fdid-widgetflow.fifa.org Open in urlscan Pro
152.199.5.156 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://fdid-widgetflow.fifa.org/
Submission: On December 30 via api (December 30th 2024, 4:04:25 pm UTC) from US — Scanned from US

Summary HTTP 30 Redirects Links 29 Behaviour Indicators

Summary

This website contacted 9 IPs in 1 countries across 5 domains to perform 30 HTTP transactions. The main IP is 152.199.5.156, located in United States and belongs to EDGECAST, US. The main domain is fdid-widgetflow.fifa.org.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on February 5th 2024. Valid for: a year.

This is the only time fdid-widgetflow.fifa.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	152.199.5.156 152.199.5.156	15133 (EDGECAST) (EDGECAST)
7	152.195.19.93 152.195.19.93	15133 (EDGECAST) (EDGECAST)
1	2600:9000:244... 2600:9000:244d:5600:9:4a83:f500:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:27c... 2600:9000:27ce:6400:5:3f58:5c80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:24f... 2600:9000:24f4:7e00:11:c1cc:72c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:28a... 2600:9000:28ac:7000:16:48a7:1a80:93a1	16509 (AMAZON-02) (AMAZON-02)
4	151.101.194.217 151.101.194.217	54113 (FASTLY) (FASTLY)
4	3.88.238.34 3.88.238.34	14618 (AMAZON-AES) (AMAZON-AES)
2	15.197.213.252 15.197.213.252	16509 (AMAZON-02) (AMAZON-02)
30	9

7 152.199.5.156 (United States)

ASN15133 (EDGECAST, US)

fdid-widgetflow.fifa.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 152.195.19.93 (United States)

ASN15133 (EDGECAST, US)

www.fifa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:244d:5600:9:4a83:f500:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.pingone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:27ce:6400:5:3f58:5c80:93a1 (United States)

ASN16509 (AMAZON-02, US)

orchestrate-api.pingone.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:24f4:7e00:11:c1cc:72c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

digitalhub.fifa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:28ac:7000:16:48a7:1a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

auth.pingone.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.194.217 (San Francisco, United States)

ASN54113 (FASTLY, US)

app.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.88.238.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-88-238-34.compute-1.amazonaws.com

events.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.213.252 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa1ba9bef7b18c265.awsglobalaccelerator.com

clientstream.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	launchdarkly.com app.launchdarkly.com — Cisco Umbrella Rank: 696 events.launchdarkly.com — Cisco Umbrella Rank: 877 clientstream.launchdarkly.com — Cisco Umbrella Rank: 939	22 KB
8	fifa.com www.fifa.com — Cisco Umbrella Rank: 189574 digitalhub.fifa.com — Cisco Umbrella Rank: 195932	656 KB
7	fifa.org fdid-widgetflow.fifa.org	333 KB
4	pingone.eu orchestrate-api.pingone.eu auth.pingone.eu	5 KB
1	pingone.com assets.pingone.com — Cisco Umbrella Rank: 39914	1 MB
30	5

	Domain	Requested by
7	www.fifa.com	fdid-widgetflow.fifa.org
7	fdid-widgetflow.fifa.org	fdid-widgetflow.fifa.org
4	events.launchdarkly.com	assets.pingone.com
4	app.launchdarkly.com	assets.pingone.com
2	clientstream.launchdarkly.com
2	auth.pingone.eu	assets.pingone.com
2	orchestrate-api.pingone.eu	fdid-widgetflow.fifa.org
1	digitalhub.fifa.com
1	assets.pingone.com	fdid-widgetflow.fifa.org
30	9

This site contains links to these domains. Also see Links.

Domain
www.fifa.com
www.plus.fifa.com
store.fifa.com
collect.fifa.com
inside.fifa.com
play.fifa.com
www.roblox.com

Subject Issuer	Validity	Valid
*.fifa.org DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-05` - `2025-03-07`	a year	crt.sh
fifa.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-11-22` - `2025-04-19`	5 months	crt.sh
*.pingone.com Amazon RSA 2048 M03	`2024-03-05` - `2025-04-02`	a year	crt.sh
digitalhub.fifa.com Amazon RSA 2048 M02	`2024-07-08` - `2025-08-05`	a year	crt.sh
app.launchdarkly.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-04-04` - `2025-05-06`	a year	crt.sh
events.launchdarkly.com Amazon ECDSA 256 M03	`2024-07-16` - `2025-08-14`	a year	crt.sh
clientstream.launchdarkly.com Amazon RSA 2048 M03	`2024-07-16` - `2025-08-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://fdid-widgetflow.fifa.org/
Frame ID: 28F7F87B189B0785269EF8D30BFAC54F
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

30
Requests

100 %
HTTPS

44 %
IPv6

5
Domains

9
Subdomains

9
IPs

1
Countries

2425 kB
Transfer

7937 kB
Size

0
Cookies

29 Outgoing links

These are links going to different origins than the main page.

URL: https://www.fifa.com/en/tickets
Title: TICKETS & HOSPITALITY

Search URL Search Domain Scan URL

URL: https://www.plus.fifa.com/?intcmp=%28p_fifacom%29_%28d_plusfifa%29_%28c_webuniversal-main%29_%28sc_home%29_%28ssc_%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: FIFA+

Search URL Search Domain Scan URL

URL: https://store.fifa.com/?intcmp=%28p_fifacom%29_%28d_fifastore%29_%28c_webuniversal-main%29_%28sc_fifastore%29_%28ssc_%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: FIFA STORE

Search URL Search Domain Scan URL

URL: https://collect.fifa.com/?intcmp=%28p_fifacom%29_%28d_fifacollect%29_%28c_webuniversal-main%29_%28sc_fifacollect%29_%28ssc_%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: FIFA COLLECT

Search URL Search Domain Scan URL

URL: https://inside.fifa.com/en/?intcmp=%28p_fifacom%29_%28d_insidefifa%29_%28c_webuniversal-main%29_%28sc_insidefifa%29_%28ssc_%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: INSIDE FIFA

Search URL Search Domain Scan URL

URL: https://www.plus.fifa.com/?intcmp=%28p_fifacom%29_%28d_plusfifa%29_%28c_webheader-main%29_%28sc_watch%29_%28ssc_plusfifa%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: HOME

Search URL Search Domain Scan URL

URL: https://www.plus.fifa.com/showcase/fceffc49-6bb9-4c7e-99dc-a032f2797aa5?intcmp=%28p_fifacom%29_%28d_plusfifa%29_%28c_webheader-main%29_%28sc_watch%29_%28ssc_livestreaming%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: FIFA WORLD CUP 26™ QUALIFIERS

