Submitted URL: http://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMA...
Effective URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMA...
Submission: On November 26 via manual from IN — Scanned from CA

Summary

This website contacted 26 IPs in 2 countries across 21 domains to perform 191 HTTP transactions. The main IP is 23.227.38.74, located in Ottawa, Canada and belongs to CLOUDFLARENET, US. The main domain is store.mannheimsteamroller.com.
TLS certificate: Issued by R3 on October 22nd 2021. Valid for: 3 months.
This is the only time store.mannheimsteamroller.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 6 23.227.38.74 13335 (CLOUDFLAR...)
89 2a04:4e42:400... 54113 (FASTLY)
5 2606:4700::68... 13335 (CLOUDFLAR...)
10 23.208.216.126 16625 (AKAMAI-AS)
5 2606:4700:20:... 13335 (CLOUDFLAR...)
8 34.138.230.116 396982 (GOOGLE-PR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 23.52.163.40 16625 (AKAMAI-AS)
9 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 174.129.223.30 14618 (AMAZON-AES)
1 2600:9000:210... 16509 (AMAZON-02)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 23.73.255.205 16625 (AKAMAI-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
8 52.216.21.115 16509 (AMAZON-02)
2 2a03:2880:f01... 32934 (FACEBOOK)
4 2606:2800:220... 15133 (EDGECAST)
2 2600:1400:d:4... 20940 (AKAMAI-ASN1)
2 52.92.160.232 16509 (AMAZON-02)
25 2a03:2880:f11... 32934 (FACEBOOK)
2 104.244.42.200 13414 (TWITTER)
1 54.70.206.88 16509 (AMAZON-02)
1 151.101.0.84 54113 (FASTLY)
191 26
Domain Requested by
89 cdn.shopify.com store.mannheimsteamroller.com
cdn.shopify.com
25 www.facebook.com connect.facebook.net
store.mannheimsteamroller.com
www.facebook.com
9 fonts.gstatic.com fonts.googleapis.com
8 shopify-sales-timer.s3.amazonaws.com store.mannheimsteamroller.com
cdn.shopify.com
shopify-sales-timer.s3.amazonaws.com
8 monorail-edge.shopifysvc.com cdn.shopify.com
6 store.mannheimsteamroller.com 1 redirects cdn.shopify.com
5 amaicdn.com store.mannheimsteamroller.com
amaicdn.com
5 secure.apps.shappify.com store.mannheimsteamroller.com
4 platform.twitter.com s7.addthis.com
platform.twitter.com
4 api-public.addthis.com cdn.shopify.com
s7.addthis.com
4 upsells.boldapps.net store.mannheimsteamroller.com
cdn.shopify.com
4 s7.addthis.com store.mannheimsteamroller.com
s7.addthis.com
2 syndication.twitter.com platform.twitter.com
2 s3-us-west-2.amazonaws.com cdn.shopify.com
2 assets.pinterest.com s7.addthis.com
assets.pinterest.com
2 connect.facebook.net s7.addthis.com
connect.facebook.net
1 log.pinterest.com
1 www.trustedsite.com cdn.ywxi.net
1 widgetic.com store.mannheimsteamroller.com
1 bundles.boldapps.net store.mannheimsteamroller.com
1 chimpstatic.com store.mannheimsteamroller.com
1 cdn.ywxi.net store.mannheimsteamroller.com
1 preordermanager.amai.com cdn.shopify.com
1 m.addthis.com s7.addthis.com
1 v1.addthisedge.com s7.addthis.com
1 ajax.googleapis.com amaicdn.com
1 z.moatads.com s7.addthis.com
1 fonts.googleapis.com cdn.shopify.com
191 28

This site contains links to these domains. Also see Links.

Domain
www.mannheimsteamroller.com
Subject Issuer Validity Valid
store.mannheimsteamroller.com
R3
2021-10-22 -
2022-01-20
3 months crt.sh
cdn.shopify.com
GlobalSign Atlas R3 DV TLS CA 2020
2021-04-20 -
2022-05-22
a year crt.sh
shappify.com
Cloudflare Inc ECC CA-3
2021-06-02 -
2022-06-01
a year crt.sh
odc-addthis-prod-01.oracle.com
DigiCert SHA2 Secure Server CA
2021-04-25 -
2022-04-27
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-05-01 -
2022-04-30
a year crt.sh
monorail-edge.shopifysvc.com
R3
2021-10-04 -
2022-01-02
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA
2021-01-21 -
2022-01-25
a year crt.sh
*.gstatic.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.amai.com
Amazon
2021-08-04 -
2022-09-02
a year crt.sh
*.ywxi.net
Amazon
2021-08-04 -
2022-09-02
a year crt.sh
boldapps.net
Cloudflare Inc ECC CA-3
2021-10-26 -
2022-10-25
a year crt.sh
wildcardsan.us15.list-manage.com
DigiCert SHA2 Secure Server CA
2021-01-11 -
2022-01-17
a year crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2
2021-01-11 -
2022-02-11
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-09-04 -
2021-12-03
3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1
2021-10-20 -
2022-10-19
a year crt.sh
*.pinterest.com
DigiCert TLS RSA SHA256 2020 CA1
2021-07-26 -
2022-08-05
a year crt.sh
*.s3-us-west-2.amazonaws.com
Amazon
2021-03-26 -
2022-03-05
a year crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2021-03-24 -
2022-03-23
a year crt.sh
*.trustedsite.com
Amazon
2021-02-09 -
2022-03-10
a year crt.sh

This page contains 6 frames:

Primary Page: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Frame ID: 3C0CE243401DE6E752A47DA6ADBCEB17
Requests: 164 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: B9FC7AAD4351863B2450E1C3F4CBC46A
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: A207994DD6E69B78BC7C5AB7A211433A
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=https%3A%2F%2Fstore.mannheimsteamroller.com
Frame ID: 3E064079512B029A9FD9FB30FA340201
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Frame ID: CE690C5DB4676F0F33035AA5738B3A84
Requests: 25 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html
Frame ID: CEEA99190091AC9BB061CC3A27E77052
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Christmas Symphony – Mannheim Steamroller

Page URL History Show full URLs

  1. http://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_cam... HTTP 301
    https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_cam... Page URL

Page Statistics

191
Requests

99 %
HTTPS

56 %
IPv6

21
Domains

28
Subdomains

26
IPs

2
Countries

1955 kB
Transfer

5786 kB
Size

26
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID HTTP 301
    https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

191 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request christmas-symphony
store.mannheimsteamroller.com/products/
Redirect Chain
  • http://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a...
  • https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4...
141 KB
29 KB
Document
General
Full URL
https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d4369c5607bd53ec7d655fc80088960189b2f2f67e950cf265ea793d2d8eb6a
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
en-CA,en;q=0.9

Response headers

date
Fri, 26 Nov 2021 14:07:47 GMT
content-type
text/html; charset=utf-8
x-sorting-hat-podid
224
x-sorting-hat-shopid
12587491
x-storefront-renderer-rendered
1
link
<https://cdn.shopify.com>; rel=preconnect, <https://cdn.shopify.com>; rel=preconnect; crossorigin
x-shopify-request-trackable
true
x-alternate-cache-key
cacheable:c1e122a118991356e10401c371b11d10
x-cache
miss
x-frame-options
DENY
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
access-control-allow-origin
*
strict-transport-security
max-age=7889238
x-shopid
12587491
x-shardid
224
vary
Accept
content-language
en
x-shopify-stage
production
x-dc
gcp-us-central1,gcp-us-central1,gcp-us-central1
x-request-id
070f546c-a8d8-4f89-b981-85326041ec9a
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
x-download-options
noopen
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6b43af5fdf127154-YUL
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

