt4_lrSZm2carMMP7Gyc7ZLTs4blqd1hJXir_vFz3gGgm9O2mmKVJJnQydWhq1-FTqOmyd2c8kfUbWKc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 052B 0
10 B 21ms
20ms Image
text/plain 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?prHpIw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:41 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 dc_oe=ChMIne6ohLfhggMVpEcdCR1NTAYmEAAYACDDge1fOhoIyebotQMQ4_qm0KQEGMXn-eEDIKvI3YeAEkITCPKPioS34YIDFbOd_QcdyGIKzA;dc_rmcid=CAQSTgDICaaNBhTUWL3zkudtw13lziXCfn9bpmbRATT1NAF-q0rQSEQl1q3rJm_xPrZqkkhd7ND...
ade.googlesyndication.com/ddm/activity/ Frame C175 42 B
401 B 118ms
59ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIne6ohLfhggMVpEcdCR1NTAYmEAAYACDDge1fOhoIyebotQMQ4_qm0KQEGMXn-eEDIKvI3YeAEkITCPKPioS34YIDFbOd_QcdyGIKzA;dc_rmcid=CAQSTgDICaaNBhTUWL3zkudtw13lziXCfn9bpmbRATT1NAF-q0rQSEQl1q3rJm_xPrZqkkhd7NDAFGTJEzXauClf2ZE7lp3dyTBVttXiN17RpBgB;eps=CIBhEAEYHzICigI6AoBASL39wTo;met=1;acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15018%26vmtime%3D3%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D469724465%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1700993621191;dc_rfl=%5BURL_SIGNALS%5D;ecn1=1;etm1=0;eid1=11;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame C175 42 B
64 B 63ms
62ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CPqnRVBpjZfKVGbO79u8PyMWp4AzkmNG3dKvI3YeAEvAuEAEg1vaenwFg9QXIAQWpAk41iotWALM-qAMByAObBKoEwAJP0LFrW5bdoVbpho_WtdBIM_hiwe9ufyVgBXwGLsRujIxqbqtXy2xjlbFJRaEAV69J17fBjpQjS_SYad_5Mfq9L6DD__uO9LzXHaiobQ6KHIaHCsm8yyOqe76im9CvNIVDxO0TiqI80g9ZgDFg3R19Ekbu81UL2aohM7-y0bO2PNV73_bMdXkpUF0BLLw9wCcQjR4T_dzDy0iNbtU7yXLtW3Cl_TiK-JhrnPxfzBJC1B1fWH9D6OYNy0xkOrghSQvOlPJDV4dbGR7HZ5AjB_P4F890DpMdjMuJV_nZfwnwxZPHRM_yP-QhQz2_6O7eBv5S76qsmKjFvdSVsAyqS3G_r3Otp-lglO0iijmkfFf9cuYNQUfw5AinN6Yq9eI0AB88YiGJuYNk5Y8Ge7g1xJz5XdEZviPcr6ptfdc1XOmST8AE4_qm0KQE4AQDiAXk6ajJSZAGAaAGToAHvKvTrwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIBhEAEYHzICigI6AoBASL39wTqACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJDSLATvaiJFcgTxef54QPYEwqIFATYFAHQFQH4FgGAFwHoFwU&sigh=ifKwk_Qv9Dw&label=part2viewed&ad_mt=3&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15018%26vmtime%3D3%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D469724465%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1700993621191

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=2267701741&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620195&bpp=1&bdt=400&idt=184&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=553&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=186
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C175 0
557 B 132ms
64ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsshFN3k--pulh1gE7ZN39UtqFHvTIC0i9TyT-i19hHXtET2F5WlHFi9mGsBH4VIXn-CDYotDecksWI7Wlh7zxhcCWBvCV9olinENzcOFgDqFgA6j3Si9YRXhGhav-ogVNxpxjY2paHI_L7zTW0kv6oF5RVovLtvt0M8GubRbdQdK1Hkl2C0hTZf2lk5Ghuq1RJZM6C0rh0A_LjWef1PNWbGMsODObaSCZTtqUb4vXSIChHkofPDyITYwvNbETvrA3zJlNtU3zkI5ThGlqRZuVl7uPk4azejzMDPT8nwjy47xEvIK5vFr22-qWeeCmYF6XkyqPynixKPNYvqKKbQSGncF4FeZDnZD9w6oF5ynYhpFgA-5OSKP_y6S2VgVNQnmKZX4YLN-SyG7hMtj0vDFJVrj0UYxgl7FIfwBb6O5AFiU7Ra60rjvDxaejKIH-_RQHrOA7uxUY-5TNf21TvAg98DPT2gIU-q1zgglqeSqRftn53K9XJeGbxavAIhnmcVSFgG5ChIAt0VzwXNsY4iNWk2vsAhqQD7iPbpFT--lXfm0ALs3di19Txlkx9ou2bDUQuYIFyVB7Q0aJZtXjSIJjYn-leiS3I3AWC0qZ5jP3hmRxV1YSffHq1TYzOrhZ5WbQtqLMdPDTkLFMs44lGGYWtyAtTf0K7yRqTwml-jO486ADQ9iqwzLMUFTUEvHSiaMB4o11XLftBZdzaF_5w-t_X6FjNtyYAFrE_PVg-17jbSotxnE0JQtERw1op_EbYczbfKSlV83L2qroIHzHUnV_dIVH1qjaqHfWKjz12R13lE_baWt6jlAOjEbEiNIIoJTmzgWVew1b7lJ8FUv3LOeXTkUfLw6S-AJr6g86kftWwSioghy1x2hIQqXb10JivfmztD61DxrLkTS4zAKGFI1oZAKZnVJSDVoqOKHgZ6eEOa7WeD7I0fKGOb2FiLS6C_CiUf8dAGgRq6lucS6c0FsN8pw8-4FmEG_r2nAdKbTUCEmuW9MjHQnoRHB43j2IMOrZJrxGXg8MD64qR50Elqw2CR3G0b-VwBYOZnmbEnCdafmZHntk7D7Jdte6dq5j7Y0f88izp3dEoNMEp3RtYwjVpF5_l3FSHJzboSpadDA8KIP_DkVG71IItPsZpvGRfxWl_Jx81j5THrCra91L1BI-dq9WgyUeRQwB-WCWhLJH0IkIvmNwZYaAP6g7EnAIIoMrDWis-Lg9LvYRHMTzTto54OvNkiS8e37XemyfoaZ5l6hSyTKszpZuUDJCtH8oKDFgq9PAEQW69TkaX1HVPCYETyvS5oU_thseX8owFZCjfkfIg3gE5TZgWpfIaU5Li6YLkdk-sTf1CwUrCVHcZJn9TrLCvYxGOsS_ITKw&sai=AMfl-YTrrI3LwrlPxY1-hKm8Il22J4eWGpqPyZNC7AS8dUPCiTNPy-kz-L71CAvwapLqnjeZiVcIeNompxhq6_kwXm56hr9G-89FrHcD2yh8c9_oqmWzG0PTSUsLdO8YrnBJaS3AHewLUK1YzpKOINERkjvdwbHMealsMEBuzUFmuf7_XRxAUutNr0T-Y9rjlx9DJlHuyHxAUFq0pdDihPTxjL936ojvS95gNbCSnN0EbmaxzHwZFGH26uaoAcixGg8dWHpgZl06DcceVnhORFTEz_3zyN5KE3d8BStQKw&sig=Cg0ArKJSzOQn62AHg7x_EAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&adurl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame C175
Redirect Chain