Search URL Search Domain Scan URL

URL: https://www.plus.fifa.com/en/showcase/efee4958-f2c2-49c1-9007-db6d4090553b?intcmp=%28p_fifacom%29_%28d_plusfifa%29_%28c_webheader-main%29_%28sc_watch%29_%28ssc_livestreaming%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: LIVE

Search URL Search Domain Scan URL

URL: https://www.plus.fifa.com/en/showcase/0be93f07-bec3-4924-844a-7a1979750bd8?intcmp=%28p_fifacom%29_%28d_plusfifa%29_%28c_webheader-main%29_%28sc_watch%29_%28ssc_originals%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: ORIGINALS

Search URL Search Domain Scan URL

URL: https://www.plus.fifa.com/en/showcase/bcc8b05a-2210-4e1f-9d45-edc927c90987?intcmp=%28p_fifacom%29_%28d_plusfifa%29_%28c_webheader-main%29_%28sc_watch%29_%28ssc_archive%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: ARCHIVE

Search URL Search Domain Scan URL

URL: https://play.fifa.com/?intcmp=%28p_fifacom%29_%28d_playzone%29_%28c_webheader-main%29_%28sc_play%29_%28ssc_playzone%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: PLAY ZONE

Search URL Search Domain Scan URL

URL: https://play.fifa.com/fives/?intcmp=%28p_fifacom%29_%28d_playzone%29_%28c_webheader-main%29_%28sc_play%29_%28ssc_fives%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: FIVES

Search URL Search Domain Scan URL

URL: https://play.fifa.com/goalscorer/?intcmp=%28p_fifacom%29_%28d_playzone%29_%28c_webheader-main%29_%28sc_play%29_%28ssc_globalgoalscorer%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: GLOBAL GOALSCORER

Search URL Search Domain Scan URL

URL: https://play.fifa.com/whoami/?intcmp=%28p_fifacom%29_%28d_playzone%29_%28c_webheader-main%29_%28sc_play%29_%28ssc_whoami%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: WHO AM I?

Search URL Search Domain Scan URL

URL: https://play.fifa.com/trivia?intcmp=%28p_fifacom%29_%28d_playzone%29_%28c_webheader-main%29_%28sc_play%29_%28ssc_trivia%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: TRIVIA

Search URL Search Domain Scan URL

URL: https://www.roblox.com/games/9486506804/FIFA-WORLD?intcmp=%28p_fifacom%29_%28d_roblox%29_%28c_webheader-main%29_%28sc_play%29_%28ssc_roblox%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: ROBLOX FIFA WORLD

Search URL Search Domain Scan URL

URL: https://play.fifa.com/other-games/?intcmp=%28p_fifacom%29_%28d_playzone%29_%28c_webheader-main%29_%28sc_play%29_%28ssc_more%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: MORE GAMES

Search URL Search Domain Scan URL

URL: https://store.fifa.com/?intcmp=%28p_fifacom%29_%28d_fifastore%29_%28c_webheader-main%29_%28sc_shop%29_%28ssc_fifastore%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: FIFA STORE

Search URL Search Domain Scan URL

URL: https://collect.fifa.com/?intcmp=%28p_fifacom%29_%28d_fifacollect%29_%28c_webheader-main%29_%28sc_shop%29_%28ssc_fifacollect%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: FIFA COLLECT

Search URL Search Domain Scan URL

URL: https://inside.fifa.com/en/?intcmp=%28p_fifacom%29_%28d_insidefifa%29_%28c_webheader-main%29_%28sc_insidefifa%29_%28ssc_overview%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: OVERVIEW

Search URL Search Domain Scan URL

URL: https://inside.fifa.com/about-fifa?intcmp=%28p_fifacom%29_%28d_insidefifa%29_%28c_webheader-main%29_%28sc_insidefifa%29_%28ssc_about%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: ABOUT FIFA

Search URL Search Domain Scan URL

URL: https://inside.fifa.com/womens-football?intcmp=%28p_fifacom%29_%28d_insidefifa%29_%28c_webheader-main%29_%28sc_insidefifa%29_%28ssc_womensfootball%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: WOMEN'S FOOTBALL

Search URL Search Domain Scan URL

URL: https://inside.fifa.com/social-impact?intcmp=%28p_fifacom%29_%28d_insidefifa%29_%28c_webheader-main%29_%28sc_insidefifa%29_%28ssc_socialimpact%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: SOCIAL IMPACT

Search URL Search Domain Scan URL

URL: https://inside.fifa.com/football-development?intcmp=%28p_fifacom%29_%28d_insidefifa%29_%28c_webheader-main%29_%28sc_insidefifa%29_%28ssc_footballdevelopment%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: FOOTBALL DEVELOPMENT

Search URL Search Domain Scan URL

URL: https://inside.fifa.com/technical?intcmp=%28p_fifacom%29_%28d_insidefifa%29_%28c_webheader-main%29_%28sc_insidefifa%29_%28ssc_technical%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: TECHNICAL

Search URL Search Domain Scan URL

URL: https://inside.fifa.com/legal?intcmp=%28p_fifacom%29_%28d_insidefifa%29_%28c_webheader-main%29_%28sc_insidefifa%29_%28ssc_legal%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: LEGAL

Search URL Search Domain Scan URL

URL: https://inside.fifa.com/en/fifa-rankings?intcmp=%28p_fifacom%29_%28d_insidefifa%29_%28c_webheader-main%29_%28sc_insidefifa%29_%28ssc_worldranking%29_%28sssc_%29_%28l_en%29_%28da_27112023%29
Title: FIFA RANKINGS

Search URL Search Domain Scan URL

URL: https://www.fifa.com/fifaplus/home?intcmp=(p_fifaplus)_(d_)_(c_webbottom-fwwc2023)_(sc_home)_(ssc_)_(da_07072023)_(l_en)
Title: HOME

Search URL Search Domain Scan URL

URL: https://www.plus.fifa.com/en/
Title: FIFA +

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
fdid-widgetflow.fifa.org/ 59 KB
11 KB 857ms
541ms Document
text/html 152.199.5.156
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fdid-widgetflow.fifa.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.5.156 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / PHP/7.4.30 ASP.NET
Resource Hash: b2e4e87f44ad5fd7a917be38d61c3360dadec446bdac8bce734e80fac27fc86d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-length: 10468
content-type: text/html; charset=utf-8
date: Mon, 30 Dec 2024 16:04:16 GMT
rule: 14.88
server: Microsoft-IIS/10.0
vary: Accept-Encoding
x-powered-by: PHP/7.4.30 ASP.NET

GET
H2 200 noto-sans-700.5f31d84a47d8ffc9c07f.woff2
www.fifa.com/static/media/ 152 KB
156 KB 426ms
177ms Font
font/woff2 152.195.19.93
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/static/media/noto-sans-700.5f31d84a47d8ffc9c07f.woff2