Date
Fri, 26 Nov 2021 14:07:47 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Sorting-Hat-PodId
224
X-Sorting-Hat-ShopId
12587491
X-Storefront-Renderer-Rendered
1
Location
https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
X-Frame-Options
DENY
Content-Security-Policy
frame-ancestors 'none';
Access-Control-Allow-Origin
*
X-ShopId
12587491
X-ShardId
224
Vary
Accept
X-Shopify-Stage
production
X-Dc
gcp-us-central1,gcp-us-central1,gcp-us-central1
X-Request-ID
769cb513-24ac-4256-ae6a-96e7984661f8
X-Download-Options
noopen
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block
CF-Cache-Status
DYNAMIC
Server
cloudflare
CF-RAY
6b43af5f2f734bc5-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
bootstrap.min.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
118 KB
18 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bootstrap.min.css?v=16275807143070108843
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
6522b65d1633ebd28856a3bbbb142027f7c6975e9a0de1b6a2479873b1e22d09
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
17452
x-xss-protection
1; mode=block
x-request-id
679e0b1db36b711532775b2e9d979df5
x-served-by
cache-lga21946-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:58:35 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.565480,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 10:03:03 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bootstrap.min.css>; rel="canonical"
x-cache-hits
1, 1
owl.carousel.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
2 KB
780 B
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/owl.carousel.css?v=3770034108071850157
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
f73150e288aa203fa8970bb6e6f1ebb3d98466dbc38352e177f6abee70a50095
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
539
x-xss-protection
1; mode=block
x-request-id
1d9c4d51477f40777a5e0c3b3acc69b5
x-served-by
cache-lga21944-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:46:00 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.565556,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Thu, 10 Nov 2022 12:27:55 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/owl.carousel.css>; rel="canonical"
x-cache-hits
1, 1
settings.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
131 KB
14 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/settings.css?v=18086228612266433528
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
863301c839a9097d15e72a059159ac280951ce48f332b9df6850c8474393a3d3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
14462
x-xss-protection
1; mode=block
x-request-id
fd8432b8b036256e2419b83c8d675bb6
x-served-by
cache-lga21922-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:45:23 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.565616,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 10:03:03 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/settings.css>; rel="canonical"
x-cache-hits
1, 1
styles.scss.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
290 KB
35 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/styles.scss.css?v=11028470776936670404
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
0ef263550319255637345422d4d0d659c4e916d85c9ddba1457cdac1e1b7ded6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
35789
x-xss-protection
1; mode=block
x-request-id
76cc0a1d519c3f9dcd7417e3635575bf
x-served-by
cache-lga21939-LGA, cache-yul12829-YUL
last-modified
Thu, 25 Nov 2021 14:43:35 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.565634,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Fri, 25 Nov 2022 14:43:35 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/styles.scss.css>; rel="canonical"
x-cache-hits
1, 1
nt-header-layout-5.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
10 KB
2 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/nt-header-layout-5.css?v=11560675515282914903
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
282f7f82642d0ee4a80ae0266a38882ab759a95ae8f4d65a5faee70bf827f7d1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
1536
x-xss-protection
1; mode=block
x-request-id
f1779043e9d2fabdcb12781315f32bce
x-served-by
cache-lga21983-LGA, cache-yul12829-YUL
last-modified
Mon, 16 Dec 2019 19:56:32 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.565785,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 12:08:59 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/nt-header-layout-5.css>; rel="canonical"
x-cache-hits
1, 1
nt-footer-layout-6.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
5 KB
1 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/nt-footer-layout-6.css?v=15156587086702057738
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
a6d23ff530abf8a1f29d0153f8ddfb9bcd92638d0bb7894a87b100b8146d970b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
901
x-xss-protection
1; mode=block
x-request-id
2ba4c93d9008b84e38f01cece506f379
x-served-by
cache-lga21958-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:46:45 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.565778,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 14:16:30 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/nt-footer-layout-6.css>; rel="canonical"
x-cache-hits
1, 6
loader.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
2 KB
844 B
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/loader.css?v=13520581156167198092
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
fa10d16a37e32f2224fbfb2abe309993609b834516bea92bf74ca2559252e55f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
597
x-xss-protection
1; mode=block
x-request-id
9233d4ec90b3b560a76c202dbc905cc8
x-served-by
cache-lga21982-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:13 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.565912,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Thu, 24 Nov 2022 11:17:48 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/loader.css>; rel="canonical"
x-cache-hits
1, 1
toastr.min.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
6 KB
3 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/toastr.min.css?v=10646864197997850718
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
a2426f1111a7c61667d668e9012e3eab58f4e784fe70fe16293dc43b634f812a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
2461
x-xss-protection
1; mode=block
x-request-id
1138784ffda09119ffd5cf929d810792
x-served-by
cache-lga21980-LGA, cache-yul12829-YUL
last-modified
Mon, 16 Dec 2019 19:56:36 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.573635,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 12:00:52 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/toastr.min.css>; rel="canonical"
x-cache-hits
1, 1
jquery.fancybox.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
6 KB
2 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fancybox.css?v=10889551828521818491
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
4ffbb565d1944814db3519fce9d0d320c0741acc97fea796a5612b664d78366a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
1464
x-xss-protection
1; mode=block
x-request-id
02d83164ee22422a0a9b8519f6e81a1c
x-served-by
cache-lga13626-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:12 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.565906,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 09:59:20 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fancybox.css>; rel="canonical"
x-cache-hits
1, 6
font-awesome.min.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
27 KB
5 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/font-awesome.min.css?v=1811080494831994179
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
911efb4e1383c28ad12d7f925d686dcd29d99421f2ca466ee63a867a138f5560
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
4995
x-xss-protection
1; mode=block
x-request-id
28ef2e5103711c2b505d5757e709da83
x-served-by
cache-lga21981-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:58:37 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.573777,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 07:13:54 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/font-awesome.min.css>; rel="canonical"
x-cache-hits
1, 1
sca-quick-view.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
5 KB
1 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sca-quick-view.css?v=13512753789508389045
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
f2431d9cae765db6e982c7d0c4c9a9d15d6dc9d986ae8f28c38412ad6fd941c5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
1259
x-xss-protection
1; mode=block
x-request-id
33dd172caae1ae5f1a19a9a7147d3ec1
x-served-by
cache-lga21975-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:13 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.573463,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 12:16:00 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sca-quick-view.css>; rel="canonical"
x-cache-hits
1, 1
sca-jquery.fancybox.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
43 KB
27 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sca-jquery.fancybox.css?v=7918907339668535341
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
79b2c64048bd2c64b4c23bfb4ef8a4f97e4d539d0b792dfb1fc88f4bd925a26d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
27188
x-xss-protection
1; mode=block
x-request-id
401ec743dc7cd8bdd5cd7c4020ab06eb
x-served-by
cache-lga21941-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:46:45 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.573518,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 05:42:28 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sca-jquery.fancybox.css>; rel="canonical"
x-cache-hits
1, 1
jquery.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
91 KB
31 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.min.js?v=6506911499012750403
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
5b6725689f9ca035bdd1f325690447c2cab1e9a27c39b3a3a6d702ab888236ac
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
31473
x-xss-protection
1; mode=block
x-request-id
8ea99037aa0f7bfb8a03d9883203a558
x-served-by
cache-lga21948-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:16 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.574016,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 07:40:42 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.min.js>; rel="canonical"
x-cache-hits
1, 1
jquery.themepunch.tools.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
105 KB
36 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.themepunch.tools.min.js?v=1829877859153596686
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
73ea81488e436dcf501f872075efdd2aa3cebf6e334cb43467d14f28377b5804
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
35785
x-xss-protection
1; mode=block
x-request-id
0f9b903b473ab29c7c5bf82c3aac43bf
x-served-by
cache-lga21954-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 07:00:00 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.574033,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 12:16:00 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.themepunch.tools.min.js>; rel="canonical"
x-cache-hits
1, 1
jquery.themepunch.revolution.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
63 KB
17 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.themepunch.revolution.min.js?v=12866956227497450034
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
660aabb95e73c8818f3582b446067c6e35770cd46c49346374bf41155150c80e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
17012
x-xss-protection
1; mode=block
x-request-id
45b85f2b8dd0c2de02ab5f7b8f7adec5
x-served-by
cache-lga21961-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:13 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.573764,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 09:59:20 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.themepunch.revolution.min.js>; rel="canonical"
x-cache-hits
1, 1
jquery-cookie.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
1 KB
858 B
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery-cookie.min.js?v=7236575574540404818
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
30de098fc5522f2f79107897afcd6d00062cecce3101a40cb671ecc73c674422
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
520
x-xss-protection
1; mode=block
x-request-id
ce34e3a3fe76b18e2f24780fa563b1f3
x-served-by
cache-lga13626-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:58:38 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.693339,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 06:53:58 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery-cookie.min.js>; rel="canonical"
x-cache-hits
1, 1
modernizr.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
3 KB
2 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/modernizr.min.js?v=12518942495570507011
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
bff42b43d858853bf4333fb583660bad4a4132bc073a35771188da5f78fdb09b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
1396
x-xss-protection
1; mode=block
x-request-id
25331beed4ccf4d92b4e23c653ec8c92
x-served-by
cache-lga21977-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:46:47 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.693417,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 09:20:52 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/modernizr.min.js>; rel="canonical"
x-cache-hits
1, 1
jquery.flexslider-min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
22 KB
6 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.flexslider-min.js?v=7553249248416720244
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
f4da2313ec5a6f93ff25851dfb2949f7f6cc5d0087ef20f5dce3037f7fb3c7a9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
5771
x-xss-protection
1; mode=block
x-request-id
985e859700703bf091e760b1f32dc32275c8170d70bafb9a4b3d787f9447f1aa
x-served-by
cache-lga21943-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:59:11 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.693460,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 21 Oct 2022 14:04:06 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.flexslider-min.js>; rel="canonical"
x-cache-hits
1, 2
owl.carousel.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
23 KB
6 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/owl.carousel.js?v=15265798338679244709
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
5b8f8e24f2eabbda7290548383723a6329e14b886392f8f8ece080f6efe6878c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
5908
x-xss-protection
1; mode=block
x-request-id
ac146ebeb0b41357de0a6466ebf12ae4
x-served-by
cache-lga21948-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:46:00 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.693500,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 08:25:40 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/owl.carousel.js>; rel="canonical"
x-cache-hits
1, 6
selectize.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
39 KB
12 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/selectize.min.js?v=10245617905528283634
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
bfc193cbebe23fedd2cbb97458b22ad84fc6335ded6b80b09f702735cc0476e7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
12260
x-xss-protection
1; mode=block
x-request-id
367f9181ff1d5f6ee5708b47b9b4c943
x-served-by
cache-lga21945-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:13 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.693550,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 16:57:05 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/selectize.min.js>; rel="canonical"
x-cache-hits
1, 1
jquery.elevateZoom-3.0.8.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
32 KB
6 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.elevateZoom-3.0.8.min.js?v=15001016163465525103
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
d1e9fd89f7772e932d857e64ae9ff086810e3e8394d3720470756c2de69fea91
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
5526
x-xss-protection
1; mode=block
x-request-id
e7b963aa02e6463dffa80bef6e107f28
x-served-by
cache-lga21972-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 07:00:01 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.694120,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 10:03:51 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.elevateZoom-3.0.8.min.js>; rel="canonical"
x-cache-hits
1, 1
jquery.fancybox.pack.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
22 KB
8 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fancybox.pack.js?v=14571656442996943808
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
9bece345f853bede1479269d88030c4ac724b6360a6143be3b6b2a1e9d6f57a0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
7749
x-xss-protection
1; mode=block
x-request-id
8e4c64722ffe8348b868a96eff852d86
x-served-by
cache-lga13628-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:16 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.694020,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 10 Nov 2022 12:08:56 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fancybox.pack.js>; rel="canonical"
x-cache-hits
1, 1
jquery.fancybox-media.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
2 KB
1 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fancybox-media.js?v=2778842296868151451
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
b49af5d8fb7348cd3bf23ae73743db7898911256ad9d2377678821186aba8ec3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
1015
x-xss-protection
1; mode=block
x-request-id
e7887a11fe1b3912746ef37e0bb58ebe4d10d7a33a9f82f54bc108442cb9916e
x-served-by
cache-lga13628-LGA, cache-yul12829-YUL
last-modified
Mon, 16 Dec 2019 19:56:33 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.694718,VS0,VE2
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 14 Oct 2022 05:20:21 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fancybox-media.js>; rel="canonical"
x-cache-hits
1, 1
isotope.pkgd.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
34 KB
9 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/isotope.pkgd.min.js?v=10716170274150304395
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
7eb4509b0d4771082ac20521c1f2c79bf575a7d9d1b8b94c65654f090057975a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
9196
x-xss-protection
1; mode=block
x-request-id
b1874a336434fdc4f364cdfa1d9e26ec
x-served-by
cache-lga21970-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:59:10 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.694737,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 09:20:52 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/isotope.pkgd.min.js>; rel="canonical"
x-cache-hits
1, 1
imagesloaded.pkgd.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
5 KB
2 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/imagesloaded.pkgd.min.js?v=2960574115061968581
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
8f9866e833ce88be6659d2d4c65850c504d68d36020217e3b396d9301cb76b68
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
1521
x-xss-protection
1; mode=block
x-request-id
dbe726d10a41308af4301c7b16f7b97b
x-served-by
cache-lga21931-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:59:36 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.694726,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 11:30:33 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/imagesloaded.pkgd.min.js>; rel="canonical"
x-cache-hits
1, 7
jquery.appear.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
1 KB
843 B
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.appear.js?v=15457449512232779877
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
f908be4322ec368a47a2f78a6181c819cb49c89d20a8510c4ef67ef8fbca3086
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
545
x-xss-protection
1; mode=block
x-request-id
58e89bc63acaf58937c7a99fab1f10bb
x-served-by
cache-lga21963-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:59:33 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.696039,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 10:11:48 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.appear.js>; rel="canonical"
x-cache-hits
1, 1
option_selection-fe6b72c2bbdd3369ac0bfefe8648e3c889efca213baefd4cfb0dd9363563831f.js
cdn.shopify.com/shopifycloud/shopify/assets/themes_support/
9 KB
3 KB
Script
General
Full URL
https://cdn.shopify.com/shopifycloud/shopify/assets/themes_support/option_selection-fe6b72c2bbdd3369ac0bfefe8648e3c889efca213baefd4cfb0dd9363563831f.js
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
fe6b72c2bbdd3369ac0bfefe8648e3c889efca213baefd4cfb0dd9363563831f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
2748
x-xss-protection
1; mode=block
x-request-id
2e8f222cfd87b11345e34a0dbbf00231
x-served-by
cache-lga21944-LGA, cache-yul12829-YUL
server
cache-yul12829-YUL
x-timer
S1637935668.695921,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/themes_support/option_selection-fe6b72c2bbdd3369ac0bfefe8648e3c889efca213baefd4cfb0dd9363563831f.js>; rel="canonical"
x-cache-hits
1, 502843
webfont.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
12 KB
5 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/webfont.js?v=4914639218279684479
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
aeeea5052852429293bb9cabb7617dcae1e5a616851d41ec713ee5c2e1b3ae55
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
4527
x-xss-protection
1; mode=block
x-request-id
ee340d41e0621e853333a38b4c84f3ce
x-served-by
cache-lga21973-LGA, cache-yul12829-YUL
last-modified
Mon, 16 Dec 2019 19:56:32 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695761,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 24 Nov 2022 12:28:07 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/webfont.js>; rel="canonical"
x-cache-hits
1, 1
load_feature-a55261a7a987674749989983b5889eadaac6795d8d48548fb61470a96edb9524.js
cdn.shopify.com/shopifycloud/shopify/assets/storefront/
9 KB
3 KB
Script
General
Full URL
https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-a55261a7a987674749989983b5889eadaac6795d8d48548fb61470a96edb9524.js
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12820-YUL /
Resource Hash
a55261a7a987674749989983b5889eadaac6795d8d48548fb61470a96edb9524
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://store.mannheimsteamroller.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
2777
x-xss-protection
1; mode=block
x-request-id
7d39d9e6d6ebb3cdbd33c354f5132152
x-served-by
cache-lga21959-LGA, cache-yul12820-YUL
server
cache-yul12820-YUL
x-timer
S1637935668.751752,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-a55261a7a987674749989983b5889eadaac6795d8d48548fb61470a96edb9524.js>; rel="canonical"
x-cache-hits
2, 2744870
features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js
cdn.shopify.com/shopifycloud/shopify/assets/storefront/
37 KB
13 KB
Script
General
Full URL
https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12820-YUL /
Resource Hash
87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://store.mannheimsteamroller.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
12298
x-xss-protection
1; mode=block
x-request-id
e624e9bc29b60a2db5947e2486240d8a
x-served-by
cache-lga21932-LGA, cache-yul12820-YUL
server
cache-yul12820-YUL
x-timer
S1637935668.751555,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae.js>; rel="canonical"
x-cache-hits
1, 2639075
bold-upsell.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
19 KB
4 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bold-upsell.css?v=5191588650560232271
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
39b67047f62bfeb05b02e88df6cf72e2a71b5f4c6e6fde7e93c3ff365f30a63a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
3483
x-xss-protection
1; mode=block
x-request-id
9d7345b51967b51b06736a042bab18a7
x-served-by
cache-lga21940-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:59:35 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.573395,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
text/css
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 09:52:28 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bold-upsell.css>; rel="canonical"
x-cache-hits
1, 2
bold-upsell-custom.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
0
0
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bold-upsell-custom.css?160
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

header_5_logo.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
5 KB
5 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/header_5_logo.png?v=15104082059059083423
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
fb16c823b3edaf3b3dd09e69848bbd8a72039156863697ace4c4b7a303709701
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
header_generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
4638
x-xss-protection
1; mode=block
x-request-id
1be94f7897ae40ef8afe36f6e6fac0aa
x-served-by
cache-lga21927-LGA, cache-yul12829-YUL
last-modified
Fri, 05 Nov 2021 16:24:46 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.694780,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Sat, 05 Nov 2022 16:24:46 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/header_5_logo.png>; rel="canonical"
x-cache-hits
1, 1
sale9.png
secure.apps.shappify.com/apps/discount/icons/default/
1 KB
1 KB
Image
General
Full URL
https://secure.apps.shappify.com/apps/discount/icons/default/sale9.png
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e38d68218c650828bb81e12aa21878ae81e9ce0ba84532e46c088acbaabf6f5

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:47 GMT
via
1.1 google
cf-cache-status
HIT
age
309223
cf-polished
origSize=1352
content-length
1224
last-modified
Thu, 18 Aug 2016 21:14:31 GMT
server
cloudflare
etag
"548-53a5f115a7bc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
expires
Fri, 03 Dec 2021 14:07:47 GMT
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
6b43af631dcc7156-YUL
cf-bgj
imgq:85,h2pri
jquery.bxslider.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
49 KB
11 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.bxslider.min.js?v=12097846045018392069
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
bddbba35635904eca1d7f9edc74bdbcba04ec0f5a16286fdbd8f78fb0f7e0c6f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
11153
x-xss-protection
1; mode=block
x-request-id
adc27bc0196cf8ac7b82813cb940adfd
x-served-by
cache-lga21957-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:59:13 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.629606,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 05:42:59 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.bxslider.min.js>; rel="canonical"
x-cache-hits
1, 4
51Iu8-ecgyL_large.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/
56 KB
56 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/products/51Iu8-ecgyL_large.jpeg?v=1461175958
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
3c40cd169ced8d7ee501d4440e5229be5746aa4efdf4134da2762b29ea6ce96e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
57274
x-xss-protection
1; mode=block
x-request-id
d61b338b8cbf9e9d2661e001f8db6cb5
x-served-by
cache-lga13625-LGA, cache-yul12829-YUL
last-modified
Tue, 23 Nov 2021 20:58:13 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695754,VS0,VE2
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 20:58:13 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/products/51Iu8-ecgyL_large.jpeg>; rel="canonical"
x-cache-hits
1, 1
discount-sales-clock-js.php
secure.apps.shappify.com/apps/discount/
4 KB
2 KB
Script
General
Full URL
https://secure.apps.shappify.com/apps/discount/discount-sales-clock-js.php?shop=mannheimsteamroller.myshopify.com
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
069ca9398bb61f9d15df2bec10710fe7dd79f8dca34a6a9a26c42242e7ad777e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

cf-ray
6b43af631dd07156-YUL
pragma
no-cache
date
Fri, 26 Nov 2021 14:07:47 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NON DSP LAW CUR ADM DEV TAI PSA PSD HIS OUR DEL IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE LOC IVD SAM IVA OTC"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
content-type
application/javascript
content-length
1895
via
1.1 google
discount-sales-clock-css.php
secure.apps.shappify.com/apps/discount/
204 B
749 B
Stylesheet
General
Full URL
https://secure.apps.shappify.com/apps/discount/discount-sales-clock-css.php?shop=mannheimsteamroller.myshopify.com
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa1983cd8b5e7dc6b6e03342469435dd02475c9c94d4e128522fe08ffcacd919