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMDSn7ADEMnm6LUDGKWT1vkBIAEwAQ&v=APEucNV30cIIIvCf74IWfcfun3KjqFwlMUYtauPs2x_6bUo7v-puOGjWN1obAa1VUGWPEeZjXN6C5nYl9eO1LIcu3jkItCTuS6RASTIndazMdsubD_v...
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

170 B
409 B

98ms
31ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C175 0
20 B 57ms
56ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame C175 42 B
64 B 61ms
61ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsstPS4uaRLHDFaK1i1PYE8-nWFfPgeFvQa8nTdEmf3-FzFCa8S88kyEnroOzZUDC3wO0zUv6X8Mx4bVRL1INfYNjzJwte5zttL72l42r6cqNyteAzZ86shrXkXov4d2&sai=AMfl-YQirOSJYl46_ToyUzB-HKWRgGVjrXdUL9CaQbOelDRbVniA2udQK4t4gtoxntJxfIHGa57Du4pTkQMQJJZUaSa_IwOv98niBqsI6PPep5a2joOcm_AQm7GNAPStP0eB01OSiwTnZnOaB2K3zBXj&sig=Cg0ArKJSzDeoHHcDjfBdEAE&cid=CAQSTgDICaaNBhTUWL3zkudtw13lziXCfn9bpmbRATT1NAF-q0rQSEQl1q3rJm_xPrZqkkhd7NDAFGTJEzXauClf2ZE7lp3dyTBVttXiN17RpBgB&id=lidarv&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15018%26vmtime%3D3%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26ic%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D469724465%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1700993621191&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame C175 42 B
64 B 64ms
64ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CPqnRVBpjZfKVGbO79u8PyMWp4AzkmNG3dKvI3YeAEvAuEAEg1vaenwFg9QXIAQWpAk41iotWALM-qAMByAObBKoEwAJP0LFrW5bdoVbpho_WtdBIM_hiwe9ufyVgBXwGLsRujIxqbqtXy2xjlbFJRaEAV69J17fBjpQjS_SYad_5Mfq9L6DD__uO9LzXHaiobQ6KHIaHCsm8yyOqe76im9CvNIVDxO0TiqI80g9ZgDFg3R19Ekbu81UL2aohM7-y0bO2PNV73_bMdXkpUF0BLLw9wCcQjR4T_dzDy0iNbtU7yXLtW3Cl_TiK-JhrnPxfzBJC1B1fWH9D6OYNy0xkOrghSQvOlPJDV4dbGR7HZ5AjB_P4F890DpMdjMuJV_nZfwnwxZPHRM_yP-QhQz2_6O7eBv5S76qsmKjFvdSVsAyqS3G_r3Otp-lglO0iijmkfFf9cuYNQUfw5AinN6Yq9eI0AB88YiGJuYNk5Y8Ge7g1xJz5XdEZviPcr6ptfdc1XOmST8AE4_qm0KQE4AQDiAXk6ajJSZAGAaAGToAHvKvTrwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIBhEAEYHzICigI6AoBASL39wTqACgGYCwHICwGADAGiDBgqFgoU5LSxAu61sQK1uLEC5LSxAu61sQKqDQJDSLATvaiJFcgTxef54QPYEwqIFATYFAHQFQH4FgGAFwHoFwU&sigh=ifKwk_Qv9Dw&label=vast_creativeview&ad_mt=3&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D15018%26vmtime%3D3%26is%3D33554450%26i0%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D469724465%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1700993621191

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=2840774687&adf=2267701741&pi=t.ma~as.6586726127&w=718&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=718x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620195&bpp=1&bdt=400&idt=184&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C820x280&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=250&ady=553&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=186
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame C175 0
17 B 36ms
36ms Ping
image/gif 2a00:1450:4002:410::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~lpfbolx6&c=4609883207743&slotId=2304941603871.5&qqid=CPKPioS34YIDFbOd_QcdyGIKzA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2095&mt=video%2Fmp4&vs=1024x576&dm=15000&ple=0&umsem=0&event_name=first_play&asset_bytes=198804&video_bytes=300&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=9&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=0&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=vil.mh~ff.mo~videopreviewstarted.mo
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4002:410::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5419 0
20 B 55ms
54ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIiPqohLfhggMVEkMdCR0bXAxHEAAYACDUhu1fOhoIyebotQMQ4_qm0KQEGMXn-eEDIOvF3YeAEkITCOnziIS34YIDFVqf_QcdU08K1g;dc_rmcid=CAQSTwDICaaNpipWBVF29PajmrgbRbuxnvuTIzB9s9R1uKOjodVL_UB6AgjhfPQt3Q2ZtzyMmJD...
ade.googlesyndication.com/ddm/activity/ Frame 5419 42 B
107 B 119ms
65ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIiPqohLfhggMVEkMdCR0bXAxHEAAYACDUhu1fOhoIyebotQMQ4_qm0KQEGMXn-eEDIOvF3YeAEkITCOnziIS34YIDFVqf_QcdU08K1g;dc_rmcid=CAQSTwDICaaNpipWBVF29PajmrgbRbuxnvuTIzB9s9R1uKOjodVL_UB6AgjhfPQt3Q2ZtzyMmJD7OvvEFelx602B7Nn9mkC0v9Vy6KuEh2b-0WgYAQ;eps=CIBhEAEYHzICigI6AoBASL39wTo;met=1;acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D0%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D157954493%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1700993621200;dc_rfl=%5BURL_SIGNALS%5D;ecn1=1;etm1=0;eid1=11;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5419 42 B
64 B 67ms
66ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CdaSiVBpjZen5F9q-9u8P056psA3kmNG3dOvF3YeAEvAuEAEg1vaenwFg9YWAgPwDyAEFqQJONYqLVgCzPqgDAcgDmwSqBLoCT9CU7fFuxkVLw0s3HsF7vbYo_P_xmOotb5Z0TZLyloiy7Gca0-RZ1WktZavS53VeH9KHlJ9Met_k4zSEQIyLsSHbm_D_FuaGH0VVMArm3vkNPQ2MMHqrbXfCnHCKb4Y3VK7aTMxRPWjW5lD_uzMAbk_uFG_UY1I0g-Ur2JiM07jDWiNVFrDyiNfsrebbTPdxQfdKGYsI1TxRFANb_q3hub3Q1jj_zi9oN0qLlXRzjj5LOdyPVj7GvyULOWXVJnimD1x2nkwekV9Jk7C6gvSmKpj1Y6L69KBJ3KHfnZ0fuUOofK_EtguqzCHMEOxpMzBhg0wpyBbb27gxofrapvE-8jug9IHhUbz884Q4KK5bhfwKsDbXZcBsgofw4ZVU4onfDxehDDHvMb5xeoqYumCo1jih6l55J_ClTTHABOP6ptCkBOAEA4gF5OmoyUmQBgGgBk6AB7yr068DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB8yAooCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CQ0iwE72oiRXIE8Xn-eED2BMKiBQF2BQB0BUB-BYBgBcB6BcF&sigh=hiFPgi7sIP8&label=part2viewed&ad_mt=1&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D0%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26i0%3D33554450%26ic%3D0%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D157954493%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1700993621200