Requested by

Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.19.93 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mid/8755) /

Resource Hash

6a2f4003a98a3d8b367702823291c5e43078623288deff831d9d83c8f2db9b16

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .flourish.studio .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://fdid-widgetflow.fifa.org
Referer: https://fdid-widgetflow.fifa.org/

Response headers

etag: W/"25e10-19327f47340"
age: 4020343
x-content-type-options: nosniff
x-cache: HIT
date: Mon, 30 Dec 2024 16:04:16 GMT
content-type: font/woff2
last-modified: Wed, 13 Nov 2024 23:55:52 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.flourish.studio *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
cache-control: public, max-age=31536000, immutable
cross-origin-resource-policy: same-origin
access-control-allow-credentials: true
referrer-policy: no-referrer
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
accept-ranges: bytes
access-control-allow-origin: *
content-length: 155152
x-xss-protection: 0
server: ECAcc (mid/8755)

GET
H2 200 noto-sans-italic.ac006f14f6d49286b3e8.woff2
www.fifa.com/static/media/ 116 KB
121 KB 377ms
128ms Font
font/woff2 152.195.19.93
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/static/media/noto-sans-italic.ac006f14f6d49286b3e8.woff2

Requested by

Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.19.93 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mid/875F) /

Resource Hash

a954c0a79c10d3b1bc92da8061a74c4bf99ade39a5f0b385de63e14e569a23db

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .flourish.studio .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://fdid-widgetflow.fifa.org
Referer: https://fdid-widgetflow.fifa.org/

Response headers

etag: W/"1d1d8-19327f47340"
age: 4020343
x-content-type-options: nosniff
x-cache: HIT
date: Mon, 30 Dec 2024 16:04:16 GMT
content-type: font/woff2
last-modified: Wed, 13 Nov 2024 23:55:52 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.flourish.studio *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
cache-control: public, max-age=31536000, immutable
cross-origin-resource-policy: same-origin
access-control-allow-credentials: true
referrer-policy: no-referrer
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
accept-ranges: bytes
access-control-allow-origin: *
content-length: 119256
x-xss-protection: 0
server: ECAcc (mid/875F)

GET
H2 200 noto-sans-regular.bfa96228235216443a93.woff2
www.fifa.com/static/media/ 153 KB
158 KB 282ms
33ms Font
font/woff2 152.195.19.93
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/static/media/noto-sans-regular.bfa96228235216443a93.woff2

Requested by

Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.19.93 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mid/878A) /

Resource Hash

16bb3d8fb5c371c9e4fa6b5f313c0a5e2edd911c0ce6d0f9c3cee01e9560a2b3

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .flourish.studio .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://fdid-widgetflow.fifa.org
Referer: https://fdid-widgetflow.fifa.org/

Response headers

etag: W/"264d4-19327f47340"
age: 4020343
x-content-type-options: nosniff
x-cache: HIT
date: Mon, 30 Dec 2024 16:04:16 GMT
content-type: font/woff2
last-modified: Wed, 13 Nov 2024 23:55:52 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.flourish.studio *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
cache-control: public, max-age=31536000, immutable
cross-origin-resource-policy: same-origin
access-control-allow-credentials: true
referrer-policy: no-referrer
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
accept-ranges: bytes
access-control-allow-origin: *
content-length: 156884
x-xss-protection: 0
server: ECAcc (mid/878A)

GET
H2 200 poppins-500.323014b9ce03a905066b.woff2
www.fifa.com/static/media/ 48 KB
52 KB 343ms
95ms Font
font/woff2 152.195.19.93
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/static/media/poppins-500.323014b9ce03a905066b.woff2

Requested by

Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.19.93 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mid/8765) /

Resource Hash

c293b3aeb4898d08cc511c812408a728d6c707c464078342d9af91adcb3adc8a

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .flourish.studio .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://fdid-widgetflow.fifa.org
Referer: https://fdid-widgetflow.fifa.org/

Response headers

etag: W/"bf68-19327f47340"
age: 4020342
x-content-type-options: nosniff
x-cache: HIT
date: Mon, 30 Dec 2024 16:04:16 GMT
content-type: font/woff2
last-modified: Wed, 13 Nov 2024 23:55:52 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.flourish.studio *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
cache-control: public, max-age=31536000, immutable
cross-origin-resource-policy: same-origin
access-control-allow-credentials: true
referrer-policy: no-referrer
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
accept-ranges: bytes
access-control-allow-origin: *
content-length: 49000
x-xss-protection: 0
server: ECAcc (mid/8765)

GET
H2 200 poppins-600.427f703758de281bb306.woff2
www.fifa.com/static/media/ 49 KB
53 KB 347ms
98ms Font
font/woff2 152.195.19.93
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/static/media/poppins-600.427f703758de281bb306.woff2

Requested by

Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.19.93 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mid/878A) /

Resource Hash

f9947515ada0af97c9f138a55bf4b733905d3cd11010e806a501c32d20b18ecb

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .flourish.studio .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://fdid-widgetflow.fifa.org
Referer: https://fdid-widgetflow.fifa.org/

Response headers

etag: W/"c200-19327f47340"
age: 4020342
x-content-type-options: nosniff
x-cache: HIT
date: Mon, 30 Dec 2024 16:04:16 GMT
content-type: font/woff2
last-modified: Wed, 13 Nov 2024 23:55:52 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.flourish.studio *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
cache-control: public, max-age=31536000, immutable
cross-origin-resource-policy: same-origin
access-control-allow-credentials: true
referrer-policy: no-referrer
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
accept-ranges: bytes
access-control-allow-origin: *
content-length: 49664
x-xss-protection: 0
server: ECAcc (mid/878A)

GET
H2 200 poppins-italic.c232e61555ffdea495db.woff2
www.fifa.com/static/media/ 56 KB
60 KB 341ms
93ms Font
font/woff2 152.195.19.93
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/static/media/poppins-italic.c232e61555ffdea495db.woff2

Requested by

Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.19.93 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mid/875B) /

Resource Hash

48eb74a45169ea3d83367b03ba9fcfaa84db06cc587da680c6e9b864a15b4e5b

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .flourish.studio .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://fdid-widgetflow.fifa.org
Referer: https://fdid-widgetflow.fifa.org/

Response headers

etag: W/"de24-19327f47340"
age: 4020343
x-content-type-options: nosniff
x-cache: HIT
date: Mon, 30 Dec 2024 16:04:16 GMT
content-type: font/woff2
last-modified: Wed, 13 Nov 2024 23:55:52 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.flourish.studio *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
cache-control: public, max-age=31536000, immutable
cross-origin-resource-policy: same-origin
access-control-allow-credentials: true
referrer-policy: no-referrer
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56868
x-xss-protection: 0
server: ECAcc (mid/875B)