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

cf-ray
6b43af62dd447156-YUL
date
Fri, 26 Nov 2021 14:07:47 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NON DSP LAW CUR ADM DEV TAI PSA PSD HIS OUR DEL IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE LOC IVD SAM IVA OTC"
access-control-allow-origin
*
cache-control
public, s-maxage=300
content-type
text/css;charset=UTF-8
content-length
171
via
1.1 google
expires
Fri, 26 Nov 2021 14:37:47 GMT
addthis_widget.js
s7.addthis.com/js/300/
353 KB
114 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
"5f971164-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
cache-control
public, max-age=600
date
Fri, 26 Nov 2021 14:07:47 GMT
x-host
s7.addthis.com
content-length
116325
sale11.png
secure.apps.shappify.com/apps/discount/icons/default/
960 B
1 KB
Image
General
Full URL
https://secure.apps.shappify.com/apps/discount/icons/default/sale11.png
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
045e3e9d809f7ce8ebdffa7435f306fab3903c8e41919bf3d08ba974f899046e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:47 GMT
via
1.1 google
cf-cache-status
HIT
age
28115
cf-polished
origSize=1016
content-length
960
last-modified
Thu, 18 Aug 2016 21:14:31 GMT
server
cloudflare
etag
"3f8-53a5f115a7bc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
expires
Fri, 03 Dec 2021 14:07:47 GMT
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
6b43af631dd17156-YUL
cf-bgj
imgq:85,h2pri
51T1BMn6EhL_200x200.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/
12 KB
13 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/products/51T1BMn6EhL_200x200.jpeg?v=1461175965
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
829963fc8364800c2f61ece45acfd5cb8111657235b70a841e5b63553d8cdcf6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
12668
x-xss-protection
1; mode=block
x-request-id
32d53c90c7f6d474c9166397d258ab2a
x-served-by
cache-lga21956-LGA, cache-yul12829-YUL
last-modified
Wed, 10 Nov 2021 12:11:34 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695750,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 10 Nov 2022 12:11:34 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/products/51T1BMn6EhL_200x200.jpeg>; rel="canonical"
x-cache-hits
1, 1
716MgwBGjwL._SL1080_200x200.jpg
cdn.shopify.com/s/files/1/1258/7491/products/
14 KB
15 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/products/716MgwBGjwL._SL1080_200x200.jpg?v=1469142545
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
81a19ccba74def3ced0f2656d08c4d116133adfa649effcafd03bfd1eee6c95d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
14578
x-xss-protection
1; mode=block
x-request-id
ecb5bef4e93dc73f980e0f46b16f0a28
x-served-by
cache-lga21978-LGA, cache-yul12829-YUL
last-modified
Wed, 24 Nov 2021 13:48:02 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695732,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 24 Nov 2022 13:48:02 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/products/716MgwBGjwL._SL1080_200x200.jpg>; rel="canonical"
x-cache-hits
1, 1
61DhHgRkpeL_200x200.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/
14 KB
15 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/products/61DhHgRkpeL_200x200.jpeg?v=1461175962
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
321fffd9d643ce3d0b4170a99043586def55a56525374344feb754613a1831cc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
14548
x-xss-protection
1; mode=block
x-request-id
6d1da1f193edb289a931499e9f57756f
x-served-by
cache-lga13626-LGA, cache-yul12829-YUL
last-modified
Thu, 18 Nov 2021 14:45:02 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695599,VS0,VE2
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 14:45:02 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/products/61DhHgRkpeL_200x200.jpeg>; rel="canonical"
x-cache-hits
1, 1
61PURZzTPmL_200x200.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/
21 KB
21 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/products/61PURZzTPmL_200x200.jpeg?v=1461175946
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
61f32a3c3336f0e0abedd74a5e21c4e6c30a7f6521c176c8c13fd9f387bfe167
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
21468
x-xss-protection
1; mode=block
x-request-id
d8681bf62771d082085d2cb5d3e75907
x-served-by
cache-lga21972-LGA, cache-yul12829-YUL
last-modified
Wed, 24 Nov 2021 14:49:37 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695534,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 24 Nov 2022 14:49:37 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/products/61PURZzTPmL_200x200.jpeg>; rel="canonical"
x-cache-hits
1, 1
61uWmriDERL_200x200.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/
16 KB
16 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/products/61uWmriDERL_200x200.jpeg?v=1461175937
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
9813b0fcd11d038e3e01e1a2b22d3c8adb0e60e4bcd39b1bbe59a6485939dbc1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
16240
x-xss-protection
1; mode=block
x-request-id
93cb8259b3ec4c061fc9eede8820dc89
x-served-by
cache-lga21928-LGA, cache-yul12829-YUL
last-modified
Thu, 18 Nov 2021 14:45:51 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695538,VS0,VE2
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 14:45:51 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/products/61uWmriDERL_200x200.jpeg>; rel="canonical"
x-cache-hits
1, 1
2017-hoodie_200x200.jpg
cdn.shopify.com/s/files/1/1258/7491/products/
4 KB
4 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/products/2017-hoodie_200x200.jpg?v=1511376527
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
4441d3fe3ba01c627ae4992a13ea07f70ad6b12378a40153db6fb6f8ad264066
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
4226
x-xss-protection
1; mode=block
x-request-id
e72b5a22fdd36c7591c41db8097ebdb9
x-served-by
cache-lga21949-LGA, cache-yul12829-YUL
last-modified
Thu, 11 Nov 2021 08:55:44 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695510,VS0,VE2
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 08:55:44 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/products/2017-hoodie_200x200.jpg>; rel="canonical"
x-cache-hits
1, 1
sb_block_sold_by_image.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
3 KB
3 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sb_block_sold_by_image.png?v=16948958644280575943
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
211af9761cd3bf4df824f1a9b1a5170650908c782d02f73ddfc57221d894f1d4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
header_generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
2662
x-xss-protection
1; mode=block
x-request-id
d1deab80cbfaea0252f03936dc193ff3
x-served-by
cache-lga21959-LGA, cache-yul12829-YUL
last-modified
Tue, 23 Nov 2021 10:09:05 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695332,VS0,VE2
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 10:09:05 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sb_block_sold_by_image.png>; rel="canonical"
x-cache-hits
1, 1
sold_by_1.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
466 B
723 B
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sold_by_1.png?v=18000017558408525538
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
97d6537ea25fd895abfbfbfaa9ba8f60afa81742eda89a88b3a09766327a1e16
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
header_generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
466
x-xss-protection
1; mode=block
x-request-id
02d742acea560fb9186193feee1e1d47
x-served-by
cache-lga21932-LGA, cache-yul12829-YUL
last-modified
Wed, 10 Nov 2021 11:57:45 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695116,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Thu, 10 Nov 2022 11:57:45 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sold_by_1.png>; rel="canonical"
x-cache-hits
1, 1
sold_by_2.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
530 B
1 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sold_by_2.png?v=15832669950340441732
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
6305b967d0267049439f5e037aa34218bce088cee2b6a715624065b351564fb1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
header_generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
530
x-xss-protection
1; mode=block
x-request-id
1dfcba1c9bace2fe9935ff584c8e8d27
x-served-by
cache-lga21962-LGA, cache-yul12829-YUL
last-modified
Thu, 04 Nov 2021 09:52:29 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695113,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 09:52:29 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sold_by_2.png>; rel="canonical"
x-cache-hits
1, 1
sold_by_3.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
568 B
845 B
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sold_by_3.png?v=6284532704315261954
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
846851aa1249c0de2c577f36df89218d572683e4d96da0351077443a2706a75c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
header_generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
568
x-xss-protection
1; mode=block
x-request-id
75e4cdde6300fe874b4ea5ac812aa245
x-served-by
cache-lga21954-LGA, cache-yul12829-YUL
last-modified
Thu, 04 Nov 2021 09:52:29 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695024,VS0,VE3
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 09:52:29 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/sold_by_3.png>; rel="canonical"
x-cache-hits
1, 1
31EEXP4VC4L_small.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/
1 KB
2 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/products/31EEXP4VC4L_small.jpeg?v=1461176128
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
11bbdd8d16ffe55a66d680af15154b0abf1f04fedf348cc8a1888b1b3dacb615
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
1454
x-xss-protection
1; mode=block
x-request-id
429b0fe16c63f779ddc57e766ff2867a
x-served-by
cache-lga21934-LGA, cache-yul12829-YUL
last-modified
Thu, 18 Nov 2021 13:38:33 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.694956,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 13:38:33 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/products/31EEXP4VC4L_small.jpeg>; rel="canonical"
x-cache-hits
1, 3
41onpvNcghL_small.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/
2 KB
2 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/products/41onpvNcghL_small.jpeg?v=1461176127
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
0e0a57061bb49265b9625aca8f3111ef3943dea05031a4c4be09b0ea9f07572e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
1916
x-xss-protection
1; mode=block
x-request-id
2398c3d56bf260292655dfc94c82469b
x-served-by
cache-lga21952-LGA, cache-yul12829-YUL
last-modified
Sat, 20 Nov 2021 00:29:27 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.694917,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Sun, 20 Nov 2022 00:29:27 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/products/41onpvNcghL_small.jpeg>; rel="canonical"
x-cache-hits
1, 1
31YTB7KXCEL_small.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/
2 KB
2 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/products/31YTB7KXCEL_small.jpeg?v=1461176136
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
99f2266fa780b44460d6b43e7907280e7ce5b5c131baaadf4c754e4a01940050
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
1860
x-xss-protection
1; mode=block
x-request-id
be829d70a437d218eee84f7e2fe72a7f
x-served-by
cache-lga21974-LGA, cache-yul12829-YUL
last-modified
Sat, 06 Nov 2021 06:39:47 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.694917,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Sun, 06 Nov 2022 06:39:46 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/products/31YTB7KXCEL_small.jpeg>; rel="canonical"
x-cache-hits
1, 1
21puM8tM0cL_small.jpeg
cdn.shopify.com/s/files/1/1258/7491/products/
1 KB
2 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/products/21puM8tM0cL_small.jpeg?v=1461176007
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
12f63bb29363e0dd95f7258e419eab75bb717a689683c1f1c980aba23cff61ac
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
1514
x-xss-protection
1; mode=block
x-request-id
6c2a7191a103d15efccbeb4d47e24cbf
x-served-by
cache-lga21926-LGA, cache-yul12829-YUL
last-modified
Thu, 04 Nov 2021 09:52:31 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.694958,VS0,VE2
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 09:52:30 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/products/21puM8tM0cL_small.jpeg>; rel="canonical"
x-cache-hits
1, 1
footer-6-shipping.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
4 KB
4 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/footer-6-shipping.png?v=856916164454700406
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
1e375b90aa0ff390bb8e01ce28f22238f5c86de0c54f1d97b36317679215a103
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
header_generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
3628
x-xss-protection
1; mode=block
x-request-id
64db7f89e6e93c305797fdf730c0311f
x-served-by
cache-lga21935-LGA, cache-yul12829-YUL
last-modified
Tue, 23 Nov 2021 09:00:35 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.694972,VS0,VE2
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 09:00:35 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/footer-6-shipping.png>; rel="canonical"
x-cache-hits
1, 1
footer-6-payment.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
3 KB
3 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/footer-6-payment.png?v=14186654180442311331
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
245b1992d58bb7732fae3a38762d68b4a2c44b975228082a46a339ae223fe23a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
header_generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
2578
x-xss-protection
1; mode=block
x-request-id
8f1ccf40f2147558b13ba464836bbedb
x-served-by
cache-lga21954-LGA, cache-yul12829-YUL
last-modified
Thu, 04 Nov 2021 09:52:31 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695317,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 09:52:31 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/footer-6-payment.png>; rel="canonical"
x-cache-hits
1, 1
footer-6-logo.png
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
3 KB
3 KB
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/footer-6-logo.png?v=15513195865022962543
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
211af9761cd3bf4df824f1a9b1a5170650908c782d02f73ddfc57221d894f1d4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
header_generated
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
2662
x-xss-protection
1; mode=block
x-request-id
fcf0a0ab74846008693ab232c190b2d8
x-served-by
cache-lga21974-LGA, cache-yul12829-YUL
last-modified
Thu, 04 Nov 2021 11:20:46 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695282,VS0,VE2
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/webp
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 11:20:46 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/footer-6-logo.png>; rel="canonical"
x-cache-hits
1, 1
fastclick.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
8 KB
3 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/fastclick.min.js?v=4851315590105602228
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
5f6e8a7ba95ff5f883f5e3fefc184719f45a1ed6dfec028a734694f2246f5c00
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
2191
x-xss-protection
1; mode=block
x-request-id
4447577d14c92c0b6aa19a1c4173a1bc
x-served-by
cache-lga21969-LGA, cache-yul12829-YUL
last-modified
Mon, 16 Dec 2019 19:56:32 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.673956,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 10:03:51 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/fastclick.min.js>; rel="canonical"
x-cache-hits
1, 1
timber.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
8 KB
3 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/timber.js?v=13101353195487559715
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
83442f23cd2b3ec46114358b557a36fb369224f52d5ad9b5fb033f027aa46043
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
2459
x-xss-protection
1; mode=block
x-request-id
5d01d7ef8701f2d2cfbea0441f3f85af
x-served-by
cache-lga21974-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:45:20 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.676596,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 11:30:33 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/timber.js>; rel="canonical"
x-cache-hits
1, 1
bootstrap.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
36 KB
10 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bootstrap.min.js?v=13739510949898416090
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
a3dd9be3f239f7aa17fbee85435c6a5326971e3bc6d994dea16d479c1d748080
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
9203
x-xss-protection
1; mode=block
x-request-id
b7bbb619359086f3a0447c1d74ab0a364058e42ebc782fe4b18ecbbe3b1e9963
x-served-by
cache-lga21960-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:59:58 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.676794,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 14 Oct 2022 05:20:21 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bootstrap.min.js>; rel="canonical"
x-cache-hits
1, 1
typeahead.bundle.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
39 KB
11 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/typeahead.bundle.js?v=15236839003933281630
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
de0653541de96b651cd9f2179fb45d52422560ecff2a52566172b4da275b7793
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
11162
x-xss-protection
1; mode=block
x-request-id
a9df7683eeec3ba472e0a84cd69c97d5
x-served-by
cache-lga21956-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:46:46 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.676954,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 10:56:15 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/typeahead.bundle.js>; rel="canonical"
x-cache-hits
1, 1
jquery.fakecrop.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
3 KB
2 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fakecrop.js?v=10094933026786126442
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
e53dca3111b1336cffd918dbd56d41ec90fe05685e3f0863036f3973f4391a0d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
1011
x-xss-protection
1; mode=block
x-request-id
494062106e119e9a3cc79a2654acdc4d
x-served-by
cache-lga21925-LGA, cache-yul12829-YUL
last-modified
Mon, 16 Dec 2019 19:56:33 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.683970,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 12:16:00 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.fakecrop.js>; rel="canonical"
x-cache-hits
1, 1
callbacks.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
1 KB
844 B
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/callbacks.js?v=13094540780648305879
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
bdfdd1a4ef85bcdabfc21825832cc157ed0eece870692bc3fee69a9e5a97d46a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
524
x-xss-protection
1; mode=block
x-request-id
d6aac26592939085324c009e3efdb027
x-served-by
cache-lga21966-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:59:36 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.684005,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 06:53:58 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/callbacks.js>; rel="canonical"
x-cache-hits
1, 1
jquery-ias.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
6 KB
2 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery-ias.js?v=8229918673207537957
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
acefae6dc2e39d998b6360be788f2f856d094d179ce90843dcd3f6da3450115f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
1795
x-xss-protection
1; mode=block
x-request-id
bf56053501f4667a57090e6582b29bd1
x-served-by
cache-lga21958-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:13 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.684050,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 11:30:33 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery-ias.js>; rel="canonical"
x-cache-hits
1, 1
trigger.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
2 KB
964 B
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/trigger.js?v=16209555773358476781
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
b4f12f29925ade46c40ac66961ae40ea758da31851a6cd5ff346c3a37909e8c7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
662
x-xss-protection
1; mode=block
x-request-id
f289b9052b884aad87ce2c8e900aade4
x-served-by
cache-lga21979-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:15 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.684102,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 10 Nov 2022 12:27:57 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/trigger.js>; rel="canonical"
x-cache-hits
1, 1
spinner.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
4 KB
2 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/spinner.js?v=16956320993684403617
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
03d3dc01679028aacc8d5257992fabfda6773ff0880a0259f1666b509d088909
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
2080
x-xss-protection
1; mode=block
x-request-id
4e6d02427efbbdb55dff1f1accf6b233
x-served-by
cache-lga21959-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:46:00 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.684140,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 09:20:52 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/spinner.js>; rel="canonical"
x-cache-hits
1, 1
fakecrop.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
398 B
825 B
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/fakecrop.js?v=1359312657973655740
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
f11b7bc12475ee06547f27ba064c8985adb1ab7ad8650b49de7f3d0a4f46503e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
205
x-xss-protection
1; mode=block
x-request-id
72643a5870f601da20cea60330b6d320
x-served-by
cache-lga21972-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:59:14 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.684193,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 07:48:34 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/fakecrop.js>; rel="canonical"
x-cache-hits
1, 1
ajax.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
833 B
609 B
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ajax.js?v=18350205453729597014
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
07ad707152bdc4a5b2563321b0c5b49fe144ba11eb2f02d08c869740ecb13136
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
362
x-xss-protection
1; mode=block
x-request-id
60c3a383c44d5d64f293652236541d21
x-served-by
cache-lga13622-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:59:35 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.684230,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 12:07:43 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ajax.js>; rel="canonical"
x-cache-hits
1, 1
image.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
3 KB