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=4033564846&adf=1850635622&pi=t.ma~as.6586726127&w=820&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=820x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620192&bpp=1&bdt=396&idt=177&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=85&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5419 0
65 B 129ms
66ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuf8fXIK6FsL8Ja2Pkl6lMvJ24TVGy_68wd2NASRHH_tsgfGMF3ehD-KPPxwHP3_dAw76A1xq_PUEeNhYgTcY9wkAFgzIWRineyOLo-cICle6Ak9IlCLQK756Z9TrfB3SrmRExzHjilCmMuCOLWHWrs1fzWrEV7uoJt9I5-2ZGIIU5IxY3EyhAZPg8aQy0zBwxsB6s1Cr40xR1y3FoCE6zYHHYaTcy_pwoKd9l53i0GhB04JIPc5RE7FlwTzaNpjGqej6XHIsZAPWOTHFpVahldEBykUhDlDMHpuGvnD5O35vH9XCttMYG21au0wyqHrLI15eyGYslb3XRj9ygYTXiBkJFV778GoxBCh8__Y2PBS0f7HdiyyBowbqn8n_X38Hcu5H4US0dX-wOoafLsMzZexIU19d5Gyi-sflqvZ5JlOWGwLPeIbvQ9qTLaHkHxkV05e40fMvIYBt5bQmn-rl9vM2ghviN3aefK7uTszqYzGPokv4IVMYUKxb_GqGkVGuj2nMrKklnn5UyWJvxU1SeTr7O6qPEDrqXhpvtAnOMu1pZtLY9uUkLwA9kp8NJ7hg8ug95AnL4KlYSwDvOw8l2uipnHuD5xLLr8oj5Vt54Sct-PiW2ZFGHGNKUSbSaDmbTYFezGF1yDrheDvvyYciCy2qxMimMMpvTVeoluPik4Q583UgCPQfeukrbvaG9t1xhQR09nJ-C31ORQ58YDKv7x37y3a98oS669H_bAAV31dfZ0v6XB38lG1FxblbMdn-pYlhmH4OjkV7t3UUZMTtbDdgcqWU4DIYRRoCFoJOJjpGyV1FY5tdZGHQBFMW7odhNIzs5FgC5_tW1j5qi673tUORt8f4G_hdcfoXHb1Ywme_PoYMY_1i3ksZK5gD4tc1Ay4SuhJfUCSVXmoeNFKn-aKrVMrrWQxfoiIZTKw3fQxxwz0qXh3j35U5ClUsmALGtea5LM-vgB8BsrKEo8sJl5FQ3tZOIgoYF3VzKH60n7Q2aUY2TjgZ8gniGRvxg6OZqc4ekPSX4jocnHhQMt3dkSGKxvZrTrZLtif5k0p6rOZuU-3IHnVbze7dDXtt4V5rz7tv6pIpnLcYbOkIilulc5XoN5CbDuWgRD1y3UGUUGpeIUWJbKufIlXXuVXJ8PQq2omh6r_04E60Ri0xn_zVIpZTf-BQVRglAgLAHKE3RQ6OGkl8FH9BNneFYrvOgBvr_uXC34I31YHngirOR7x0F4aKO5XDOZ1RiaKPIjvbdnsMZT1G1CNZZipjNFXfKsndgo0gC21Vx3NoWiN4pyUtrMT81HSu-kvWzLMiPtVWkTFEBXBX15CueSV8Vrsu4nOuVg7rFuwSkvCzAFgdr78AD5Y-oNTx4Fxqc&sai=AMfl-YTroWNj70F34f8l5DptsqFcrLoqCuI7OZTUo8VgCsrj-1WiNwYhyHDn4wmvMFHszEVgREhlF0zn1xiv61G73WBqM_lsraLYUrQO0f9V8rd5GmHbSREc_wjKN1UB1j7G2Tre5yRt1q--RrcfR0lpxha5wKeZowQzi1q0Im3iZ4vwpuGD_I6RShErXE1eZvisVSrO9dm2QWvtJ02rdjQ1uQPSXVrDeoqI-pEik4e2kNg5M1WREeoMd8OKbC-vXhn_ew4uWxSgU1lBMDUsRXdcHAIsJRDV5d1DA6zu5yxWdw&sig=Cg0ArKJSzJdXxTgpheQWEAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&adurl=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 5419
Redirect Chain

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMDSn7ADEMnm6LUDGNSU1vkBIAEwAQ&v=APEucNV63Hzsr0ce5H1HVuHYfYaBrOI62_W716xXHDEcF5s6Cnte-SeB9jreseMRKmgq0tvhy8wm97ONdTQ_1rzPeuy6A_J6YpgNMRQjanOTC80hL3V...
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