GET
H2 200 poppins-regular.80ad975e8fb5131f927c.woff2
www.fifa.com/static/media/ 49 KB
53 KB 344ms
96ms Font
font/woff2 152.195.19.93
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fifa.com/static/media/poppins-regular.80ad975e8fb5131f927c.woff2

Requested by

Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.195.19.93 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (mid/8763) /

Resource Hash

bca0cbef4d9a1480419d2e87f92f86f2b04237f91c1a36800ff4929370b931a4

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' .2mdn.net .theoplayer.com .youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com .minute.ly blob: .flourish.studio .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat .google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com .ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: ;media-src 'self' 'unsafe-inline' data: blob: ;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net .cloudfront.net .mycujoo.tv .mcls.live .p5cdn.com .theoplayer.com .youtube.com .uplynk.com .minute.ly .onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net .fifa.com .adnxs.com .crwdcntrl.net .doubleclick.net .doubleclick.com .googleadservices.com .googleapis.com .googlesyndication.com .googletagmanager.com .googletagservices.com .googleanalytics.com .googlevideo.com .tpcsyndication.com .nice264.com .npaw.com .tealiumiq.com .tiqcdn.cn .tiqcdn.com .youbora.com .youborafds01.com .youboranqs01.com .youboranqs02.com .gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com .conviva.com .instagram.com .tiktok.com .ttwstatic.com .tiktokcdn.com .tiktokcdn-us.com .2mdn.net api.pingone.eu walls.io .minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' .fifa.com .doubleclick.net .googlesyndication.com .googleapis.com .theoplayer.com .walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://fdid-widgetflow.fifa.org
Referer: https://fdid-widgetflow.fifa.org/

Response headers

etag: W/"c230-19327f47340"
age: 4020344
x-content-type-options: nosniff
x-cache: HIT
date: Mon, 30 Dec 2024 16:04:16 GMT
content-type: font/woff2
last-modified: Wed, 13 Nov 2024 23:55:52 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.flourish.studio *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io *.flourish.studio https://flo.uri.sh/ https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-dev-app.azurewebsites.net https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests
cache-control: public, max-age=31536000, immutable
cross-origin-resource-policy: same-origin
access-control-allow-credentials: true
referrer-policy: no-referrer
request-context: appId=cid-v1:3c8c7fd6-ce5c-46d2-8055-0a053f49c436
accept-ranges: bytes
access-control-allow-origin: *
content-length: 49712
x-xss-protection: 0
server: ECAcc (mid/8763)

GET
H2 200 index.css
fdid-widgetflow.fifa.org/ 1 MB
278 KB 1374ms
1372ms Stylesheet
text/css 152.199.5.156
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fdid-widgetflow.fifa.org/index.css
Requested by: Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.5.156 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b13c052dadb3aee66de51533acde68757d3d731147ba284c404bec20f6a84613

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://fdid-widgetflow.fifa.org/

Response headers

rule: 14.88
x-powered-by: ASP.NET
content-encoding: gzip
etag: "04a486e872cdb1:0"
accept-ranges: bytes
date: Mon, 30 Dec 2024 16:04:17 GMT
content-type: text/css
last-modified: Fri, 01 Nov 2024 17:56:52 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding

GET
H2 200 index1.css
fdid-widgetflow.fifa.org/ 13 KB
3 KB 1263ms
1261ms Stylesheet
text/css 152.199.5.156
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fdid-widgetflow.fifa.org/index1.css
Requested by: Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.5.156 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 53ea61e954e16f2da77e41b7a267240c86e65a20ca26ea42c7c26b97da1cb187

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://fdid-widgetflow.fifa.org/

Response headers

rule: 14.88
x-powered-by: ASP.NET
content-encoding: gzip
etag: "0261721b2ddb1:0"
accept-ranges: bytes
content-length: 2906
date: Mon, 30 Dec 2024 16:04:17 GMT
content-type: text/css
last-modified: Sat, 02 Nov 2024 11:33:16 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding

GET
H2 200 jquery-3.7.1.min.js Show response
fdid-widgetflow.fifa.org/ 85 KB
38 KB 1333ms
1331ms Script
application/x-javascript 152.199.5.156
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fdid-widgetflow.fifa.org/jquery-3.7.1.min.js
Requested by: Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.5.156 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://fdid-widgetflow.fifa.org/

Response headers

rule: 14.88
x-powered-by: ASP.NET
content-encoding: gzip
etag: "06d47ac8b2cdb1:0"
accept-ranges: bytes
content-length: 38982
date: Mon, 30 Dec 2024 16:04:17 GMT
content-type: application/x-javascript
last-modified: Fri, 01 Nov 2024 18:27:14 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding

GET
H2 200 davinci.js Show response
assets.pingone.com/davinci/latest/ 5 MB
1 MB 346ms
99ms Script
application/javascript 2600:9000:244d:5600:9:4a83:f500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.pingone.com/davinci/latest/davinci.js

Requested by

Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:244d:5600:9:4a83:f500:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e93ae49db01b8eb94a334282d7ab495fea3d867adb597db89668c48849d42d20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000, includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://fdid-widgetflow.fifa.org/

Response headers

content-encoding: gzip
x-amz-version-id: O8RnBSquDjYN0kYmhcPlL.ua4Ah7.maW
etag: W/"7ac382aa2c48ffa8fd2acfe55da88fa7"
age: 232
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: k-G5wW8gO6EvF9VPDjWkbreGwDisYIyV2nq1gnyAb_z8oUMvwBjhYw==
date: Mon, 30 Dec 2024 16:01:00 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 17 Dec 2024 16:59:41 GMT
x-amz-id-2: uhW2vPe1OrxIE7zuluvDgTiOm4OjdkQjLZxtZXmWlq2bDDPRMIN1xcL3uqXwbPf4G3zwCLNQ5Ck=
x-frame-options: sameorigin
strict-transport-security: max-age=31536000, includeSubdomains; preload
x-amz-replication-status: COMPLETED
referrer-policy: strict-origin-when-cross-origin
via: 1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
x-amz-request-id: HG294XJBZAQXRW5E
x-xss-protection: 1; mode=block
x-amz-cf-pop: IAD61-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 loadwidget.js Show response
fdid-widgetflow.fifa.org/scripts/ 2 KB
2 KB 1162ms
1162ms Script
application/x-javascript 152.199.5.156
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fdid-widgetflow.fifa.org/scripts/loadwidget.js
Requested by: Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.5.156 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1bcbc361d05fe6f1c1c04657150a75296f4665366e5d8c749883d2d7fd58d618