1 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/image.js?v=4679231692544412797
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
346dcbd7c57fccd552686b1b8e02ca64215edb8efa7b8e6ce2ce4bde31403812
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
1144
x-xss-protection
1; mode=block
x-request-id
db735cd0f197fc5867bb315d50b4edda
x-served-by
cache-lga21966-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 07:00:01 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.690669,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 22:04:52 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/image.js>; rel="canonical"
x-cache-hits
1, 1
countdown.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
550 B
597 B
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/countdown.js?v=10975744542011170680
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
22cb0b052f391817811d2c75c58780d28b51723249a4d23211757a01dc64e49f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
292
x-xss-protection
1; mode=block
x-request-id
b63367bb31d2e8347d9877ddb567ccaf
x-served-by
cache-lga13626-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:15 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.690721,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 11:46:08 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/countdown.js>; rel="canonical"
x-cache-hits
1, 1
cart.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
2 KB
1 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/cart.js?v=739851446797349870
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
eabcd621d6b8bc1f12ae51c08e26244be0b7a0360b4c32e2db8271595a1254a5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
821
x-xss-protection
1; mode=block
x-request-id
c156fe441a3447bf4ef8f73f316d4591
x-served-by
cache-lga21972-LGA, cache-yul12829-YUL
last-modified
Mon, 16 Dec 2019 19:56:32 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.690753,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 10 Nov 2022 10:13:11 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/cart.js>; rel="canonical"
x-cache-hits
1, 1
api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f.js
cdn.shopify.com/shopifycloud/shopify/assets/themes_support/
6 KB
2 KB
Script
General
Full URL
https://cdn.shopify.com/shopifycloud/shopify/assets/themes_support/api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f.js
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
1583
x-xss-protection
1; mode=block
x-request-id
baeb7181ce4a8e17c629a3aa03f59df3
x-served-by
cache-lga13620-LGA, cache-yul12829-YUL
server
cache-yul12829-YUL
x-timer
S1637935668.690816,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/themes_support/api.jquery-e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f.js>; rel="canonical"
x-cache-hits
1, 436262
wishlist.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
1 KB
1 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/wishlist.js?v=18432795781182097157
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
e0f455d1d1498d51838797b63bfdd045e33d3c3a2350af4696c6f0bb7af4b163
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
441
x-xss-protection
1; mode=block
x-request-id
78a175392e8447c5363247503a198223
x-served-by
cache-lga21977-LGA, cache-yul12829-YUL
last-modified
Mon, 16 Dec 2019 19:56:34 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.690814,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 13:32:35 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/wishlist.js>; rel="canonical"
x-cache-hits
1, 1
compare.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
1 KB
975 B
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/compare.js?v=13508649120770554424
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
e0a2ca62a811279a19f1a26a7dcb809caab7490808bb66c0081a19354a3a3709
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
404
x-xss-protection
1; mode=block
x-request-id
698fc0047f5a667d7baa0790d3c92b27
x-served-by
cache-lga21945-LGA, cache-yul12829-YUL
last-modified
Mon, 16 Dec 2019 19:56:34 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.690851,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 23 Nov 2022 10:03:51 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/compare.js>; rel="canonical"
x-cache-hits
1, 1
filter.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
5 KB
2 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/filter.js?v=4560581715482007549
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
8db5bb73b9ddf20fd1b88b3587c7f631e11d3bc9784327f6b08f48b078d30d0d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
1382
x-xss-protection
1; mode=block
x-request-id
aae392c0badc0177422a0d0d92ee78e2
x-served-by
cache-lga21930-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:12 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.691044,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 10 Nov 2022 12:27:55 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/filter.js>; rel="canonical"
x-cache-hits
1, 1
scroll-home-page.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
729 B
707 B
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/scroll-home-page.js?v=5974368109683302598
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
9a9cb2ad25ffbdfe308987c344c5161213892665e8a6c2236fdf17086edf55a3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
399
x-xss-protection
1; mode=block
x-request-id
b68bb9e32566ff529e650cb1aeb34fdb
x-served-by
cache-lga21979-LGA, cache-yul12829-YUL
last-modified
Mon, 16 Dec 2019 19:56:32 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.691044,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 18:10:55 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/scroll-home-page.js>; rel="canonical"
x-cache-hits
1, 1
authorize.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
2 KB
873 B
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/authorize.js?v=9845956515385613575
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
5122cd7eda76e629024c860bb8645a4ea096443c1424fb69091fd5359d33291f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
570
x-xss-protection
1; mode=block
x-request-id
163051dcb13612b2c4a4f0045cdaf0a8
x-served-by
cache-lga21968-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:59:34 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.691113,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 11:20:46 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/authorize.js>; rel="canonical"
x-cache-hits
1, 1
app.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
324 B
450 B
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/app.js?v=7269919959552742872
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
ce4547c612c4efd5eecd7e16c47bdd6a33ed788aec261e771877c774b26b9d00
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
194
x-xss-protection
1; mode=block
x-request-id
1024769f4202e3410beb59f0e004347d
x-served-by
cache-lga21976-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:14 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.691705,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 11 Nov 2022 12:44:31 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/app.js>; rel="canonical"
x-cache-hits
1, 1
shopier.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
5 KB
3 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/shopier.js?v=1437114590246282879
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
80a8f706d27fa1291270113918a6669ce32d8d54e6253dd6168d2824e7d0064f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
2230
x-xss-protection
1; mode=block
x-request-id
2b89056a75e7e45f6e21dfb8901f8ea6
x-served-by
cache-lga13622-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:14 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.691474,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 08:13:31 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/shopier.js>; rel="canonical"
x-cache-hits
1, 1
toastr.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
5 KB
2 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/toastr.min.js?v=2051314057409125813
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
d8ae2cda39264b831ea5c4440e1df3be6944b2aeaf54fbfc41b6696e3624f0cf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
1685
x-xss-protection
1; mode=block
x-request-id
e25e70b0655ba9334506d24cce6a4531
x-served-by
cache-lga21960-LGA, cache-yul12829-YUL
last-modified
Mon, 16 Dec 2019 19:56:36 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.691398,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 09:52:29 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/toastr.min.js>; rel="canonical"
x-cache-hits
1, 1
snow-fall.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
869 B
723 B
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/snow-fall.js?v=4822747077956979953
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
c8da3d1ab690b842e502d50b685c069664cf07c2aeef312806974703689f3f9f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
435
x-xss-protection
1; mode=block
x-request-id
1935a4887c2f184f9c108e21f9682031
x-served-by
cache-lga13622-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:46:46 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.691397,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 12:00:52 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/snow-fall.js>; rel="canonical"
x-cache-hits
1, 1
handlebars.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
44 KB
13 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/handlebars.min.js?v=13774848309150936004
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
639e1ed2ff83f3363bfe02331ce9d804ea58b0c52b974e998ec9e7c9976e77ce
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
12639
x-xss-protection
1; mode=block
x-request-id
5f51b8ac8f2430fd0c8057d8193609fe
x-served-by
cache-lga21927-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:12 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.693103,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 11:46:08 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/handlebars.min.js>; rel="canonical"
x-cache-hits
1, 1
ajax-cart.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
8 KB
3 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ajax-cart.js?v=15983112782682249836
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
e3850d25d5596e92887ed401c10cc55856d087e9cc690013d8a96f2ae69c1d74
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
2383
x-xss-protection
1; mode=block
x-request-id
3c42936e939d9d8accd4e8959c1db1c9
x-served-by
cache-lga21928-LGA, cache-yul12829-YUL
last-modified
Mon, 16 Dec 2019 19:56:35 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.693157,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 10:11:48 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ajax-cart.js>; rel="canonical"
x-cache-hits
1, 1
jquery.countdown.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
3 KB
2 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.countdown.min.js?v=10057026977864178463
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
f90abe8ed675ad8dea42d36c57156f378ab98301a28e5913ded0dec3029cbb94
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
1310
x-xss-protection
1; mode=block
x-request-id
af54c73dba441b9df36d96519840c24c
x-served-by
cache-lga21951-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:13 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.693173,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 13:01:52 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.countdown.min.js>; rel="canonical"
x-cache-hits
1, 1
currencies.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
2 KB
1 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/currencies.js?v=6595593996013463708
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
640bb437573381031f580147a21b6d180f96592b310f0bbcf69eee7fbe3531b7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
1260
x-xss-protection
1; mode=block
x-request-id
bc7bbcd42753d91fec4ec1f3f427daf1
x-served-by
cache-lga21967-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:14 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.693209,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 24 Nov 2022 14:49:19 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/currencies.js>; rel="canonical"
x-cache-hits
1, 1
jquery.currencies.min.js
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
8 KB
2 KB
Script
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.currencies.min.js?v=8855014844445018519
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
a31a26eb998a31249f6c6fdb1dad3a537c8f68799b7ad67274052cf74db0c0e9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
1928
x-xss-protection
1; mode=block
x-request-id
fc52804425efa38f436fb8c74959afc6
x-served-by
cache-lga13624-LGA, cache-yul12829-YUL
last-modified
Thu, 12 Dec 2019 05:07:14 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.693279,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 10 Nov 2022 11:57:45 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.currencies.min.js>; rel="canonical"
x-cache-hits
1, 1
common.js
amaicdn.com/preorder2/
397 KB
122 KB
Script
General
Full URL
https://amaicdn.com/preorder2/common.js
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:cb7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab455f20c1b9c777b6451db93db8fccc3efbadf020e6520ff680cb14e921dd1b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:47 GMT
via
1.1 de0a592002999100a0085e087a370865.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6022
x-cache
Miss from cloudfront
content-encoding
br
last-modified
Tue, 16 Nov 2021 08:16:27 GMT
server
cloudflare
etag
W/"af720d6cbf506d353832efea853259d9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W0LnvLwZ7zALajepJsglYxTIrXtaCAc4Qc4yjaWR%2BSlRQgONjDA3pXuWF87JWVIYg3somJLVCDOnf7cFjpRhvKkhiISekU6PFIjN%2FYjzhu6e%2Bclk%2FOoUVnPxHTj%2B8DG6nqcu53XnnTxc"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
max-age=259200
x-amz-cf-pop
YUL62-C2
cf-ray
6b43af637e974bd0-YUL
x-amz-cf-id
E33MOAtZil9FOcur8Ja-wx1_CiuybVfdIccyNRFECFqPxrzJKv9RNA==
bold-upsell-custom.css
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
0
0
Stylesheet
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bold-upsell-custom.css?160
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js
cdn.shopify.com/s/
78 KB
17 KB
Script
General
Full URL
https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
cf09cf4fe3ac51fe7db563cbfbf53adb16d17d75d4288002358bc883012f5461
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
16398
x-xss-protection
1; mode=block
x-request-id
ec467023fafb180a59e3a9f4d531513d
x-served-by
cache-lga21953-LGA, cache-yul12829-YUL
last-modified
Fri, 19 Nov 2021 20:24:45 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.695210,VS0,VE0
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
expires
Sat, 19 Nov 2022 20:24:52 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js>; rel="canonical"
x-cache-hits
3, 1513904
shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
cdn.shopify.com/shopifycloud/shopify/assets/
8 KB
3 KB
Script
General
Full URL
https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
2598
x-xss-protection
1; mode=block
x-request-id
948c2dd1dc19ad385edfd7296a9ee230
x-served-by
cache-lga13621-LGA, cache-yul12829-YUL
server
cache-yul12829-YUL
x-timer
S1637935668.695209,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js>; rel="canonical"
x-cache-hits
1, 2588014
fontawesome-webfont.woff2
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
70 KB
71 KB
Font
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/fontawesome-webfont.woff2?v=4.5.0
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/font-awesome.min.css?v=1811080494831994179
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12820-YUL /
Resource Hash
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/font-awesome.min.css?v=1811080494831994179
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
71896
x-xss-protection
1; mode=block
x-request-id
2a60e99d887b0f232de4402d25b7a45d
x-served-by
cache-lga21981-LGA, cache-yul12820-YUL
last-modified
Mon, 16 Dec 2019 19:56:35 GMT
server
cache-yul12820-YUL
x-timer
S1637935668.751447,VS0,VE2
date
Fri, 26 Nov 2021 14:07:47 GMT
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
font/woff2
access-control-allow-origin
*
expires
Thu, 10 Nov 2022 11:47:48 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/fontawesome-webfont.woff2>; rel="canonical"
x-cache-hits
1, 1
nth-theshopier.woff
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
2 KB
2 KB
Font
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/nth-theshopier.woff?v=9308052721942006495
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/styles.scss.css?v=11028470776936670404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12820-YUL /
Resource Hash
c0c85a9d81bc8b49d7392cf859dbab86ceb479876b8caa74ac0ce91626bb2743
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/styles.scss.css?v=11028470776936670404
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
proxied_with_processing
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
2064
x-xss-protection
1; mode=block
x-request-id
14a64093ff1824534cd35a001eea2a8d
x-served-by
cache-lga21975-LGA, cache-yul12820-YUL
last-modified
Thu, 04 Nov 2021 09:52:28 GMT
server
cache-yul12820-YUL
x-timer
S1637935668.751458,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
font/woff2
access-control-allow-origin
*
expires
Fri, 04 Nov 2022 09:52:28 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/nth-theshopier.woff>; rel="canonical"
x-cache-hits
1, 1
ico-select.svg
cdn.shopify.com/s/files/1/1258/7491/t/16/assets/
534 B
871 B
Image
General
Full URL
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ico-select.svg?v=119411542836263156
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/styles.scss.css?v=11028470776936670404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
79be5893415ae1764252c67a9c20b0b5679f066426c9241d0437f6ee2cf75fbc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/styles.scss.css?v=11028470776936670404
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
288
x-xss-protection
1; mode=block
x-request-id
55881218aa13e102cc97610c7eee4a81
x-served-by
cache-lga21945-LGA, cache-yul12829-YUL
last-modified
Wed, 18 Dec 2019 06:59:57 GMT
server
cache-yul12829-YUL
x-timer
S1637935668.813453,VS0,VE1
date
Fri, 26 Nov 2021 14:07:47 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
image/svg+xml
access-control-allow-origin
*
expires
Fri, 18 Nov 2022 15:00:44 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/ico-select.svg>; rel="canonical"
x-cache-hits
1, 1
produce_batch
monorail-edge.shopifysvc.com/unstable/
0
483 B
Ping
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
116.230.138.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://store.mannheimsteamroller.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 26 Nov 2021 14:07:47 GMT
x-dc
gcp-us-east1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://store.mannheimsteamroller.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
55e2eba2-6ffd-43bb-a026-eb9d0718e067
css
fonts.googleapis.com/
9 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/webfont.js?v=4914639218279684479
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
19d31578c07647f1c2f442ff2018dc058bd6f53009730b72da9388412306c712
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 26 Nov 2021 13:03:59 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 26 Nov 2021 14:07:47 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 26 Nov 2021 14:07:47 GMT
moatframe.js
z.moatads.com/addthismoatframe568911941483/
2 KB
1 KB
Script
General
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.163.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-163-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:47 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
3BDAE1FAB05E52F4
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=44343
accept-ranges
bytes
content-length
948
x-amz-id-2
JQEtOEyiFCqCP1YLI1OIPGBGUg/WHgpDv22+z5rvn/G8szLTqEelRVwbxuu0H6mk2GphOf1hSec=
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 12:46:08 GMT
x-content-type-options
nosniff
age
4900
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7832
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:01:48 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 26 Nov 2022 12:46:08 GMT
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 11:36:42 GMT
x-content-type-options
nosniff
age
268266
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7900
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:02:01 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 23 Nov 2022 11:36:42 GMT
pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 14:01:50 GMT
x-content-type-options
nosniff
age
518758
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7848
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:01:23 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sun, 20 Nov 2022 14:01:50 GMT
pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 07:31:32 GMT
x-content-type-options
nosniff
age
542176
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7988
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:02:10 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sun, 20 Nov 2022 07:31:32 GMT
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 20 Nov 2021 07:27:38 GMT
x-content-type-options
nosniff
age
542410
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7776
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:01:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sun, 20 Nov 2022 07:27:38 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/
90 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Requested by
Host: amaicdn.com
URL: https://amaicdn.com/preorder2/common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 00:38:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
221336
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33018
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 24 Nov 2022 00:38:52 GMT
consent-tracking-api.js
cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/
4 KB
2 KB
Script
General
Full URL
https://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-a55261a7a987674749989983b5889eadaac6795d8d48548fb61470a96edb9524.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12820-YUL /
Resource Hash
895a9abb219fd2af30ad07d7ed904c321249fa5d6a7cf966e69586443ff2ebca
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://store.mannheimsteamroller.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-central1
x-cache
HIT, HIT
content-length
1475
x-xss-protection
1; mode=block
x-request-id
bf2763a832bb48f9becc3846dc871b22
x-served-by
cache-lga21931-LGA, cache-yul12820-YUL
server
cache-yul12820-YUL
x-timer
S1637935668.122247,VS0,VE0
date
Fri, 26 Nov 2021 14:07:48 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js>; rel="canonical"
x-cache-hits
54, 1694
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-557aa41515b86c38/
861 B
553 B
Script
General
Full URL
https://v1.addthisedge.com/live/boost/ra-557aa41515b86c38/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c8048752e2260e948686dd9f326fdc242e897b4cc8d5324cbaa05de22c75750f