170 B
232 B

94ms
32ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5419 42 B
64 B 65ms
64ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvMvoOYs9mMM9ioXqbiXAkcJ_Ula2WgVU30pxJ8_y8z4fezUvRiy5JHKMqGqsTbUdkLt1vCZL5gk1AaPn1zuPk4KUMgdMoeGyP23Jdj2wcqWIMeho5IeW_wOVBlCojE&sai=AMfl-YTQW71e7-z4-jAetuN1fY07iTX8oibcIQGDxtHPZPWh4wEMRwt54pNBSCai_TvH6Mq43Ndtts-meqQ4so0kEvXA5fYqfGtknPmQkRWjt0A_7LvuhygVAMgziC0auStRlwVJunz_kTc2ns9fTkPoGg&sig=Cg0ArKJSzPO12L4juSbSEAE&cid=CAQSTwDICaaNpipWBVF29PajmrgbRbuxnvuTIzB9s9R1uKOjodVL_UB6AgjhfPQt3Q2ZtzyMmJD7OvvEFelx602B7Nn9mkC0v9Vy6KuEh2b-0WgYAQ&id=lidarv&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D0%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D33554450%26ic%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D157954493%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1700993621200&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5419 42 B
64 B 68ms
67ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CdaSiVBpjZen5F9q-9u8P056psA3kmNG3dOvF3YeAEvAuEAEg1vaenwFg9YWAgPwDyAEFqQJONYqLVgCzPqgDAcgDmwSqBLoCT9CU7fFuxkVLw0s3HsF7vbYo_P_xmOotb5Z0TZLyloiy7Gca0-RZ1WktZavS53VeH9KHlJ9Met_k4zSEQIyLsSHbm_D_FuaGH0VVMArm3vkNPQ2MMHqrbXfCnHCKb4Y3VK7aTMxRPWjW5lD_uzMAbk_uFG_UY1I0g-Ur2JiM07jDWiNVFrDyiNfsrebbTPdxQfdKGYsI1TxRFANb_q3hub3Q1jj_zi9oN0qLlXRzjj5LOdyPVj7GvyULOWXVJnimD1x2nkwekV9Jk7C6gvSmKpj1Y6L69KBJ3KHfnZ0fuUOofK_EtguqzCHMEOxpMzBhg0wpyBbb27gxofrapvE-8jug9IHhUbz884Q4KK5bhfwKsDbXZcBsgofw4ZVU4onfDxehDDHvMb5xeoqYumCo1jih6l55J_ClTTHABOP6ptCkBOAEA4gF5OmoyUmQBgGgBk6AB7yr068DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB8yAooCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CQ0iwE72oiRXIE8Xn-eED2BMKiBQF2BQB0BUB-BYBgBcB6BcF&sigh=hiFPgi7sIP8&label=vast_creativeview&ad_mt=1&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D6016%26vmtime%3D0%26is%3D33554450%26i0%3D33554450%26cs%3D33554450%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D157954493%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1700993621200

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=4033564846&adf=1850635622&pi=t.ma~as.6586726127&w=820&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=820x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620192&bpp=1&bdt=396&idt=177&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=85&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 5419 0
17 B 38ms
37ms Ping
image/gif 2a00:1450:4002:410::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~lpfbolwm&c=3518113075039&slotId=1759056537519.5&qqid=COnziIS34YIDFVqf_QcdU08K1g&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2085&mt=video%2Fmp4&vs=1024x576&dm=6000&ple=1&umsem=0&event_name=first_play&asset_bytes=198753&video_bytes=300&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=9&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=0&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=vil.n0~ff.n2~videopreviewstarted.n2
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4002:410::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:41 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 58ms
58ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=2385063870962070&bg=!xMelx4jNAAZxrfrxUa07ADQBe5WfOLeQc2bEhnQ0VarMH2ay3OfAOt_rY0JnA7MzLI2dxtmZIhCrW08QHLEChJF8FUN6AgAAADZSAAAAAmgBBwoAbm8szIq0j7JuYZs7HI6Sp1bcIURSYm8bDhvItu1YUKtFs6_7a-nUcj86g5UVRHmuuo3aASX5uZVVyz3-dCtGH2o0n-KJifJHgMl7XQkUYydcOPBdkf0jaNUnzw-fcfng0r13EgIztb0qR1IuquAHmQK57rs8FDX6mL_kq93gQ3DKCyN79cCRmtCxM6zZIsHFCAcqkgmcNuQWy9Kb6r-MvYu7qgWaGbN4BhG2E0kqRM5wNHm0MkhXQXRyPH9ZmGWW0HN4Zpgd7KLuyGHqA8n9k8gV-L6Wie4Q0MP5O7ZG8DARhHKZ9tmRdyWZMUHW02k31K1aSQ3q8tnpgiI61y-uMR0uD5pppOhGBgJ-7VccxetbP_3iHtsVOkJLF2qaMQ_kcjHjMxkNCZ_OPvgsd2iXFP_zSnHk4CmryfR0sbn2lqw3EixgWeZVvpTrXR22g8_MMO_IfPkGMCrMAQ33C4mkzoZltYWMkUtpJP0pit-F4Uqtw3vcxWYNBMwvC8VFwNyiGcrA42tjHlworGDNr9oTYwPQqJGJH4NMTkrlMgDJ8eYGw1lpTjzz4fvCwOWqnaV2wksV8RosMthqI9k9gkqb8opiJAFn3zwGMhHS-W6VJFu4uE-_TWeoMHbX9lnydxdfNl7CISq4ZlMZp0rz3TtX6XwZXMUlNUy_kRBkuBmqBwtJCLgwLKbcONInf_OA0Azaxiwa6zlHPz-hxf4ZCYuG1mr1xiiux00cXCwXQM3TMf5fQ-W-TsgES9DjzVND-jpr6g0DEKujnXOkqpAbKY2Av2IH4QSTKIFOY9NFluXuhSxyHeAhqCKyi2Qe-FvozhXSbOl7odvJZrcWKYA1KxER-9gDvhmTdSP-0RO-Y-FlLckC2SuhWfKPRJOchNfZNtQ2ShEmIfEfpTlwpauYEN1Ry1IEBbPXDIb6SRfsKIqXyIz5VvS33YOPP6PWBqqAOrNvJweMtI6pebB1xMh-jjol7m1rBWtX1CmOhhY1urCbY76Xw1GN-Bd89liq1_KS29zYL4l1evF5FsIP6IAmTUMJNI4Y7dBz06IB6_EEgYm6G3AF_sz6PgztMqSx5Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
68 B 48ms
47ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=4.602309728669889

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-N55G9fWSE_lB6U6m3Hshqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:41 GMT
content-security-policy: script-src 'report-sample' 'nonce-N55G9fWSE_lB6U6m3Hshqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
68 B 36ms
35ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=0.572042949442084