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://fdid-widgetflow.fifa.org/

Response headers

rule: 14.88
x-powered-by: ASP.NET
content-encoding: gzip
etag: "0f8d12ae82cdb1:0"
accept-ranges: bytes
content-length: 1312
date: Mon, 30 Dec 2024 16:04:18 GMT
content-type: application/x-javascript
last-modified: Sat, 02 Nov 2024 05:29:20 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding

GET
H2 200 index.js Show response
fdid-widgetflow.fifa.org/ 267 B
619 B 487ms
486ms Script
application/x-javascript 152.199.5.156
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fdid-widgetflow.fifa.org/index.js
Requested by: Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.5.156 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 6be16ed1da8c9be9961a94bd3b75429addb178754643bc9b5eb6c3eca3bc8ed9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://fdid-widgetflow.fifa.org/

Response headers

rule: 14.88
x-powered-by: ASP.NET
content-encoding: gzip
etag: "0d42028e32cdb1:0"
accept-ranges: bytes
content-length: 291
date: Mon, 30 Dec 2024 16:04:16 GMT
content-type: application/x-javascript
last-modified: Sat, 02 Nov 2024 04:53:28 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding

GET
H2 200 sdktoken Show response
orchestrate-api.pingone.eu/v1/company/a62b7869-ba3f-4a8b-aed5-836f6ad1e9c7/ 1 KB
2 KB 525ms
525ms Fetch
application/json 2600:9000:27ce:6400:5:3f58:5c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://orchestrate-api.pingone.eu/v1/company/a62b7869-ba3f-4a8b-aed5-836f6ad1e9c7/sdktoken

Requested by

Host: fdid-widgetflow.fifa.org
URL: https://fdid-widgetflow.fifa.org/scripts/loadwidget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:27ce:6400:5:3f58:5c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

264e9cf5c3f8606d28c50d40e79269e182ca940c008a35c34ee7ce348008390b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
x-sk-api-key: 2416e769c9f84bf470b2db49ee692216676c83455b9be02188568063758fb12511263bf16055abfc264015354c35dc7cf49ddface2ee5bf8d90755d55f52aeba075652db807b6d1843bb4eb241581f7780a641d7f550296458628e3c85ee0a7eee3628a1c7d38bc395ea02a662685caa4a6e134094e9161305bf9e2fdd962a71
Referer: https://fdid-widgetflow.fifa.org/

Response headers

x-amzn-remapped-content-length: 1069
content-encoding: gzip
etag: W/"551-pTanKXzTXAjQeniHogJBMH+vNcM"
x-content-type-options: nosniff
x-amzn-requestid: cfdfec15-1c73-4d54-840f-397471d0a7bb
correlation-id: cfdfec15-1c73-4d54-840f-397471d0a7bb
expires: -1
x-cache: Miss from cloudfront
x-amz-cf-id: VJUf66lanGaPsKK5UXAckhOlYOANbCplxom6IpUt7SNH8Qt9BXGabA==
date: Mon, 30 Dec 2024 16:04:20 GMT
content-type: application/json; charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate
x-dns-prefetch-control: off
x-amz-apigw-id: DnOk0FoXjoEELgw=
pragma: no-cache
x-amzn-remapped-date: Mon, 30 Dec 2024 16:04:20 GMT
access-control-allow-credentials: true
via: 1.1 linkerd, 1.1 ec6ab86695d018f9e87cce7df2ae9964.cloudfront.net (CloudFront)
x-download-options: noopen
access-control-allow-origin: *
content-length: 1069
x-xss-protection: 1; mode=block
x-amz-cf-pop: IAD55-P7

GET
H2 200 FIFA_Logo_White_Generic
digitalhub.fifa.com/transform/befe3a64-328b-453c-8b58-0faeb9103684/ 1 KB
2 KB 493ms
58ms Image
image/webp 2600:9000:24f4:7e00:11:c1cc:72c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://digitalhub.fifa.com/transform/befe3a64-328b-453c-8b58-0faeb9103684/FIFA_Logo_White_Generic?&io=transform:fill,height:64&quality=75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f4:7e00:11:c1cc:72c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ee0bac56d02128e91bf420f5f58d2cfc7b1cbd0b2675a80a4d749e09c1482873

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://fdid-widgetflow.fifa.org/

Response headers

age: 5995698
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: jX4wC4dqfBj4q-mlrzytseT3sBXHwySX8Li_xaXHvVf0c3b_aN324Q==
date: Tue, 22 Oct 2024 06:36:02 GMT
content-type: image/webp
content-disposition: inline; filename="FIFA_Logo_White_Generic.webp"; filename*=UTF-8''FIFA_Logo_White_Generic.webp
strict-transport-security: max-age=63072000; includeSubdomains
x-api-correlation-id: ccbf968a-ab92-925f-24c9-70426f76f33c
cache-control: public, max-age=900, s-maxage=15552000
cross-origin-resource-policy: cross-origin
referrer-policy: strict-origin-when-cross-origin
via: 1.1 31f764b3af7bd53499e97e3e9c790b42.cloudfront.net (CloudFront)
permissions-policy: camera=(), geolocation=(), microphone=()
access-control-allow-origin: *
content-length: 1324
x-amz-cf-pop: IAD55-P3
server: nginx

OPTIONS
H2 200 sdktoken
orchestrate-api.pingone.eu/v1/company/a62b7869-ba3f-4a8b-aed5-836f6ad1e9c7/ 0
0 797ms
351ms Preflight
application/json 2600:9000:27ce:6400:5:3f58:5c80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://orchestrate-api.pingone.eu/v1/company/a62b7869-ba3f-4a8b-aed5-836f6ad1e9c7/sdktoken

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:27ce:6400:5:3f58:5c80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-sk-api-key
Access-Control-Request-Method: GET
Origin: https://fdid-widgetflow.fifa.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization,Content-Type,Content-Disposition,Correlation-Id,Referer,X-Amz-Date,X-Amz-Security-Token,X-Api-Key,X-Client-Version,X-Content-Type-Options,X-SK-API-KEY
access-control-allow-methods: GET,OPTIONS,POST
access-control-allow-origin: https://fdid-widgetflow.fifa.org
allow: GET,OPTIONS,POST
content-length: 0
content-type: application/json
correlation-id: de821698-01bb-4405-9df9-5bde62ecce32
date: Mon, 30 Dec 2024 16:04:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ec6ab86695d018f9e87cce7df2ae9964.cloudfront.net (CloudFront)
x-amz-apigw-id: DnOkwGVhDoEECOw=
x-amz-cf-id: PyfO6M37-YyVOHY6jrEsiai_ZjPJ3suj4amMTU1ZmguUTLGFTiZlDg==
x-amz-cf-pop: IAD55-P7
x-amzn-requestid: de821698-01bb-4405-9df9-5bde62ecce32
x-amzn-trace-id: Root=1-6772c484-2a845cad7e1e719a2a7fe481;Parent=24371bac9fc3c8b7;Sampled=0;Lineage=1:2b7be87e:0
x-cache: Miss from cloudfront