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
content-encoding
gzip
etag
-1516040408--gzip
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
public, max-age=60, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
376
300lo.json
m.addthis.com/live/red_lojson/
128 B
1 KB
Script
General
Full URL
https://m.addthis.com/live/red_lojson/300lo.json?si=61a0ea33e5c2a983&bkl=0&bl=1&pdt=493&sid=61a0ea33e5c2a983&pub=ra-557aa41515b86c38&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=store.mannheimsteamroller.com&fp=products%2Fchristmas-symphony&fr=&of=0&pd=1&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1637935668204&jsl=262145&uvs=61a0ea330b2f55e5000&skipb=1&callback=addthis.cbs.jsonp__442639450770752060
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
073c5c6ca551be8da8125a3f19543c67283197f50f7097af96ed78fccc9459bc

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Nov 2021 14:07:48 GMT
cache-control
max-age=0, no-cache, no-store, no-transform
content-disposition
attachment; filename=1.txt
p3p
policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
content-length
128
content-type
application/javascript;charset=utf-8
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame B9FC
0
0

sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame A207
71 KB
26 KB
Document
General
Full URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/

Response headers

server
nginx/1.15.8
content-type
text/html
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
etag
W/"5f971164-11adc"
timing-allow-origin
*
cache-control
public, max-age=86313600
p3p
CP="NON ADM OUR DEV IND COM STA"
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
content-length
26421
x-check-cacheable
YES
date
Fri, 26 Nov 2021 14:07:48 GMT
vary
Accept-Encoding
x-host
s7.addthis.com
pxiGyp8kv8JHgFVrLPTucHtA.woff2
fonts.gstatic.com/s/poppins/v15/
7 KB
7 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiGyp8kv8JHgFVrLPTucHtA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d749eb62e331c970c314b8a5c15b28e6859ada77e6f12744146a1193c3fb25ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 06:16:32 GMT
x-content-type-options
nosniff
age
28276
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7520
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:01:15 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 26 Nov 2022 06:16:32 GMT
pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c696de4c3bffff1930d31a5f99fd1bd5fe660f2bdbc4f6601f5500f786fb692a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 11:32:51 GMT
x-content-type-options
nosniff
age
268497
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7872
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:01:14 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 23 Nov 2022 11:32:51 GMT
pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e28d860a51754d183f6f97432fd94046cd31afb7ce65c8ea179b0ff63b3d84fa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 11:38:42 GMT
x-content-type-options
nosniff
age
268146
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7844
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:02:45 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 23 Nov 2022 11:38:42 GMT
pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/
7 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,200,300,400,500,600,700,800,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de60204842daf5531d76ca6a7104d8def25ab425a0b32e8d7b42f610699abf9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 12:48:28 GMT
x-content-type-options
nosniff
age
4760
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7616
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 22:01:27 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 26 Nov 2022 12:48:28 GMT
1508196c812a7a4ace2b5caaf751b92d.js
amaicdn.com/preorder2/store/
7 KB
2 KB
Script
General
Full URL
https://amaicdn.com/preorder2/store/1508196c812a7a4ace2b5caaf751b92d.js?1591270671
Requested by
Host: amaicdn.com
URL: https://amaicdn.com/preorder2/common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:cb7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71a1f71060033a3d191d074ba674204b757e851e63c87ba2579c3c338cfe9a23

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
via
1.1 266cd0ca40a2604d8ba51f8173b83663.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1283
x-cache
Miss from cloudfront
content-encoding
br
last-modified
Tue, 10 Nov 2020 12:29:41 GMT
server
cloudflare
etag
W/"1bde4382f72affed836bcf422b5b9682"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1MQ2SCeREOb7OCz1m6te8q%2F0Yoom%2BXbdUeqgPGWpyZQGUuqbnPKEpQkz36l8AMPmagwQFnbEVlb5e1irUPXMC6qx67HR29mYsZU2qAuwZ%2BsDoFzSz%2Bd8AyGtKawwUsOlKdi3uu9wZyjj"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
max-age=259200
x-amz-cf-pop
YUL62-C2
cf-ray
6b43af66ca6e4bd0-YUL
x-amz-cf-id
VBb-sDOAgHACPR2zH68n91nXiD8Ngls0Haj5NgwHJ95_D1KwN-BoYA==
1508196c812a7a4ace2b5caaf751b92d.css
amaicdn.com/preorder2/store/
1 KB
706 B
Stylesheet
General
Full URL
https://amaicdn.com/preorder2/store/1508196c812a7a4ace2b5caaf751b92d.css?1591270671
Requested by
Host: amaicdn.com
URL: https://amaicdn.com/preorder2/common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:cb7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b727c48698c708c57542957cdd4d1c7c2f74ed9144006ac1d89ce529d1151a54

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
via
1.1 284604a136e5c9e34fb26b90f74b125e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1283
x-cache
Miss from cloudfront
content-encoding
br
last-modified
Tue, 10 Nov 2020 12:29:41 GMT
server
cloudflare
etag
W/"738234db3051e3b6cf0ee58938b01063"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0oy9rrfUk%2ByzrVLzWiBq3sx2hJWDXMDE8neKyjo3vY2cJ0JwmTE2vLcdV9v2mIExjKa1HjpkRtiF75WHfrCx871j6Z%2B3uYzdSkyPmzoS33bINYVINygM%2FH%2BVpw8Z9417cEt0NnWUPOk"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=259200
x-amz-cf-pop
YUL62-C2
cf-ray
6b43af66ca6f4bd0-YUL
x-amz-cf-id
_SmdJapiDui_gAoLAbDD_OE3Po7n7x681Ob_PzspDQ-GDazguSRmUQ==
common.css
amaicdn.com/preorder2/
14 KB
3 KB
Stylesheet
General
Full URL
https://amaicdn.com/preorder2/common.css
Requested by
Host: amaicdn.com
URL: https://amaicdn.com/preorder2/common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:cb7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d60c40d0f004b5f759ccb67857c8d9bc3f0fb6f74dea446dce2917beded7d61b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
via
1.1 fdced9a893123e4285bf6f674dce492d.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5986
x-cache
Miss from cloudfront
content-encoding
br
last-modified
Tue, 16 Nov 2021 08:16:27 GMT
server
cloudflare
etag
W/"9aa068a41aee96d34c96412798a13c9b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z5DdQqsozWJbabN8PP1xTMKGewq0PKTXK6g%2FZiubwXWhuQgwTzJ0ehKMNwHSyeXbzoAfdIH3zxh3TJYo9w3IbRQJP3ssqKkXw%2F9rGiEU0qVJKrD%2BLcW9H5h%2B8LlO1oo9xGNZjDRjIDHp"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=259200
x-amz-cf-pop
YUL62-C2
cf-ray
6b43af66da704bd0-YUL
x-amz-cf-id
xYnudRaYJDUda1zV-aysKT-HgE0OJcdbbFmAI5zpJggiPOnnmXT_3A==
spurit.global-2.x.min.js
amaicdn.com/all-apps/
325 KB
99 KB
Script
General
Full URL
https://amaicdn.com/all-apps/spurit.global-2.x.min.js
Requested by
Host: amaicdn.com
URL: https://amaicdn.com/preorder2/common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:cb7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b88de92c177074c266273089f091c29a305473c417d4f0155027495efd777c1

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
via
1.1 5632fe5930775cf7bdf993a5c3c6fa2e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1943
x-cache
Miss from cloudfront
content-encoding
br
last-modified
Thu, 27 May 2021 11:43:29 GMT
server
cloudflare
etag
W/"20168a2850f2673f670d47652ae405d6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3d3wtCEfVTbNyHtNZMwB8a6wR7AAyTWIIKZIW%2FyQ%2FlHN4tCeRpLCIrzTmR%2BlTVb%2FK%2FPsrXF%2Bpo%2Bqw8uawxa7cU0kkNIy4EEryLSLAoFngSwUc1Ty22SY3ErZpl0XguwTwppluUPT3gkW"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
max-age=259200
x-amz-cf-pop
YUL62-C2
cf-ray
6b43af66da714bd0-YUL
x-amz-cf-id
FyUGUIDxff8ziavAEQkxMWrG5Cf0pQctUeDuLUieaCb2xnd7nfPL-Q==
shopify-boomerang-1.0.0.min.js
cdn.shopify.com/shopifycloud/boomerang/
58 KB
17 KB
Script
General
Full URL
https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::268 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-yul12829-YUL /
Resource Hash
886430890562cc216ae31a8047f07542f8df8c11f9465f9b08a8dd2da529ac9a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":600,"failure_fraction":1.0,"success_fraction":0.0}
x-cdn
Fastly, http2
x-dc
gcp-us-east1
x-cache
HIT, HIT
content-length
17388
x-xss-protection
1; mode=block
x-request-id
b3ae10cedc8093f40a60dd92858b8e57
x-served-by
cache-lga21967-LGA, cache-yul12829-YUL
server
cache-yul12829-YUL
x-timer
S1637935668.371912,VS0,VE0
date
Fri, 26 Nov 2021 14:07:48 GMT
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifysvc.com/v1/reports/nel/20190325/imagery"}]}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=3600, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js>; rel="canonical"
x-cache-hits
1, 3122807
produce_batch
monorail-edge.shopifysvc.com/unstable/
0
482 B
Ping
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
116.230.138.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://store.mannheimsteamroller.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
x-dc
gcp-us-east1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://store.mannheimsteamroller.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
29c722e7-52a3-4f93-92ec-bbb72d9c5684
produce_batch
monorail-edge.shopifysvc.com/unstable/
0
482 B
Ping
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
116.230.138.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://store.mannheimsteamroller.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
x-dc
gcp-us-east1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://store.mannheimsteamroller.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
26c7e828-df74-44e4-923b-a61aedc8280d
produce_batch
monorail-edge.shopifysvc.com/unstable/
0
482 B
Ping
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
116.230.138.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://store.mannheimsteamroller.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
x-dc
gcp-us-east1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://store.mannheimsteamroller.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
1b300d47-b40f-47e1-9a4c-88c3ebaa5f7e
produce_batch
monorail-edge.shopifysvc.com/unstable/
0
482 B
Ping
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
116.230.138.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://store.mannheimsteamroller.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
x-dc
gcp-us-east1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://store.mannheimsteamroller.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
c67aef4a-40ba-417e-a5b2-89492b0a0bf9
produce_batch
monorail-edge.shopifysvc.com/unstable/
0
482 B
Ping
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
116.230.138.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://store.mannheimsteamroller.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
x-dc
gcp-us-east1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://store.mannheimsteamroller.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
4fa5dca5-df12-4845-b450-2f0813025fca
produce_batch
monorail-edge.shopifysvc.com/unstable/
0
482 B
Ping
General
Full URL
https://monorail-edge.shopifysvc.com/unstable/produce_batch
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/trekkie.storefront.75306309d086f5e1fa1611c602d3f899320a38b8.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
116.230.138.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://store.mannheimsteamroller.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
x-dc
gcp-us-east1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://store.mannheimsteamroller.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
0d35a4db-1b20-43e4-b464-3a058b200d9b
layers.fa6cd1947ce26e890d3d.js
s7.addthis.com/static/
263 KB
76 KB
Script
General
Full URL
https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
W/"5f971164-41cf5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86313600
date
Fri, 26 Nov 2021 14:07:48 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77651
getlocation
preordermanager.amai.com/
45 B
1019 B
XHR
General
Full URL
https://preordermanager.amai.com/getlocation?hash=0.5368223469451956
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.129.223.30 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-174-129-223-30.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
7becfb9e0a5ccbdcd505ea0205f20d569291586611dbdafb1d8ec4a302009a73