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-4d_6_oeKppxHuYfiiJ5u9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:41 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-4d_6_oeKppxHuYfiiJ5u9g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWrg1XyYanNzpN0zxADHz3DZJjBbYyNMyRcxXOPuy788-ILfRpq6CFSb1-4VCBx96TxEoEuwssXQPL0vr8bcGkDV7ERuxNcHvDYDPHuBtvJQa-a1EKwoOE1rfbNDgr4qFr3MYm8Cg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 80ms
33ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWrg1XyYanNzpN0zxADHz3DZJjBbYyNMyRcxXOPuy788-ILfRpq6CFSb1-4VCBx96TxEoEuwssXQPL0vr8bcGkDV7ERuxNcHvDYDPHuBtvJQa-a1EKwoOE1rfbNDgr4qFr3MYm8Cg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-1G55TJ0ZaMx8TCDgxF9-0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 26 Nov 2023 10:13:42 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-1G55TJ0ZaMx8TCDgxF9-0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.healthsneak.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 5419 0
17 B 36ms
36ms Ping
image/gif 2a00:1450:4002:410::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=6~lpfbom37&c=3518113075039&slotId=1759056537519.5&qqid=COnziIS34YIDFVqf_QcdU08K1g&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2085&mt=video%2Fmp4&vs=1024x576&dm=6000&met.4=vfl.p4
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4002:410::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:42 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame C175 0
17 B 35ms
35ms Ping
image/gif 2a00:1450:4002:410::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=6~lpfbom32&c=4609883207743&slotId=2304941603871.5&qqid=CPKPioS34YIDFbOd_QcdyGIKzA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2095&mt=video%2Fmp4&vs=1024x576&dm=15000&met.4=vfl.qb
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20231113_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4002:410::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:42 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad_ Show response
fundingchoicesmessages.google.com/f/AGSKWxUPj-FZGc4Jifr78o3OB-9DBIL7xJxdVGUpUIyLfu_vm_aF_piw9wu3nt5R_lT4r011nFo34KTrBnqDi_FbAYSNgGUUFv4O-0Souzzj2ir8FKvnY4i-T4IfPt0JqKxJ63kIk8omwVC2v9Tcvg_JrVaZZ5gOJ... 54 B
109 B 137ms
137ms Script
application/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUPj-FZGc4Jifr78o3OB-9DBIL7xJxdVGUpUIyLfu_vm_aF_piw9wu3nt5R_lT4r011nFo34KTrBnqDi_FbAYSNgGUUFv4O-0Souzzj2ir8FKvnY4i-T4IfPt0JqKxJ63kIk8omwVC2v9Tcvg_JrVaZZ5gOJFJGSMH07pBaj-9vEQujYrodu2dW6i2e/_/dlfeatads./adblocker-leader..is/ads//adspd./placements/ad_

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.Nts5LvYIobk.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMx-VBI7cufk83j17-qyMs5NHKqYbA/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9440ca70e7656abdbc7506ce98912a2cca997f645c315ea97bc88500887bfc1f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-IpnQcUHSpFlODyHuFMH9ZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:42 GMT
content-security-policy: script-src 'report-sample' 'nonce-IpnQcUHSpFlODyHuFMH9ZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_companion_ad.js Show response
pagead2.googlesyndication.com/pagead/ 30 KB
11 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_companion_ad.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7056ee35245d2a45248788af5dfa633c9bd2245f8d94a2208742bafba791ba23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 09:37:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2151
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11374
x-xss-protection: 0
server: cafe
etag: 6911560897263355264
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sun, 26 Nov 2023 10:37:51 GMT

POST
H3 204 AGSKWxWrg1XyYanNzpN0zxADHz3DZJjBbYyNMyRcxXOPuy788-ILfRpq6CFSb1-4VCBx96TxEoEuwssXQPL0vr8bcGkDV7ERuxNcHvDYDPHuBtvJQa-a1EKwoOE1rfbNDgr4qFr3MYm8Cg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 40ms
39ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWrg1XyYanNzpN0zxADHz3DZJjBbYyNMyRcxXOPuy788-ILfRpq6CFSb1-4VCBx96TxEoEuwssXQPL0vr8bcGkDV7ERuxNcHvDYDPHuBtvJQa-a1EKwoOE1rfbNDgr4qFr3MYm8Cg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-SMb4Tj4v-XhZdsFOHqHwQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 26 Nov 2023 10:13:42 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-SMb4Tj4v-XhZdsFOHqHwQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.healthsneak.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWrg1XyYanNzpN0zxADHz3DZJjBbYyNMyRcxXOPuy788-ILfRpq6CFSb1-4VCBx96TxEoEuwssXQPL0vr8bcGkDV7ERuxNcHvDYDPHuBtvJQa-a1EKwoOE1rfbNDgr4qFr3MYm8Cg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 33ms
33ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWrg1XyYanNzpN0zxADHz3DZJjBbYyNMyRcxXOPuy788-ILfRpq6CFSb1-4VCBx96TxEoEuwssXQPL0vr8bcGkDV7ERuxNcHvDYDPHuBtvJQa-a1EKwoOE1rfbNDgr4qFr3MYm8Cg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-LC03Gh8Hn4n3gCJBX-ynWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 26 Nov 2023 10:13:42 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-LC03Gh8Hn4n3gCJBX-ynWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.healthsneak.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWrg1XyYanNzpN0zxADHz3DZJjBbYyNMyRcxXOPuy788-ILfRpq6CFSb1-4VCBx96TxEoEuwssXQPL0vr8bcGkDV7ERuxNcHvDYDPHuBtvJQa-a1EKwoOE1rfbNDgr4qFr3MYm8Cg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 32ms
32ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWrg1XyYanNzpN0zxADHz3DZJjBbYyNMyRcxXOPuy788-ILfRpq6CFSb1-4VCBx96TxEoEuwssXQPL0vr8bcGkDV7ERuxNcHvDYDPHuBtvJQa-a1EKwoOE1rfbNDgr4qFr3MYm8Cg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-C5jk0KQfaS0mVWb6qa25ZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 26 Nov 2023 10:13:42 GMT
content-security-policy: script-src 'report-sample' 'nonce-C5jk0KQfaS0mVWb6qa25ZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.healthsneak.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWrg1XyYanNzpN0zxADHz3DZJjBbYyNMyRcxXOPuy788-ILfRpq6CFSb1-4VCBx96TxEoEuwssXQPL0vr8bcGkDV7ERuxNcHvDYDPHuBtvJQa-a1EKwoOE1rfbNDgr4qFr3MYm8Cg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 32ms
32ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWrg1XyYanNzpN0zxADHz3DZJjBbYyNMyRcxXOPuy788-ILfRpq6CFSb1-4VCBx96TxEoEuwssXQPL0vr8bcGkDV7ERuxNcHvDYDPHuBtvJQa-a1EKwoOE1rfbNDgr4qFr3MYm8Cg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-rBwaPghwm-sFfLhQdLumgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 26 Nov 2023 10:13:42 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-rBwaPghwm-sFfLhQdLumgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.healthsneak.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxWsvCzHHj4TZN7DTSnfKIl-Fwuv3xujfvwLjWBsNFQxI-8VbZaHbsRZsMMJXkyRM7vR23a2dSFityjL6mewU_uC1-CiKRTM4M30TDWhP6afpK9F4SWnWMLSDZCMLDWlyqoX3JVO6w== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 51ms
51ms Script
application/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWsvCzHHj4TZN7DTSnfKIl-Fwuv3xujfvwLjWBsNFQxI-8VbZaHbsRZsMMJXkyRM7vR23a2dSFityjL6mewU_uC1-CiKRTM4M30TDWhP6afpK9F4SWnWMLSDZCMLDWlyqoX3JVO6w==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAwOTkzNjIyLDcxNjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93d3cuaGVhbHRoc25lYWsuY29tL3RyaWJlZG9jZS8iLG51bGwsW1s4LCJOdHM1THZZSW9iayJdLFs5LCJkZSJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ea527bfec7fcb1bbb443d2c310cb2e56451e09fe6bef9d32eb04c32851998b96