GET
H2 404 favicon.ico
fdid-widgetflow.fifa.org/ 103 B
395 B 512ms
511ms Other
text/html 152.199.5.156
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fdid-widgetflow.fifa.org/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.5.156 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://fdid-widgetflow.fifa.org/

Response headers

rule: 14.88
content-length: 103
date: Mon, 30 Dec 2024 16:04:20 GMT
content-type: text/html
x-powered-by: ASP.NET
server: Microsoft-IIS/10.0

POST
H2 200 start Show response
auth.pingone.eu/a62b7869-ba3f-4a8b-aed5-836f6ad1e9c7/davinci/policy/fa8fea3f894419086b11b1d937f17ccd/ 6 KB
3 KB 1796ms
1709ms Fetch
application/json 2600:9000:28ac:7000:16:48a7:1a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.pingone.eu/a62b7869-ba3f-4a8b-aed5-836f6ad1e9c7/davinci/policy/fa8fea3f894419086b11b1d937f17ccd/start

Requested by

Host: assets.pingone.com
URL: https://assets.pingone.com/davinci/latest/davinci.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:28ac:7000:16:48a7:1a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

cc3a2f933562a72ca10ba00561d2c31f5027e08fc5fcfc975a1064c07da37784

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

origin-cookies: %7B%7D
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImdYR0s4Z3JzZlZiajV3WWxBakJQcTU2WjdoaVNVM0RSYjZpN0JNQ1gySkEifQ.eyJzdWIiOiI1ZDg1NjA1MDRiM2JjZDkwNjRmZDQ1ODNjMWFhYjA2MiIsImF1ZCI6IjVkODU2MDUwNGIzYmNkOTA2NGZkNDU4M2MxYWFiMDYyIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLnBpbmdvbmUuZXUvYTYyYjc4NjktYmEzZi00YThiLWFlZDUtODM2ZjZhZDFlOWM3L2RhdmluY2kiLCJ1c2FnZSI6InN0YXJ0QW55Rmxvd09yUG9saWN5Tm9uVXNlckNvbnRleHQiLCJqdGkiOiJkZjM5NjAwOC0zMjNmLTQxMmYtODRhNy04ZDk5ZjMwMTA4MTEiLCJpYXQiOjE3MzU1NzQ2NjAsImV4cCI6MTczNTU3NjQ2MH0.VuRt6L0axNxGSnufuORQn8w9WbBTlvCjIK_qUDLYCo590c9V2e8syjNVz8XRYL5ubvLUYau3VCc4rUWS6lYd0BCBBbODyZk7GJvmF7Gv8qUFAPNlOntx4dT5v5Q9dClPTEdppwFLV7DJqfEpHBcblBPZzTVfxwA8fdSpVaNhlzkPgQJXbjArkfrWLvDCQMu77DjgscZrnOrcisjt6UJfmjFLSvIxmR6jy-MRNgOLv7ng5Wg3Fx8PCnEIZTtSgp8oIvIPEIGvKLCHlAVYhjXA66Kk8LrSGwIAQK2bIQYrs4nT4G_tSGWwYtDTva_aY5Thowx48wXSalQ2PLsIwjTXqzJ6WhauRqZL09lBWEaAVlrH-JCXMCu2nDTnd0Mj5bHrSwckYx6m7AMpzvavlqcLyaOVRmmVpyF0OpdV8L-MwU1YGo0xZaFzeyQC-QryNzmO9yJqWGvZVIvtU_nMvrCCEtTKpWp_eFrI2wvJjOMNEGQEdB60UJv67CR0rbdGF5-Mmb3f6Sx9k9h_J7qQTeibjMB5iEXHy2zoW3BwpuU7G0P6tpD7OL_8lnW4o0PA2BnVnTyo4hHCGID_eKMHjCrkzWeS8HE9zEMB4yvtxnWohc13PzZ6wo8HROFYsFAgmVEs27nBGVj9CjR5rQ63vTp5ftuXLFoY8LK4oorJ9RR9cIs
Referer: https://fdid-widgetflow.fifa.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-amzn-remapped-content-length: 2057
content-encoding: gzip
etag: W/"17e9-Z3elPUoDCjQEbfvJclZZn/hOHqY"
x-content-type-options: nosniff
x-amzn-requestid: 2a2fb322-2f99-4c1f-bd60-306972d40cb9
correlation-id: 2a2fb322-2f99-4c1f-bd60-306972d40cb9
expires: -1
x-cache: Miss from cloudfront
x-amz-cf-id: QjWo3CKmSYgq3VuAUgDaep9M0CRulBqo6PHYfWl9kjkaME0QGQ1W1g==
date: Mon, 30 Dec 2024 16:04:23 GMT
content-type: application/json; charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate
x-dns-prefetch-control: off
x-amz-apigw-id: DnOlAFdGDoEEHPw=
pragma: no-cache
x-amzn-remapped-date: Mon, 30 Dec 2024 16:04:23 GMT
access-control-allow-credentials: true
via: 1.1 linkerd, 1.1 455fa93729c4c4e026284f344dc67c68.cloudfront.net (CloudFront)
x-download-options: noopen
access-control-allow-origin: *
content-length: 2057
x-xss-protection: 1; mode=block
x-amz-cf-pop: IAD12-P5

GET
H2 200 5e73bebabf8f54072b7966d5 Show response
app.launchdarkly.com/sdk/goals/ 2 B
176 B 32ms
32ms XHR
application/json 151.101.194.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/goals/5e73bebabf8f54072b7966d5

Requested by

Host: assets.pingone.com
URL: https://assets.pingone.com/davinci/latest/davinci.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
X-LaunchDarkly-User-Agent: JSClient/2.24.2
Referer: https://fdid-widgetflow.fifa.org/

Response headers

content-md5: d751713988987e9331980363e24189ce
access-control-max-age: 300
content-encoding: gzip
etag: "d751713988987e9331980363e24189ce"
age: 0
access-control-allow-methods: GET, OPTIONS, HEAD
x-cache: HIT
date: Mon, 30 Dec 2024 16:04:21 GMT
content-type: application/json
x-served-by: cache-mia-kmia1760093-MIA
x-cache-hits: 0
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cache-control: max-age=0
x-timer: S1735574661.275340,VS0,VE1
ld-region: us-east-1
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 26