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 26 Nov 2021 14:07:48 GMT
cache-control
no-cache, private
server
nginx/1.18.0 (Ubuntu)
access-control-allow-headers
X-Requested-With, Content-Type, X-Token-Auth, Authorization
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
1.js
cdn.ywxi.net/js/
18 KB
5 KB
Script
General
Full URL
https://cdn.ywxi.net/js/1.js?shop=mannheimsteamroller.myshopify.com
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:210b:8000:14:6bfc:5740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
49003c970644945f5d917faa1ad44eb94547494d060c9d959132e8fe3db67205
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 13:33:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2081
content-security-policy-report-only
report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
x-cache
Hit from cloudfront
content-length
4523
via
1.1 a6cca18455d155ffa87e5da1963e8d88.cloudfront.net (CloudFront)
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
Q0bs0PtyFO396vRHKad6Gbio_2sxD7CJZBfcJCvCTQGxrSIVNlrU7w==
expires
Fri, 26 Nov 2021 14:33:07 GMT
generate_bundle.php
secure.apps.shappify.com/apps/bundle/
97 KB
34 KB
Script
General
Full URL
https://secure.apps.shappify.com/apps/bundle/generate_bundle.php?shop=mannheimsteamroller.myshopify.com
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fdb4ccca2ca3cf95703b46a299b7906c662f500ff6eb1b409c5dffc1072e979

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
via
1.1 google
cf-cache-status
HIT
age
1283
cf-polished
origSize=102099
p3p
CP="NON DSP LAW CUR ADM DEV TAI PSA PSD HIS OUR DEL IND UNI PUR COM NAV INT DEM CNT STA POL HEA PRE LOC IVD SAM IVA OTC"
cf-bgj
minify
content-encoding
gzip
last-modified
Fri, 26 Nov 2021 12:24:02 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
6b43af681be07156-YUL
expires
Fri, 26 Nov 2021 18:07:48 GMT
UpsellTracker.js
upsells.boldapps.net/v2_ui/js/
149 KB
36 KB
Script
General
Full URL
https://upsells.boldapps.net/v2_ui/js/UpsellTracker.js?shop=mannheimsteamroller.myshopify.com
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6c12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df870e6ec42abc29c776c7144bfceec6e31d4ba9dfdd3b94d49ae607209dbe82
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
age
80997
content-length
36795
last-modified
Fri, 12 Nov 2021 20:51:52 GMT
server
cloudflare
etag
"25328-5d09da0eeca00-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15724800; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=172800
accept-ranges
bytes
cf-ray
6b43af685ff2ecee-YUL
expires
Sun, 28 Nov 2021 14:07:48 GMT
upsell.js
upsells.boldapps.net/v2_ui/js/
307 KB
77 KB
Script
General
Full URL
https://upsells.boldapps.net/v2_ui/js/upsell.js?shop=mannheimsteamroller.myshopify.com
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6c12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e61b8d9fae3bf7e8dc6a117f45ea71454b348ce7ea966289ab63dd8072fff03
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 12 Nov 2021 20:51:52 GMT
server
cloudflare
age
80997
etag
"4ca81-5d09da0eeca00-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=172800
strict-transport-security
max-age=15724800; includeSubDomains
cf-ray
6b43af685ff4ecee-YUL
expires
Sun, 28 Nov 2021 14:07:48 GMT
733e96712da5deb75c462e38c.js
chimpstatic.com/mcjs-connected/js/users/9c5ee2d505dce6f872341394a/
50 B
849 B
Script
General
Full URL
https://chimpstatic.com/mcjs-connected/js/users/9c5ee2d505dce6f872341394a/733e96712da5deb75c462e38c.js?shop=mannheimsteamroller.myshopify.com
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.73.255.205 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-255-205.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency
52, 15, 19, 16, 18
Date
Fri, 26 Nov 2021 14:07:48 GMT
Last-Modified
Mon, 28 Jan 2019 17:44:12 GMT
Server
AmazonS3
x-amz-request-id
4J09F1D89GEA5B2X
X-EdgeConnect-MidMile-RTT
0, 0, 0, 0, 0
ETag
"104d46a3208b40e8ded389332f5a78a3"
Content-Type
application/javascript
Cache-Control
max-age=82
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
50
x-amz-id-2
qEOpoBJyPxWFbfHEd8W0W2HtksqlXoLBrjGslbInb7sL4Xr3uEOC5JoF4nunK0SY9B5d1/dDo+k=
Expires
Fri, 26 Nov 2021 14:09:10 GMT
bundles_install_check.js
bundles.boldapps.net/
122 B
593 B
Script
General
Full URL
https://bundles.boldapps.net/bundles_install_check.js?shop=mannheimsteamroller.myshopify.com
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6d12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48922662ded60ae654cf1bd95f3f85d65afa8121d93f155bc7c69cd3b9cb43c7

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Wed, 24 Nov 2021 21:22:31 GMT
server
cloudflare
age
80997
etag
"7a-5d18f74a433c0-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
content-encoding
gzip
cache-control
public, max-age=172800
cf-ray
6b43af687b1aca53-YUL
expires
Sun, 28 Nov 2021 14:07:48 GMT
sdk.js
widgetic.com/sdk/
49 KB
16 KB
Script
General
Full URL
https://widgetic.com/sdk/sdk.js?shop=mannheimsteamroller.myshopify.com
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:bb45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ef0cc1e828b27fd66ca9d77b1c5750ed658b428194d8ec696d7275ecf702b5d

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1283
x-cache
MISS
content-type
application/javascript
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Fri, 23 Apr 2021 08:36:21 GMT
server
cloudflare
etag
W/"60828705-c2fc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AHZX1NJj%2F83EIxfrQNFUUVU8gFEhxAQtyXMar%2FIled%2BcFXhWYKxeMX3mO1qdRllwSu8ghkE%2F%2BNuZGfPQaszi3UttauXoOLEbvkXlrH5kjcnDChD6dum%2BaX7Za0wE328qCpjVuHoeZ8e%2BGbM%3D"}],"group":"cf-nel","max_age":604800}
x-varnish
161906665
via
1.1 varnish-v4
cache-control
public, max-age=86400
cf-ray
6b43af687fd9714e-YUL
x-cache-hits
0
common.js
shopify-sales-timer.s3.amazonaws.com/prod/js/
31 KB
7 KB
Script
General
Full URL
https://shopify-sales-timer.s3.amazonaws.com/prod/js/common.js?shop=mannheimsteamroller.myshopify.com
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.21.115 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
d5f7497a0cc616f1966d0ff5d7aced455748eb6fe8da233c01b62e5cd0131111

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 14:07:49 GMT
Content-Encoding
gzip
Last-Modified
Thu, 28 Oct 2021 12:57:26 GMT
Server
AmazonS3
x-amz-request-id
ZE28QP1RB0BGAYRB
ETag
"efbc8b7aa424533fa443b25ce529f73a"
Content-Type
application/x-javascript
x-amz-storage-class
REDUCED_REDUNDANCY
Accept-Ranges
bytes
Content-Length
7135
x-amz-id-2
3hFMeI2NdZsh1riVvMAcASrjt0Q2XsQvvSKDYCB2R53vbeEa72RCoFy5uTBZQyBvxfWvMC7BrBM=
shares-post.json
api-public.addthis.com/url/serviceapi/
2 B
292 B
XHR
General
Full URL
https://api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://store.mannheimsteamroller.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
text/plain

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
surrogate-key
sFbt=https://store.mannheimsteamroller.com/products/christmas-symphony
last-modified
Fri, 26 Nov 2021 13:00:00 GMT
server
nginx/1.15.8
date
Fri, 26 Nov 2021 14:07:48 GMT
content-type
application/json
access-control-allow-origin
https://store.mannheimsteamroller.com
cache-control
no-transform, max-age=0, s-maxage=14400
access-control-allow-credentials
true
content-length
2
shares.json
api-public.addthis.com/url/
33 B
310 B
Script
General
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&callback=_ate.cbs.rcb_fgre0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
9c4ec2bc97a226122509a28e5eb7f54abbc1c60fc481176c213457a40336770a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
store.mannheimsteamroller.com/products/christmas-symphony
last-modified
Fri, 26 Nov 2021 14:07:48 GMT
server
nginx/1.15.8
date
Fri, 26 Nov 2021 14:07:48 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
53
shares.json
api-public.addthis.com/url/
33 B
310 B
Script
General
Full URL
https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&callback=_ate.cbs.rcb_e83k0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
7a95ccc2cc17ee4212a5dd9d50c4fddd8e1a6d5195a372913d2b6bda4b33148a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
store.mannheimsteamroller.com/products/christmas-symphony
last-modified
Fri, 26 Nov 2021 14:07:48 GMT
server
nginx/1.15.8
date
Fri, 26 Nov 2021 14:07:48 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
53
sdk.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
34424e961d1d8c2050efcce35b3f0bca2fc3bbbae8dcc7dacfcbf762b9f5ca2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
B6G1idM6QzSGu5WqXN6YtQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1686
x-fb-rlafr
0
x-fb-debug
P9j/08opUn+8b4RMHAQLgJlpYG2CE1zyRqmKqf09b1Tcaq1STg47lyNP9AXGQy/77Pb7VuXhe+PezpeFw393cQ==
x-fb-trip-id
1512268381
x-fb-content-md5
fa3edee8cafe111af8cd761289ff2184
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"c9d8a532b05a3e0e323699f97b879a1e"
timing-allow-origin
*
priority
u=3,i
expires
Fri, 26 Nov 2021 14:15:51 GMT
widgets.js
platform.twitter.com/
96 KB
29 KB
Script
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (cha/8092) /
Resource Hash
00a57617df99ac957720b7332f9d15449def3ebe11169d68f12c47a3cde5168d