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FMevudUxjfj5ewzktcblPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.healthsneak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 10:13:42 GMT
content-security-policy: script-src 'report-sample' 'nonce-FMevudUxjfj5ewzktcblPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVTWpghQrpy2nF4mqWiBS5EK_FsauaDstBW_cMKlELl8XJjYTuNXceGvQfVFDR9LNeWC0Qp3kzyYFZG8Z2ad0c9C5uvoMXHs1ROAwBem28XKY46cwkBAn9EgvRcLJNg61ghW-WCAg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 35ms
35ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVTWpghQrpy2nF4mqWiBS5EK_FsauaDstBW_cMKlELl8XJjYTuNXceGvQfVFDR9LNeWC0Qp3kzyYFZG8Z2ad0c9C5uvoMXHs1ROAwBem28XKY46cwkBAn9EgvRcLJNg61ghW-WCAg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Kxcn3uClJfwjFNyDTUAeTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 26 Nov 2023 10:13:42 GMT
content-security-policy: script-src 'report-sample' 'nonce-Kxcn3uClJfwjFNyDTUAeTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.healthsneak.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWrg1XyYanNzpN0zxADHz3DZJjBbYyNMyRcxXOPuy788-ILfRpq6CFSb1-4VCBx96TxEoEuwssXQPL0vr8bcGkDV7ERuxNcHvDYDPHuBtvJQa-a1EKwoOE1rfbNDgr4qFr3MYm8Cg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 35ms
34ms XHR
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWrg1XyYanNzpN0zxADHz3DZJjBbYyNMyRcxXOPuy788-ILfRpq6CFSb1-4VCBx96TxEoEuwssXQPL0vr8bcGkDV7ERuxNcHvDYDPHuBtvJQa-a1EKwoOE1rfbNDgr4qFr3MYm8Cg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-M0wDjuJVgBhwkGTUI3TC5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.healthsneak.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 26 Nov 2023 10:13:42 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-M0wDjuJVgBhwkGTUI3TC5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.healthsneak.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIiPqohLfhggMVEkMdCR0bXAxHEAAYACDUhu1fOhoIyebotQMQ4_qm0KQEGMXn-eEDIOvF3YeAEkITCOnziIS34YIDFVqf_QcdU08K1g;dc_rmcid=CAQSTwDICaaNpipWBVF29PajmrgbRbuxnvuTIzB9s9R1uKOjodVL_UB6AgjhfPQt3Q2ZtzyMmJD7OvvEFelx602B7Nn9mkC0v9Vy6KuEh2b-0WgYAQ;eps=CIBhEAEYHzICigI6AoBASL39wTo;met=1;acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,174,273,647%26tos%3D1371,0,0,0,0%26mtos%3D1371,1371,1371,1371,1371%26amtos%3D0,0,0,0,0%26mcvt%3D1371%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D1532%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D41%26pst%3D200%26dur%3D6016%26vmtime%3D1533%26dvs%3D1371%26dfvs%3D1371%26dvpt%3D1532%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26ic%3D256%26cs%3D33554706%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D1371,1371,1371,1371,1371%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D157954493%26psm%3D3%26psv%3D2%26psfv%3D2%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,1371;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.06%26t%3D1700993621200;ecn1=1;etm1=0;eid1=960584;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5419 42 B
64 B 60ms
60ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CdaSiVBpjZen5F9q-9u8P056psA3kmNG3dOvF3YeAEvAuEAEg1vaenwFg9YWAgPwDyAEFqQJONYqLVgCzPqgDAcgDmwSqBLoCT9CU7fFuxkVLw0s3HsF7vbYo_P_xmOotb5Z0TZLyloiy7Gca0-RZ1WktZavS53VeH9KHlJ9Met_k4zSEQIyLsSHbm_D_FuaGH0VVMArm3vkNPQ2MMHqrbXfCnHCKb4Y3VK7aTMxRPWjW5lD_uzMAbk_uFG_UY1I0g-Ur2JiM07jDWiNVFrDyiNfsrebbTPdxQfdKGYsI1TxRFANb_q3hub3Q1jj_zi9oN0qLlXRzjj5LOdyPVj7GvyULOWXVJnimD1x2nkwekV9Jk7C6gvSmKpj1Y6L69KBJ3KHfnZ0fuUOofK_EtguqzCHMEOxpMzBhg0wpyBbb27gxofrapvE-8jug9IHhUbz884Q4KK5bhfwKsDbXZcBsgofw4ZVU4onfDxehDDHvMb5xeoqYumCo1jih6l55J_ClTTHABOP6ptCkBOAEA4gF5OmoyUmQBgGgBk6AB7yr068DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB8yAooCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CQ0iwE72oiRXIE8Xn-eED2BMKiBQF2BQB0BUB-BYBgBcB6BcF&sigh=hiFPgi7sIP8&label=videoplaytime25&ad_mt=1534&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,174,273,647%26tos%3D1371,0,0,0,0%26mtos%3D1371,1371,1371,1371,1371%26amtos%3D0,0,0,0,0%26mcvt%3D1371%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D1532%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D41%26pst%3D200%26dur%3D6016%26vmtime%3D1533%26dvs%3D1371%26dfvs%3D1371%26dvpt%3D1532%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26ic%3D256%26cs%3D33554706%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D1371,1371,1371,1371,1371%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D157954493%26psm%3D3%26psv%3D2%26psfv%3D2%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,1371&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.06%26t%3D1700993621200

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=4033564846&adf=1850635622&pi=t.ma~as.6586726127&w=820&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=820x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620192&bpp=1&bdt=396&idt=177&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=85&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame C175 42 B
64 B 58ms
58ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsstPS4uaRLHDFaK1i1PYE8-nWFfPgeFvQa8nTdEmf3-FzFCa8S88kyEnroOzZUDC3wO0zUv6X8Mx4bVRL1INfYNjzJwte5zttL72l42r6cqNyteAzZ86shrXkXov4d2&sai=AMfl-YQirOSJYl46_ToyUzB-HKWRgGVjrXdUL9CaQbOelDRbVniA2udQK4t4gtoxntJxfIHGa57Du4pTkQMQJJZUaSa_IwOv98niBqsI6PPep5a2joOcm_AQm7GNAPStP0eB01OSiwTnZnOaB2K3zBXj&sig=Cg0ArKJSzDeoHHcDjfBdEAE&cid=CAQSTgDICaaNBhTUWL3zkudtw13lziXCfn9bpmbRATT1NAF-q0rQSEQl1q3rJm_xPrZqkkhd7NDAFGTJEzXauClf2ZE7lp3dyTBVttXiN17RpBgB&id=lidarv&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,123,273,596%26tos%3D2001,0,0,0,0%26mtos%3D2001,2001,2001,2001,2001%26amtos%3D0,0,0,0,0%26mcvt%3D2001%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2162%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D42%26pst%3D201%26dur%3D15018%26vmtime%3D2167%26dtos%3D2001%26dtoss%3D1%26dvs%3D2001%26dfvs%3D2001%26dvpt%3D2162%26is%3D33554707%26i0%3D33554450%26ic%3D16777473%26cs%3D50331923%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D469724465%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2001&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.06%26t%3D1700993621191