GET
H2 200 eyJrZXkiOiJhNjJiNzg2OS1iYTNmLTRhOGItYWVkNS04MzZmNmFkMWU5YzcifQ Show response
app.launchdarkly.com/sdk/evalx/5e73bebabf8f54072b7966d5/users/ 142 KB
21 KB 216ms
215ms XHR
application/json 151.101.194.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://app.launchdarkly.com/sdk/evalx/5e73bebabf8f54072b7966d5/users/eyJrZXkiOiJhNjJiNzg2OS1iYTNmLTRhOGItYWVkNS04MzZmNmFkMWU5YzcifQ
Requested by: Host: assets.pingone.com
URL: https://assets.pingone.com/davinci/latest/davinci.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 910e2eeccd08db7feadcd82b2f69b61c9a6319190f4a9ae0a5f6a9a62bb43604

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
X-LaunchDarkly-User-Agent: JSClient/2.24.2
Referer: https://fdid-widgetflow.fifa.org/

Response headers

access-control-max-age: 3600
content-encoding: gzip
etag: "226798dbb"
age: 0
access-control-allow-methods: OPTIONS, GET
x-cache: MISS
date: Mon, 30 Dec 2024 16:04:21 GMT
content-type: application/json
vary: Authorization, Accept-Encoding
x-served-by: cache-mia-kmia1760083-MIA, cache-mia-kmia1760093-MIA
x-cache-hits: 0
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-Requested-With, X-LD-Private, X-LD-AccountId, X-LD-EnvId, X-LD-PrjId, X-LaunchDarkly-Event-Schema, X-LaunchDarkly-User-Agent, X-LaunchDarkly-Wrapper, Ld-Api-Version
cache-control: max-age=0
x-timer: S1735574661.275042,VS0,VE185
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 21210

POST
H2 202 5e73bebabf8f54072b7966d5 Show response
events.launchdarkly.com/events/diagnostic/ 0
358 B 56ms
54ms XHR
application/json 3.88.238.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/diagnostic/5e73bebabf8f54072b7966d5

Requested by

Host: assets.pingone.com
URL: https://assets.pingone.com/davinci/latest/davinci.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

3.88.238.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-88-238-34.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://fdid-widgetflow.fifa.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
X-LaunchDarkly-User-Agent: JSClient/2.24.2
Content-Type: application/json

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 300
access-control-expose-headers: Date
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
content-length: 0
date: Mon, 30 Dec 2024 16:04:21 GMT
content-type: application/json
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags

OPTIONS
H2 200 start
auth.pingone.eu/a62b7869-ba3f-4a8b-aed5-836f6ad1e9c7/davinci/policy/fa8fea3f894419086b11b1d937f17ccd/ 0
0 710ms
285ms Preflight
application/json 2600:9000:28ac:7000:16:48a7:1a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.pingone.eu/a62b7869-ba3f-4a8b-aed5-836f6ad1e9c7/davinci/policy/fa8fea3f894419086b11b1d937f17ccd/start

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:28ac:7000:16:48a7:1a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,origin-cookies
Access-Control-Request-Method: POST
Origin: https://fdid-widgetflow.fifa.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Content-Type,Content-Length,Content-Disposition,Cookie,Correlation-Id,Origin,Origin-Cookies,Referer,Referrer,X-Amz-Date,X-Amz-Security-Token,X-Api-Key,x-client-version,X-Content-Type-Options,interactionId,interactionToken,interactionIdSS,interactionTokenSS
access-control-allow-methods: OPTIONS,GET,POST
access-control-allow-origin: https://fdid-widgetflow.fifa.org
allow: OPTIONS,GET,POST
content-length: 0
content-type: application/json
correlation-id: e2421180-2aeb-4bc5-988a-8bf7b8e58a12
date: Mon, 30 Dec 2024 16:04:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 455fa93729c4c4e026284f344dc67c68.cloudfront.net (CloudFront)
x-amz-apigw-id: DnOk9FqBjoEECqg=
x-amz-cf-id: P_sBDvijNUojjCFOTW6ELgnkUAqpAkJ9p5LA2CXyLXhQSg5Xuyyeow==
x-amz-cf-pop: IAD12-P5
x-amzn-requestid: e2421180-2aeb-4bc5-988a-8bf7b8e58a12
x-amzn-trace-id: Root=1-6772c485-6ad1d8c06e5ada262c0db599;Parent=09edf9bf30c340ad;Sampled=0;Lineage=1:2b7be87e:0
x-cache: Miss from cloudfront

OPTIONS
H2 200 5e73bebabf8f54072b7966d5
app.launchdarkly.com/sdk/goals/ 0
0 174ms
30ms Preflight 151.101.194.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/goals/5e73bebabf8f54072b7966d5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-launchdarkly-user-agent
Access-Control-Request-Method: GET
Origin: https://fdid-widgetflow.fifa.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 3600
age: 0
allow: GET, OPTIONS, HEAD
content-encoding: gzip
content-length: 23
date: Mon, 30 Dec 2024 16:04:21 GMT
ld-region: us-east-1
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-mia-kmia1760093-MIA
x-timer: S1735574661.242360,VS0,VE1

OPTIONS
H2 200 eyJrZXkiOiJhNjJiNzg2OS1iYTNmLTRhOGItYWVkNS04MzZmNmFkMWU5YzcifQ
app.launchdarkly.com/sdk/evalx/5e73bebabf8f54072b7966d5/users/ 0
0 170ms
31ms Preflight 151.101.194.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/evalx/5e73bebabf8f54072b7966d5/users/eyJrZXkiOiJhNjJiNzg2OS1iYTNmLTRhOGItYWVkNS04MzZmNmFkMWU5YzcifQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-launchdarkly-user-agent
Access-Control-Request-Method: GET
Origin: https://fdid-widgetflow.fifa.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 3600
age: 0
allow: GET, OPTIONS, HEAD
content-encoding: gzip
content-length: 23
date: Mon, 30 Dec 2024 16:04:21 GMT
ld-region: us-east-1
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-mia-kmia1760093-MIA
x-timer: S1735574661.242437,VS0,VE1

OPTIONS
H2 204 5e73bebabf8f54072b7966d5
events.launchdarkly.com/events/diagnostic/ 0
0 240ms
68ms Preflight 3.88.238.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/diagnostic/5e73bebabf8f54072b7966d5