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 14:07:48 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 Oct 2021 18:33:56 GMT
Server
ECS (cha/8092)
Age
857
Etag
"a709ab1b2c0d5d5e7c19895f6e1dcbfd+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
29104
pinit.js
assets.pinterest.com/js/
361 B
431 B
Script
General
Full URL
https://assets.pinterest.com/js/pinit.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:492::1931 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-encoding
br
x-cdn
akamai
etag
"62d32c28f14783b94192cd8d35bc010d"
vary
Accept-Encoding, Origin
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-max-age
86400
cache-control
max-age=299
accept-ranges
bytes
content-length
203
access-control-expose-headers
X-CDN
counter.d27508c102582d608697.js
s7.addthis.com/static/
24 KB
8 KB
Script
General
Full URL
https://s7.addthis.com/static/counter.d27508c102582d608697.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
e4f924eac92aa3cc4ea64f2891447e8bd3af49e1a5c0bcd04b7356e2f7f1c04c
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
W/"5f971164-5fd2"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86313600
date
Fri, 26 Nov 2021 14:07:48 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
8265
cart.json
store.mannheimsteamroller.com/
283 B
1 KB
XHR
General
Full URL
https://store.mannheimsteamroller.com/cart.json?1637935668601
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f604b43dc601775028505e3ccf95a6e44626f3b2cc41fbacdbcd87a31434f0ef
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
X-Requested-With
XMLHttpRequest
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-central1,gcp-us-central1,gcp-us-central1
x-shopify-stage
production
content-type
application/json; charset=utf-8
strict-transport-security
max-age=7889238
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
12587491
x-shardid
224
x-storefront-renderer-rendered
1
server
cloudflare
x-frame-options
DENY
content-language
en
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Accept
x-download-options
noopen
x-shopid
12587491
x-request-id
9c072b63-3f52-4b86-b188-d2d22f3b2a29
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
cf-ray
6b43af68ff637139-YUL
x-sorting-hat-podid
224
x-cartjs-updatedat
0
client.json
s3-us-west-2.amazonaws.com/mfesecure-public/host/store.mannheimsteamroller.com/
185 B
986 B
XHR
General
Full URL
https://s3-us-west-2.amazonaws.com/mfesecure-public/host/store.mannheimsteamroller.com/client.json?source=jsmain
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.92.160.232 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
453d0175b3e250ee15ac4af4f1d424ac87b80b1b9529189c07feb0db8ca8563e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 14:07:50 GMT
Content-Encoding
gzip
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id
RXAGQMMD3B7PCRY1
x-amz-replication-status
COMPLETED
Content-Length
161
x-amz-id-2
Z7E+319NBSZkc5Qp3zVohyrhNi9Wmkl3PVLR/dNqMPVH53zl+Icj6zR2N3c3DStAhkwdAzPq/UQ=
Last-Modified
Sat, 06 Nov 2021 00:03:09 GMT
Server
AmazonS3
ETag
"b14e522cf4725032cf59c44c8674b283"
Access-Control-Max-Age
60
Access-Control-Allow-Methods
GET, HEAD
x-amz-version-id
upa3AROUF2jbseoENOOXJ_59ntiI693A
Access-Control-Allow-Origin
https://store.mannheimsteamroller.com
Access-Control-Expose-Headers
Access-Control-Allow-Origin
Cache-Control
public, max-age=60
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Content-Type
application/json
client.json
s3-us-west-2.amazonaws.com/mfesecure-public/host/store.mannheimsteamroller.com/
185 B
986 B
XHR
General
Full URL
https://s3-us-west-2.amazonaws.com/mfesecure-public/host/store.mannheimsteamroller.com/client.json?source=jsinline
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.92.160.232 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
453d0175b3e250ee15ac4af4f1d424ac87b80b1b9529189c07feb0db8ca8563e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 14:07:50 GMT
Content-Encoding
gzip
Vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id
RXAYF7M5FTHZ86TC
x-amz-replication-status
COMPLETED
Content-Length
161
x-amz-id-2
1XTScDonBOm8N5gaikJJI8tetU5V7dNCFoH+RzykSjw+5QNKQ35IgZsk3pO0mRNINSkTccwm5qA=
Last-Modified
Sat, 06 Nov 2021 00:03:09 GMT
Server
AmazonS3
ETag
"b14e522cf4725032cf59c44c8674b283"
Access-Control-Max-Age
60
Access-Control-Allow-Methods
GET, HEAD
x-amz-version-id
upa3AROUF2jbseoENOOXJ_59ntiI693A
Access-Control-Allow-Origin
https://store.mannheimsteamroller.com
Access-Control-Expose-Headers
Access-Control-Allow-Origin
Cache-Control
public, max-age=60
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Content-Type
application/json
validate_product_offer
upsells.boldapps.net/v2/mannheimsteamroller.myshopify.com/
2 B
501 B
Fetch
General
Full URL
https://upsells.boldapps.net/v2/mannheimsteamroller.myshopify.com/validate_product_offer
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6c12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.29
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
application/json
Referer
https://store.mannheimsteamroller.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
PHP/7.3.29
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
strict-transport-security
max-age=15724800; includeSubDomains
cf-ray
6b43af699e8c4bbf-YUL
cart.json
store.mannheimsteamroller.com/
283 B
1 KB
Fetch
General
Full URL
https://store.mannheimsteamroller.com/cart.json?_tmp=1637935668695
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de2dee51f5c08806fcf82a5b776ed0f5706b872c9c1a2cf639c588e2951fe52d
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-central1,gcp-us-central1,gcp-us-central1
x-shopify-stage
production
content-type
application/json; charset=utf-8
strict-transport-security
max-age=7889238
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
12587491
x-shardid
224
x-storefront-renderer-rendered
1
server
cloudflare
x-frame-options
DENY
content-language
en
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Accept
x-download-options
noopen
x-shopid
12587491
x-request-id
a0229189-d205-4cab-8881-8d891fdecf28
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
cf-ray
6b43af696fdb7139-YUL
x-sorting-hat-podid
224
x-cartjs-updatedat
0
sdk.js
connect.facebook.net/en_US/
290 KB
82 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=fa840a025b2be941602a0e27144d307b
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f9bebc380403f032fb83a6c9c7b36a2740553a3e54f60f426bfa8a38ed4ae68b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://store.mannheimsteamroller.com/
Origin
https://store.mannheimsteamroller.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
NSM3J8ZzJ7WfbUsXGmwE5Q==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
84325
x-fb-rlafr
0
x-fb-debug
EScVAB1y9SrgEokH+DtN3pM+t2fMOJPZkDgguyHY3MBeEKMhjLMYkgQxQ+jq3n/va/5jwoyyFJg3HBR3Ksck/g==
x-fb-content-md5
511c4b3a3fa9c748ffcba233547732a9
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"9293f121fa2c39786983d34039ab5577"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 26 Nov 2022 12:48:35 GMT
shares.json
api-public.addthis.com/url/
85 B
352 B
Script
General
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&callback=_ate.cbs.sc_httpsstoremannheimsteamrollercomproductschristmassymphony0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.208.216.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ec8bdf6deb889cd67eb602bce3fbd54efa7b5ebb64d871e5f8e22f4c4d13b2d7
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
store.mannheimsteamroller.com/products/christmas-symphony
last-modified
Fri, 26 Nov 2021 13:27:40 GMT
server
nginx/1.15.8
date
Fri, 26 Nov 2021 14:07:48 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
95
common.css
shopify-sales-timer.s3.amazonaws.com/prod/css/
7 KB
2 KB
Stylesheet
General
Full URL
https://shopify-sales-timer.s3.amazonaws.com/prod/css/common.css
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.min.js?v=6506911499012750403
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.21.115 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
020256ed061fcedb32b553f0b41a378cf675aaa30cc4bff1b0b4ff10d966f743

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 14:07:49 GMT
Content-Encoding
gzip
Last-Modified
Thu, 28 Oct 2021 12:57:26 GMT
Server
AmazonS3
x-amz-request-id
ZE26G7NG1YKDEBSE
ETag
"eee30aabcc39c7fd080b67aa641119be"
Content-Type
text/css
x-amz-storage-class
REDUCED_REDUNDANCY
Accept-Ranges
bytes
Content-Length
1322
x-amz-id-2
8+sar/5DbrLo7WuArpPMP8DeyBxJ/t3T9fV8sAjLQyzUGjwonuPA0W9cwfE7CRAK+TdW8ksJXoc=
flipclock.css
shopify-sales-timer.s3.amazonaws.com/Libs/
9 KB
9 KB
Stylesheet
General
Full URL
https://shopify-sales-timer.s3.amazonaws.com/Libs/flipclock.css
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/jquery.min.js?v=6506911499012750403
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.21.115 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4a942df3840bf9906c7d776a6c9b89e80a1024dd62ca9384f74d99cbd6db32bc

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 14:07:49 GMT
Last-Modified
Thu, 04 Jun 2020 13:14:29 GMT
Server
AmazonS3
x-amz-request-id
ZE27VNFKK56DQE65
ETag
"304912902ea706e6e15bd2fcb4923db6"
Content-Type
text/css
Cache-Control
max-age=604800
Accept-Ranges
bytes
Content-Length
9299
x-amz-id-2
YCmwwxMytbc6k8nc6j1gdLa2GftSG8cLgP5FOLFy74NvsRKr/P6Bf+4Ix3V3e48yIJ+53zeW2W0=
moment.js
shopify-sales-timer.s3.amazonaws.com/Libs/
52 KB
52 KB
Script
General
Full URL
https://shopify-sales-timer.s3.amazonaws.com/Libs/moment.js
Requested by
Host: shopify-sales-timer.s3.amazonaws.com
URL: https://shopify-sales-timer.s3.amazonaws.com/prod/js/common.js?shop=mannheimsteamroller.myshopify.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.21.115 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
fae111500cc7ac97add95d1e3338f4b5d722991c712983632339b50c37fb3c59

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 14:07:49 GMT
Last-Modified
Thu, 04 Jun 2020 13:14:29 GMT
Server
AmazonS3
x-amz-request-id
ZE2EYHFGTWT0289F
ETag
"0b72c2145fc66024267cd6f298877485"
Content-Type
application/javascript
Cache-Control
max-age=604800
Accept-Ranges
bytes
Content-Length
53325
x-amz-id-2
DgwmBMZkBxU/fm5GLvjJy1ItiBxSc9nhUsEwurbiNm8qpA3WnyNzk/QHGlQGjFuh4iL0xn8kMao=
widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html
platform.twitter.com/widgets/ Frame 3E06
319 KB
103 KB
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=https%3A%2F%2Fstore.mannheimsteamroller.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (cha/81B9) /
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
743987
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Fri, 26 Nov 2021 14:07:48 GMT
Etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified
Mon, 18 Oct 2021 18:32:00 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (cha/81B9)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
105433
pinit_main.js
assets.pinterest.com/js/
66 KB
19 KB
Script
General
Full URL
https://assets.pinterest.com/js/pinit_main.js?0.8583704567580501
Requested by
Host: assets.pinterest.com
URL: https://assets.pinterest.com/js/pinit.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:492::1931 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
20f0315c97ff7007f2e7a94d659e094a7efc01b8306da53987538c1101489e0e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-encoding
br
x-cdn
akamai
etag
"3725764cf05d1a0938de73d398772331"
vary
Accept-Encoding, Origin
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-max-age
86400
cache-control
max-age=290
accept-ranges
bytes
content-length
18679
access-control-expose-headers
X-CDN
truncated
/
171 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0d2fd5a42a1849ad0d820611e243fd81fe81ee767716b639ff7e88c1e9f78bb6

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
937 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c69e528427c8218cb4bc5fe647db3366146403d53593a3f96482479a14eca234

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
validate_product_offer
upsells.boldapps.net/v2/mannheimsteamroller.myshopify.com/
2 B
282 B
Fetch
General
Full URL
https://upsells.boldapps.net/v2/mannheimsteamroller.myshopify.com/validate_product_offer
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6c12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.29
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
application/json
Referer
https://store.mannheimsteamroller.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 26 Nov 2021 14:07:48 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
PHP/7.3.29
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, private
strict-transport-security
max-age=15724800; includeSubDomains
cf-ray
6b43af6a4f6e4bbf-YUL
like.php
www.facebook.com/v2.6/plugins/ Frame CE69
48 KB
18 KB
Document
General
Full URL
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=fa840a025b2be941602a0e27144d307b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
24cdd7c0c4edc8f76a021e55ca359e036481c927530e6ab8373573fb5b4c721b
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/

Response headers

vary
Accept-Encoding
content-encoding
br
x-fb-rlafr
0
document-policy
force-load-at-top
cross-origin-opener-policy
unsafe-none
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version
v5.0
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
gWroHDpq/64bhkcEz/SVuiBNpBPUq8/3mDRiJyY2jA0LGRQhnRc8cAEWYQx+9pNc+Wq/CgIAoRRhHIt6juvkKw==
date
Fri, 26 Nov 2021 14:07:48 GMT
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
859adbfc48bb0b06c58fe109db4909585fbca5df398d49185fc0f486bad1ac96

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
moment-timezone-with-data-2010-2020.js
shopify-sales-timer.s3.amazonaws.com/Libs/
43 KB
43 KB
Script
General
Full URL
https://shopify-sales-timer.s3.amazonaws.com/Libs/moment-timezone-with-data-2010-2020.js
Requested by
Host: shopify-sales-timer.s3.amazonaws.com
URL: https://shopify-sales-timer.s3.amazonaws.com/prod/js/common.js?shop=mannheimsteamroller.myshopify.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.21.115 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
7904ee2f3a727716d388ece888b992ccfc8a03e5d78cf62a6e7e454ec30dffeb

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 14:07:49 GMT
Last-Modified
Thu, 04 Jun 2020 13:32:12 GMT
Server
AmazonS3
x-amz-request-id
ZE20QP4XHDR8EQCJ
ETag
"24faae3c38012dae201e12dfbc657b0c"
Content-Type
application/javascript
Cache-Control
max-age=604800
Accept-Ranges
bytes
Content-Length
43677
x-amz-id-2
kLfNJHbZklSSDOQEyMvAc7pr/8mYjqWWlSVeQ6Ms+xmKpnKssHLQLI8sZPn8ZnAhX2AqidJcc+o=
settings
syndication.twitter.com/ Frame 3E06
233 B
448 B
Fetch
General
Full URL
https://syndication.twitter.com/settings?session_id=edbceca118b143e50f48f4b4cc4f5991499488d9
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=https%3A%2F%2Fstore.mannheimsteamroller.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
2816082c025f64540b613fde3096d814ae21ac75279461ec1d6bcb5c07099fdd
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-response-time
8
date
Fri, 26 Nov 2021 14:07:48 GMT
content-encoding
gzip
last-modified
Fri, 26 Nov 2021 14:07:49 GMT
server
tsa_b
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
9fc81d44ec393f03da04e88bc1309e4d7249fce5c03ddf65faf0741ef15fb366
content-length
167
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
2IDBFq7o8af4IkUxeIUBWwUSCUYq8mKI9v3nQuvupxtHNmuJ3UZZEINdxdj8JbhE4UJk+RB/bzFMVApzDdAtdw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
a1MidBxLiUqU/C4gaqHTnvpUUVREJemZcW5xMqk364XStwop1Vz0CG1FX1w7sadJ6TcLXEchTc0y9li4dRr/RQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
1WJcPu2MGA0Gx60cTHElu7JnJLres7mxGJXlC0ibFzdv3lF8zoSKvsKFGm1VUPP3RYr3kzUGFCjmMtrC1SZOmQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
fSuhEDZpP7KGGL5uA3AtYPlqXAF4cEZbErnsa42tgnzdSGKBK3TmicLfP1qR46AY5Rk3yIN3SJYHTKG87GGXKQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
o1c1Zlfew9K3iBHlr+1jqFMyF/VDGu+WvTGDet+mwd13JlGsUrFK8TnzjEQS7g8l9/GTgcSb9ywjFk/2z32GRw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
SjS+1azav6GCAMSqzJvcC2mYJgDsYd4Wxe+P0eGSSoG6qXr8vIanEnRB5U89leAfVLUocSphsGEuD3XkbrGIVQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
YkX+T4/p4qkwVxcwcNqF8sG8Bpi8TR0lmxa/gjXb//zFA6dpgMg/K4ya/PNlkCUXbVEgrbygNmq1bU+YZ1gsVw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
37 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
UUk2Fdkl9KFXUbtS+JMWI1PjboyuLP3nGHCgYo4z+hQS2OxV0bCeYQiBjpCk1NIr/Rn1uKiigpWoPGjKFzaj6A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
hiKKw099G3pI2bg10/PXnJvrsaVG9Dns+IIiBsFo0zzMCjq8rA45GZWY6VgKTtY5avV8uWHcZoHdih7vUBR0nA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
cLYg17+8IzDWn0fS/iRwhYQFw5n7I090Eulp2sSUp5y4Kt8T8fC83VPeVJU1DfoxSm9pal2ogJztUYEva/bp0A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
p+vP8TGX6nyUSFzFrMs6AMTxFDTZBQW4wSfQdDiIyCHElEdPosbSQ2ZUUr9xy2PpoZeDxL2RZgb0YJC2N+CiUw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
T7siKkNJDh6ZiHghbMnpi9+hdYyiEW7l+a3l/gHHiiwGDLfZPEKOEICBa/LdMznsp1mUKUGLItTZ57YmBm9btA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
sZirHM9B1p2w9+59OkoYIv2zIdVb5lKGNfnOoSlKJ5GA+ogPxUzqsOkk4A26l0ToOUks6UI7LRg/D07VAauSrw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
YQxW5sF/26h0kEPsUhBLjo7/RSuOYx4UoFwYjAxUwi0tJvEd6jss3Uo7dlknO22t6ekh9uVU9SBv9FDYqzrEsg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
8fXaIpCUEH11stV+h3Fu3s+TuAZzSkwyAyDItOXcFYjbeXQwZHkBMUpyrOCZC+WnUUDjw/vz3LidMgdTEOF7+w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
21eRmu9MKXTq4ktRc96LL6dezT1jEYLdRQ/JTE70/+MhytnOUmUuth7SYG7nhl7w7DdvnWXlDmmDmsw0jZN1vQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
yV9Ptf2MjEIsjWINCdoR0sQKTmcPNSmYdjZs67lxfB424lgroDtn4ylycA3iZrE1MQkHQVgdM0Dm8rIqMxq84Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
m0Mljz6mJRjIRwhBTHI7lqqjLMLplMbCaWM+3JkTmc+XgLiQ6NQ6Jz/2Zo4zD2r40xJIKvhVLQD3RLBtJcpZRg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
uVm4fMsHU2yJrT9Z5L9o3BHDNKgqq5bxESauXvUaEW23mA2UX2awBuryi+1mZmvvr7EmjUsuw6bzrkjlRMBoAQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
I9TdZ65DukkpRsnws6mOoWOo+0ZmhcAbT8Op6UuhPzhzF4leSV0tjlx4iK69Bha3SAxf3/uTDaZLFrLJAV2RAg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame CE69
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: store.mannheimsteamroller.com
URL: https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
dNnyhPCkf8MygyQGVEv1tHlMjH1TUtKRZsaWGmFECkySW4YTXN3erjPPIlcngAPcpzedvkP5Ut5AnhGFlheKdw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
flipclock.js
shopify-sales-timer.s3.amazonaws.com/Libs/
54 KB
11 KB
Script
General
Full URL
https://shopify-sales-timer.s3.amazonaws.com/Libs/flipclock.js
Requested by
Host: shopify-sales-timer.s3.amazonaws.com
URL: https://shopify-sales-timer.s3.amazonaws.com/prod/js/common.js?shop=mannheimsteamroller.myshopify.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.21.115 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
582e5b6c7f1b60a0a278e9b8c5e57535d8a84a758fe654003b86de304e66b3f8