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 5419 42 B
64 B 58ms
58ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvMvoOYs9mMM9ioXqbiXAkcJ_Ula2WgVU30pxJ8_y8z4fezUvRiy5JHKMqGqsTbUdkLt1vCZL5gk1AaPn1zuPk4KUMgdMoeGyP23Jdj2wcqWIMeho5IeW_wOVBlCojE&sai=AMfl-YTQW71e7-z4-jAetuN1fY07iTX8oibcIQGDxtHPZPWh4wEMRwt54pNBSCai_TvH6Mq43Ndtts-meqQ4so0kEvXA5fYqfGtknPmQkRWjt0A_7LvuhygVAMgziC0auStRlwVJunz_kTc2ns9fTkPoGg&sig=Cg0ArKJSzPO12L4juSbSEAE&cid=CAQSTwDICaaNpipWBVF29PajmrgbRbuxnvuTIzB9s9R1uKOjodVL_UB6AgjhfPQt3Q2ZtzyMmJD7OvvEFelx602B7Nn9mkC0v9Vy6KuEh2b-0WgYAQ&id=lidarv&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,174,273,647%26tos%3D2172,0,0,0,0%26mtos%3D2172,2172,2172,2172,2172%26amtos%3D0,0,0,0,0%26mcvt%3D2172%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2333%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D42%26pst%3D200%26dur%3D6016%26vmtime%3D2335%26dtos%3D2172%26dtoss%3D1%26dvs%3D801%26dfvs%3D801%26dvpt%3D801%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26ic%3D16777217%26cs%3D50331923%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D157954493%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2172&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.06%26t%3D1700993621200

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_oe=ChMIiPqohLfhggMVEkMdCR0bXAxHEAAYACDUhu1fOhoIyebotQMQ4_qm0KQEGMXn-eEDIOvF3YeAEkITCOnziIS34YIDFVqf_QcdU08K1g;dc_rmcid=CAQSTwDICaaNpipWBVF29PajmrgbRbuxnvuTIzB9s9R1uKOjodVL_UB6AgjhfPQt3Q2ZtzyMmJD...
ade.googlesyndication.com/ddm/activity/ Frame 5419 42 B
63 B 59ms
59ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIiPqohLfhggMVEkMdCR0bXAxHEAAYACDUhu1fOhoIyebotQMQ4_qm0KQEGMXn-eEDIOvF3YeAEkITCOnziIS34YIDFVqf_QcdU08K1g;dc_rmcid=CAQSTwDICaaNpipWBVF29PajmrgbRbuxnvuTIzB9s9R1uKOjodVL_UB6AgjhfPQt3Q2ZtzyMmJD7OvvEFelx602B7Nn9mkC0v9Vy6KuEh2b-0WgYAQ;eps=CIBhEAEYHzICigI6AoBASL39wTo;met=1;acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D2%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,174,273,647%26tos%3D2963,0,0,0,0%26mtos%3D2963,2963,2963,2963,2963%26amtos%3D0,0,0,0,0%26mcvt%3D2963%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D3124%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D43%26pst%3D200%26dur%3D6016%26vmtime%3D3127%26dtos%3D791%26dtoss%3D2%26dvs%3D791%26dfvs%3D791%26dvpt%3D791%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26i2%3D33554707%26ic%3D512%26cs%3D50332435%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D1592,1592,1592,1592,1592%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D157954493%26psm%3D15%26psv%3D14%26psfv%3D14%26psa%3D0%26pngs%3D9s,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2963;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.06%26t%3D1700993621200;ecn1=1;etm1=0;eid1=18;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/interaction/ Frame 5419 42 B
64 B 60ms
60ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/interaction/?ai=CdaSiVBpjZen5F9q-9u8P056psA3kmNG3dOvF3YeAEvAuEAEg1vaenwFg9YWAgPwDyAEFqQJONYqLVgCzPqgDAcgDmwSqBLoCT9CU7fFuxkVLw0s3HsF7vbYo_P_xmOotb5Z0TZLyloiy7Gca0-RZ1WktZavS53VeH9KHlJ9Met_k4zSEQIyLsSHbm_D_FuaGH0VVMArm3vkNPQ2MMHqrbXfCnHCKb4Y3VK7aTMxRPWjW5lD_uzMAbk_uFG_UY1I0g-Ur2JiM07jDWiNVFrDyiNfsrebbTPdxQfdKGYsI1TxRFANb_q3hub3Q1jj_zi9oN0qLlXRzjj5LOdyPVj7GvyULOWXVJnimD1x2nkwekV9Jk7C6gvSmKpj1Y6L69KBJ3KHfnZ0fuUOofK_EtguqzCHMEOxpMzBhg0wpyBbb27gxofrapvE-8jug9IHhUbz884Q4KK5bhfwKsDbXZcBsgofw4ZVU4onfDxehDDHvMb5xeoqYumCo1jih6l55J_ClTTHABOP6ptCkBOAEA4gF5OmoyUmQBgGgBk6AB7yr068DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiAYRABGB8yAooCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CQ0iwE72oiRXIE8Xn-eED2BMKiBQF2BQB0BUB-BYBgBcB6BcF&sigh=hiFPgi7sIP8&label=videoplaytime50&ad_mt=3128&acvw=sv%3D959%26v%3D20231113%26cb%3Dout%26e%3D2%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D7,174,273,647%26tos%3D2963,0,0,0,0%26mtos%3D2963,2963,2963,2963,2963%26amtos%3D0,0,0,0,0%26mcvt%3D2963%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D3124%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D43%26pst%3D200%26dur%3D6016%26vmtime%3D3127%26dtos%3D791%26dtoss%3D2%26dvs%3D791%26dfvs%3D791%26dvpt%3D791%26is%3D33554707%26i0%3D33554450%26i1%3D33554707%26i2%3D33554707%26ic%3D512%26cs%3D50332435%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D1592,1592,1592,1592,1592%26qnc%3D1%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%3D200104%26avms%3Dnio%26qi%3D157954493%26psm%3D15%26psv%3D14%26psfv%3D14%26psa%3D0%26pngs%3D9s,14,200104c,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1,fmd%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,2963&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.06%26t%3D1700993621200