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

3.88.238.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-88-238-34.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-launchdarkly-user-agent
Access-Control-Request-Method: POST
Origin: https://fdid-widgetflow.fifa.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Date
access-control-max-age: 300
date: Mon, 30 Dec 2024 16:04:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 eyJrZXkiOiJhNjJiNzg2OS1iYTNmLTRhOGItYWVkNS04MzZmNmFkMWU5YzcifQ
clientstream.launchdarkly.com/eval/5e73bebabf8f54072b7966d5/ 142 KB
0 449ms
68ms EventSource
text/event-stream 15.197.213.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://clientstream.launchdarkly.com/eval/5e73bebabf8f54072b7966d5/eyJrZXkiOiJhNjJiNzg2OS1iYTNmLTRhOGItYWVkNS04MzZmNmFkMWU5YzcifQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

15.197.213.252 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

aa1ba9bef7b18c265.awsglobalaccelerator.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Cache-Control: no-cache
Referer: https://fdid-widgetflow.fifa.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: text/event-stream

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 300
cache-control: no-cache, no-store, must-revalidate
ld-region: us-east-1
access-control-allow-methods: GET,OPTIONS
accept-ranges: bytes
access-control-allow-origin: *
date: Mon, 30 Dec 2024 16:04:21 GMT
content-type: text/event-stream; charset=utf-8
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Cache-Control,X-Requested-With,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper

POST
H2 202 5e73bebabf8f54072b7966d5 Show response
events.launchdarkly.com/events/bulk/ 0
358 B 244ms
119ms XHR
application/json 3.88.238.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/bulk/5e73bebabf8f54072b7966d5

Requested by

Host: assets.pingone.com
URL: https://assets.pingone.com/davinci/latest/davinci.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

3.88.238.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-88-238-34.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-LaunchDarkly-Event-Schema: 3
Referer: https://fdid-widgetflow.fifa.org/
X-LaunchDarkly-Payload-ID: bc3f95d0-c6c7-11ef-b13c-2b6f321aa98a
X-LaunchDarkly-User-Agent: JSClient/2.24.2
Content-Type: application/json
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 300
access-control-expose-headers: Date
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
content-length: 0
date: Mon, 30 Dec 2024 16:04:23 GMT
content-type: application/json
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags

OPTIONS
H2 204 5e73bebabf8f54072b7966d5
events.launchdarkly.com/events/bulk/ 0
0 55ms
54ms Preflight 3.88.238.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/bulk/5e73bebabf8f54072b7966d5

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

3.88.238.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-88-238-34.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-launchdarkly-event-schema,x-launchdarkly-payload-id,x-launchdarkly-user-agent
Access-Control-Request-Method: POST
Origin: https://fdid-widgetflow.fifa.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Date
access-control-max-age: 300
date: Mon, 30 Dec 2024 16:04:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 eyJrZXkiOiJhNjJiNzg2OS1iYTNmLTRhOGItYWVkNS04MzZmNmFkMWU5YzcifQ
clientstream.launchdarkly.com/eval/5e73bebabf8f54072b7966d5/ 142 KB
0 72ms
69ms EventSource
text/event-stream 15.197.213.252
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://clientstream.launchdarkly.com/eval/5e73bebabf8f54072b7966d5/eyJrZXkiOiJhNjJiNzg2OS1iYTNmLTRhOGItYWVkNS04MzZmNmFkMWU5YzcifQ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

15.197.213.252 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

aa1ba9bef7b18c265.awsglobalaccelerator.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Cache-Control: no-cache
Referer: https://fdid-widgetflow.fifa.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: text/event-stream

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 300
cache-control: no-cache, no-store, must-revalidate
ld-region: us-east-1
access-control-allow-methods: GET,OPTIONS
accept-ranges: bytes
access-control-allow-origin: *
date: Mon, 30 Dec 2024 16:04:24 GMT
content-type: text/event-stream; charset=utf-8
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Cache-Control,X-Requested-With,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://fdid-widgetflow.fifa.org/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.launchdarkly.com
assets.pingone.com
auth.pingone.eu
clientstream.launchdarkly.com
digitalhub.fifa.com
events.launchdarkly.com
fdid-widgetflow.fifa.org
orchestrate-api.pingone.eu
www.fifa.com
15.197.213.252
151.101.194.217
152.195.19.93
152.199.5.156
2600:9000:244d:5600:9:4a83:f500:93a1
2600:9000:24f4:7e00:11:c1cc:72c0:93a1
2600:9000:27ce:6400:5:3f58:5c80:93a1
2600:9000:28ac:7000:16:48a7:1a80:93a1
3.88.238.34
16bb3d8fb5c371c9e4fa6b5f313c0a5e2edd911c0ce6d0f9c3cee01e9560a2b3
1bcbc361d05fe6f1c1c04657150a75296f4665366e5d8c749883d2d7fd58d618
264e9cf5c3f8606d28c50d40e79269e182ca940c008a35c34ee7ce348008390b
48eb74a45169ea3d83367b03ba9fcfaa84db06cc587da680c6e9b864a15b4e5b
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
53ea61e954e16f2da77e41b7a267240c86e65a20ca26ea42c7c26b97da1cb187
6a2f4003a98a3d8b367702823291c5e43078623288deff831d9d83c8f2db9b16
6be16ed1da8c9be9961a94bd3b75429addb178754643bc9b5eb6c3eca3bc8ed9
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1
910e2eeccd08db7feadcd82b2f69b61c9a6319190f4a9ae0a5f6a9a62bb43604
a954c0a79c10d3b1bc92da8061a74c4bf99ade39a5f0b385de63e14e569a23db
b13c052dadb3aee66de51533acde68757d3d731147ba284c404bec20f6a84613
b2e4e87f44ad5fd7a917be38d61c3360dadec446bdac8bce734e80fac27fc86d
bca0cbef4d9a1480419d2e87f92f86f2b04237f91c1a36800ff4929370b931a4
c293b3aeb4898d08cc511c812408a728d6c707c464078342d9af91adcb3adc8a
cc3a2f933562a72ca10ba00561d2c31f5027e08fc5fcfc975a1064c07da37784
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e93ae49db01b8eb94a334282d7ab495fea3d867adb597db89668c48849d42d20
ee0bac56d02128e91bf420f5f58d2cfc7b1cbd0b2675a80a4d749e09c1482873
f9947515ada0af97c9f138a55bf4b733905d3cd11010e806a501c32d20b18ecb
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

fdid-widgetflow.fifa.org Open in urlscan Pro 152.199.5.156 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

30 Requests

100 %HTTPS

44 %IPv6

5 Domains

9 Subdomains

9 IPs

1 Countries

2425 kBTransfer

7937 kBSize

0 Cookies

29 Outgoing links

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

fdid-widgetflow.fifa.org Open in urlscan Pro
152.199.5.156 Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

100 %
HTTPS

44 %
IPv6

5
Domains

9
Subdomains

9
IPs

1
Countries

2425 kB
Transfer

7937 kB
Size

0
Cookies

30 HTTP transactions
0 data transactions