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3509641213902901&output=html&h=280&slotname=6586726127&adk=4033564846&adf=1850635622&pi=t.ma~as.6586726127&w=820&fwrn=4&fwrnh=100&lmt=1700942421&rafmt=1&format=820x280&url=https%3A%2F%2Fwww.healthsneak.com%2Ftribedoce%2F&ea=0&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700993620192&bpp=1&bdt=396&idt=177&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4537793148989&frm=20&pv=1&ga_vid=1935827556.1700993620&ga_sid=1700993620&ga_hid=849416990&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=85&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31078301%2C31079757%2C44807763%2C44808149%2C44808284%2C44809056&oid=2&pvsid=2385063870962070&tmod=625844017&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 26 Nov 2023 10:13:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.healthsneak.com/	1970-01-21 01:51:29	Name: __gads Value: ID=5ae93ff77dd8152f:T=1700993620:RT=1700993620:S=ALNI_MZBBRHLihnbqGj0pJ-n0hS0W_QlFg
.healthsneak.com/	1970-01-21 01:51:29	Name: __gpi Value: UID=00000cdc941f7474:T=1700993620:RT=1700993620:S=ALNI_MbJb04tj770IfT1qEpNNQgE1A4QwA
.doubleclick.net/	1970-01-21 02:05:53	Name: IDE Value: AHWqTUlgd8aCVyNS4KJ9UA_EQhhuLoTFJsRh4nu5Teg33G1vBGXkY-EeNf9bi2JFxZU
.healthsneak.com/	1970-01-21 01:15:29	Name: FCNEC Value: %5B%5B%22AKsRol8rXjNKXHbwmjRkHA_y7TxQaMMFNM0_6IOcp3XYNuamW9bsv8QYj1N27hhaKA0kt4ehxz7hmCgn4Jz9DL_osxK_aShHLVvdkAEPir8RgpU7qFSq1rEyxf6t17UzQ7wGDfu6HdduSQAhMm2zyFkOdre6lHvMwA%3D%3D%22%5D%2Cnull%2C%5B%5D%5D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ade.googlesyndication.com
bid.g.doubleclick.net
cm.g.doubleclick.net
csi.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
imasdk.googleapis.com
pagead2.googlesyndication.com
r4---sn-1gieen7e.c.2mdn.net
r5---sn-1gieen7e.c.2mdn.net
tpc.googlesyndication.com
www.google.com
www.healthsneak.com
142.250.181.226
142.250.185.162
142.250.186.34
142.251.168.156
2a00:1450:4001:802::2001
2a00:1450:4001:806::2002
2a00:1450:4001:806::2003
2a00:1450:4001:827::200e
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:830::200a
2a00:1450:4001:830::200e
2a00:1450:4002:410::2003
2a00:1450:400a:8::9
2a00:1450:400a:8::a
2a02:4780:1:790:0:2e47:43e3:2
0468af8d74ba377eec707308168b6bfcd146fe0a2669a11a9af0128ad85b3bc2
0806ff4935144c0e146860185404e24577e79c60a063bc5b33b493fb14c2d941
083d9070df2776c0abbf15d0b3fe68184e3c4671f0928f03af6822b6cee2f92d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fa67c31f3a1e99abf9c9bf772f3826245448d157ee8e9c5b849e350b03644b5
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
20c497e465f1d7e6238b08b59e56d8d27c78b3617abeb358debce227a30a005b
28c5732eefa979245ff326045f37b6b7cdfc92385c594caea33e265e4a066c7b
29c99771c81466150d55d307a9b0e12cfdab8240a9c65a80b764c1d58965406f
2d1d04274baf9043a591a2c49a1baf9759bbe4179c6b284cd8bb45e0e0531973
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
39ad9a054662965f4a2dc4a0dae920718de6fb2bef9f31185c3bacd9685cfc82
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
635fd4ad7f24901bbaac70cb2fd9547edee1faa0272820079e25e14d0cf38a73
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
6f00386ae8e3dc2cf7f1dea9548b1a352f5012d25ccb28e7407c84e30ef07baf
7056ee35245d2a45248788af5dfa633c9bd2245f8d94a2208742bafba791ba23
70aa563b12de7a32bd4fa3d7348a13750dee2da317e331801f91e2662cee1ac6
71020a2f49cbea5130b56528debae2c254bb4ebf4013f9593b042418adc4a244
723597ec6e9461e79c420faf0454170cf6f9243246a4fac3cef5f05a4b5be791
7c8eb7fd8354e29e58e77290872b6e05a65404a4d16fe26996b72b6f2f606281
7f039008d170bf51251369c67509ecf6a28d810a24af777b603ea05d76cfa736
84c8ffc4490640354db630c982486ef8b2643c3743cddbb7de21835945e48e0e
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
9440ca70e7656abdbc7506ce98912a2cca997f645c315ea97bc88500887bfc1f
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
a618f954ca5935f3c0ade0622be52c653601b57084f060e4e52a6cd002be83ae
a6b8e1121c3e7cfc41bcc347d569dcd94b5ba3342ed5adbe244b2d1989f56be6
b8515cf419a56e3005519abfcbc9099c620d817433a205f6333c3f9dcae6a041
ba93bbf9e83e16761b4ee7238e4915c98215f8b0c777ad9cd45a5ef31a75cc23
bb2d650cbfbe2ccbc6ec9f337d51acb0e6c0bafad5f19ce434c8b586932eb9ab
c56f2c7fe40d7053055c8e4492d187a078e70e95357add4e4111c44c48bd26dc
cffec342643f47dddcde6bd4ff467d22e46ef29d474745daa67bc268a819fd61
d5ae23d948b0e852242ea58f57e56baf23152b95aaf29a140a596b4d2355e43c
da36b1d37d4c2d313937fb1f970edeaa046d339979656c92db8705e8b254b37f
da376d7ffa34c9f353a777a4aee93014a17cf3fd04cf4b9071d5fb72d37ce05a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7685463cca923a5698128c66e1263020c56d259935e0d7577aaa92f857a61fc
ea527bfec7fcb1bbb443d2c310cb2e56451e09fe6bef9d32eb04c32851998b96
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa8892eb258552c4944dd13e9b5287817b5e228c487b8a3de64270cf59532bc
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f663ad02d6da194e710652896c7e85553fcd619d8bf71f2656778f4bcfacf902
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

www.healthsneak.com Open in urlscan Pro 2a02:4780:1:790:0:2e47:43e3:2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

106 Requests

96 %HTTPS

76 %IPv6

7 Domains

17 Subdomains

17 IPs

4 Countries

7013 kBTransfer

8795 kBSize

4 Cookies

2 Outgoing links

Redirected requests

106 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.healthsneak.com Open in urlscan Pro
2a02:4780:1:790:0:2e47:43e3:2 Public Scan

Screenshot
Live screenshot

Full Image

106
Requests

96 %
HTTPS

76 %
IPv6

7
Domains

17
Subdomains

17
IPs

4
Countries

7013 kB
Transfer

8795 kB
Size

4
Cookies

106 HTTP transactions
2 data transactions