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 14:07:50 GMT
Content-Encoding
gzip
Last-Modified
Thu, 04 Jun 2020 13:14:29 GMT
Server
AmazonS3
x-amz-request-id
RXASCTS1XNAZFP0C
ETag
"7380df0b4731441bf4cb9205d2b2d2d9"
Content-Type
application/javascript
Cache-Control
604800
Accept-Ranges
bytes
Content-Length
11272
x-amz-id-2
cSl0uaRZr2omcLQFdi2R5cOk1nprhCBZt38yOQNW7v/DBQkWIwSmHC4IzeUI0bu9mhMBZpEcZc4=
OqOE21UvWe3.png
www.facebook.com/rsrc.php/v3/y5/r/ Frame CE69
400 B
451 B
Image
General
Full URL
https://www.facebook.com/rsrc.php/v3/y5/r/OqOE21UvWe3.png
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sun, 21 Nov 2021 07:33:39 GMT
x-content-type-options
nosniff
content-md5
uF0RL4E+h23ClLQmPOTTMw==
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
cross-origin-resource-policy
cross-origin
content-length
400
x-fb-rlafr
0
x-fb-debug
JwdpFPKpURcbP8sfwHSMFyClgP35pl+lca3FBsEcUDYSgCLq4PBM4Ml5GhLAH/nlaH2Gdahf+m5JOH72BGtQgw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Mon, 21 Nov 2022 07:33:39 GMT
RZAsbT6fr_E.js
www.facebook.com/rsrc.php/v3iEpO4/yn/l/en_US/ Frame CE69
518 KB
136 KB
XHR
General
Full URL
https://www.facebook.com/rsrc.php/v3iEpO4/yn/l/en_US/RZAsbT6fr_E.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ac0daa16fac429a0b169261c82facc3c224f278108b7683ec1cfa8484a7dd05b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 19 Nov 2021 22:58:26 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
C/ObLsWq0T2DQnYDmw8fig==
document-policy
force-load-at-top
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
content-length
138777
x-fb-rlafr
0
x-fb-debug
oK5V4Wl0Pk9xtsjHgAF/PDJuXiTL47snrQilvXl4zkzCjjKeXOLwtAqF2y06Atrj+cmRyKnZgxu7MR2UJ0Ffuw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sat, 19 Nov 2022 22:58:26 GMT
ba059cb90942b2ae03d3b7886895de8d.css
shopify-sales-timer.s3.amazonaws.com/prod/store/
864 B
1 KB
Stylesheet
General
Full URL
https://shopify-sales-timer.s3.amazonaws.com/prod/store/ba059cb90942b2ae03d3b7886895de8d.css?0.6438602023217543
Requested by
Host: shopify-sales-timer.s3.amazonaws.com
URL: https://shopify-sales-timer.s3.amazonaws.com/prod/js/common.js?shop=mannheimsteamroller.myshopify.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.21.115 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
0c8e286fa77c898fbc3d5958ea70329a60c14925a76a45e3c059e604622c7774

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 14:07:50 GMT
Last-Modified
Tue, 09 Jun 2020 10:12:14 GMT
Server
AmazonS3
x-amz-request-id
RXAPJ5R0FDQSAAKG
ETag
"33db8f0ff57c3b46118ca9aa4133c3aa"
Content-Type
text/css
x-amz-storage-class
REDUCED_REDUNDANCY
Accept-Ranges
bytes
Content-Length
864
x-amz-id-2
dhrQhqLgkcyY1r9/PFTE2+/o8HcJOmXgebkwudmxyM5FxT1fWOSfpR7Y0ZSAJem8rux83R8aKUg=
ajax
www.trustedsite.com/rpc/
6 B
946 B
Script
General
Full URL
https://www.trustedsite.com/rpc/ajax?do=tmjs-visit&host=store.mannheimsteamroller.com&rand=1637935669158
Requested by
Host: cdn.ywxi.net
URL: https://cdn.ywxi.net/js/1.js?shop=mannheimsteamroller.myshopify.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.70.206.88 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-70-206-88.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
a4aa9f775af34f63386d8b4d8a14fce2225c317c3f93cbafdeb5a8524eb542a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:49 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-security-policy-report-only
report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self'
content-length
26
x-content-type-options
nosniff
cavalry_endpoint.php
www.facebook.com/common/ Frame CE69
67 B
99 B
Image
General
Full URL
https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1637935669065&t_start=1637935669066&t_domcontent=1637935669072&t_layout=1637935669175&t_onload=1637935669175&t_paint=1637935669175&t_creport=1637935669175&t_tti=1637935669072&lid=7034880129113650685-0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.facebook.com/v2.6/plugins/like.php?action=like&app_id=172525162793917&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a2e1a9aa3dce4%26domain%3Dstore.mannheimsteamroller.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fstore.mannheimsteamroller.com%252Ff1e0e6ce6f625b4%26relation%3Dparent.parent&container_width=0&font=arial&height=25&href=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&layout=button_count&locale=en_US&sdk=joey&send=false&share=false&show_faces=false&width=90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
x-xss-protection
0
pragma
no-cache
x-fb-debug
XjMrrnIWlWnJtze1hWAjtqYBHebiB/P/6BeMwAkjG6LWjvMwzKjf+jR27aU/qbxSNY7Azd6YvbuRsPFVdBKQGg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 26 Nov 2021 14:07:49 GMT
strict-transport-security
max-age=15552000; preload
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
image/png
vary
Accept-Encoding
cache-control
private, no-store, no-cache, must-revalidate
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
button.0d6aa7fd095b2a9dd19cc66c7c2ed64b.js
platform.twitter.com/js/
7 KB
3 KB
Script
General
Full URL
https://platform.twitter.com/js/button.0d6aa7fd095b2a9dd19cc66c7c2ed64b.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (cha/8092) /
Resource Hash
186ef01aca1c73789f73c2f4388a26387e38e5fd8a05f4f1c3785709cec25f66

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 14:07:49 GMT
Content-Encoding
gzip
Last-Modified
Mon, 18 Oct 2021 18:31:51 GMT
Server
ECS (cha/8092)
Age
743988
Etag
"e8090d17c9828f5a217bebb39dd3e689+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
2294
ba059cb90942b2ae03d3b7886895de8d.js
shopify-sales-timer.s3.amazonaws.com/prod/store/
1010 B
974 B
Script
General
Full URL
https://shopify-sales-timer.s3.amazonaws.com/prod/store/ba059cb90942b2ae03d3b7886895de8d.js?0.3536298109103393
Requested by
Host: shopify-sales-timer.s3.amazonaws.com
URL: https://shopify-sales-timer.s3.amazonaws.com/prod/js/common.js?shop=mannheimsteamroller.myshopify.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.21.115 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
f9b028844cba5c51be4d554b91f048daf7c3943926add67b6be2d46c28207e90

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 14:07:50 GMT
Content-Encoding
gzip
Last-Modified
Tue, 09 Jun 2020 10:12:14 GMT
Server
AmazonS3
x-amz-request-id
RXAX6XBJMJXWE1SH
ETag
"bc9664c506ff86bbb18ae82dee36e92a"
Content-Type
application/javascript
x-amz-storage-class
REDUCED_REDUNDANCY
Accept-Ranges
bytes
Content-Length
540
x-amz-id-2
zG6fdkGhZW6bme5wVcLsRJ1ghESDKLEZYcxO4rtnpyfapMNEKRr/icAA9I7MZ6/FyZL/tqqFF+g=
tweet_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html
platform.twitter.com/widgets/ Frame CEEA
32 KB
12 KB
Document
General
Full URL
https://platform.twitter.com/widgets/tweet_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (cha/8092) /
Resource Hash
d94cce9ec0cffd5417657d26aa1741a7e3b2b0a5f4232a80d789c1a254c4e2ef

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
743988
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Fri, 26 Nov 2021 14:07:49 GMT
Etag
"89e8ce4106e3294685b0af818d97b80c+gzip"
Last-Modified
Mon, 18 Oct 2021 18:31:56 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (cha/8092)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
12235
jot
syndication.twitter.com/i/
43 B
356 B
Image
General
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22%23%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1637935669406%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22f001879%3A1634581029404%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
9
pragma
no-cache
last-modified
Fri, 26 Nov 2021 14:07:49 GMT
server
tsa_b
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
9fc81d44ec393f03da04e88bc1309e4d7249fce5c03ddf65faf0741ef15fb366
x-transaction
f1fb59b319c384c1
expires
Tue, 31 Mar 1981 05:00:00 GMT
/
log.pinterest.com/
0
333 B
Image
General
Full URL
https://log.pinterest.com/?type=pidget&guid=z3c4fcihNf3t&tv=2021110201&event=init&sub=www&button_count=1&follow_count=0&pin_count=0&profile_count=0&board_count=0&section_count=0&lang=en&nvl=en-US&via=https%3A%2F%2Fstore.mannheimsteamroller.com%2Fproducts%2Fchristmas-symphony&viaSrc=canonical
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.0.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://store.mannheimsteamroller.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:49 GMT
via
1.1 varnish
x-cache
MISS
x-envoy-upstream-service-time
1
x-cache-hits
0
content-length
0
x-served-by
cache-yul12820-YUL
pragma
no-cache
server
envoy
x-timer
S1637935670.915725,VS0,VE16
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-pinterest-rid
3278383787616967
accept-ranges
bytes
expires
Sat, 01 Jan 2000 00:00:00 GMT
produce
monorail-edge.shopifysvc.com/v1/
0
482 B
Ping
General
Full URL
https://monorail-edge.shopifysvc.com/v1/produce
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.230.116 North Charleston, United States, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),
Reverse DNS
116.230.138.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://store.mannheimsteamroller.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 26 Nov 2021 14:07:50 GMT
x-dc
gcp-us-east1
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://store.mannheimsteamroller.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
aa6c1662-1938-4a8e-92d0-65b0b30c18d3
cart.js
store.mannheimsteamroller.com/
283 B
1 KB
XHR
General
Full URL
https://store.mannheimsteamroller.com/cart.js?hash=0.2986838973755981
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6acd6e908d99d4d504c4524301ddd94befcde251afddf7d0d51a9cdd4aa734e4
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
X-Requested-With
xmlhttprequest
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-central1,gcp-us-central1,gcp-us-central1
x-shopify-stage
production
content-type
text/javascript; charset=utf-8
strict-transport-security
max-age=7889238
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
12587491
x-shardid
224
x-storefront-renderer-rendered
1
server
cloudflare
x-frame-options
DENY
content-language
en
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Accept
x-download-options
noopen
x-shopid
12587491
x-request-id
5d697ef0-b2fe-4f4e-895f-998d947d2a2a
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
cf-ray
6b43af802c2d7139-YUL
x-sorting-hat-podid
224
x-cartjs-updatedat
0
cart.js
store.mannheimsteamroller.com/
283 B
1 KB
XHR
General
Full URL
https://store.mannheimsteamroller.com/cart.js?hash=0.4072013330990276
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81fc3743c2f3e5c144dd0463a8c57f77140f4295b8f576cfa0ea5924240a16e5
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://store.mannheimsteamroller.com/products/christmas-symphony?utm_source=Mannheim+Steamroller+Fan+Club&utm_campaign=5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02&utm_medium=email&utm_term=0_c4d4a4658a-5b813a6dfb-12259225&mc_cid=5b813a6dfb&mc_eid=UNIQID
X-Requested-With
xmlhttprequest
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:07:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-dc
gcp-us-central1,gcp-us-central1,gcp-us-central1
x-shopify-stage
production
content-type
text/javascript; charset=utf-8
strict-transport-security
max-age=7889238
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
12587491
x-shardid
224
x-storefront-renderer-rendered
1
server
cloudflare
x-frame-options
DENY
content-language
en
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Accept
x-download-options
noopen
x-shopid
12587491
x-request-id
dd8f7e7d-ce9d-4330-b8b0-893875f83dd3
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
cf-ray
6b43af876c587139-YUL
x-sorting-hat-podid
224
x-cartjs-updatedat
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s7.addthis.com
URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

183 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery undefined| oldgs object| punchgs object| _gsScope undefined| oldgs_queue undefined| GreenSockGlobals undefined| _gsQueue object| WebFontConfig object| Shopify object| __st boolean| ShopifyPaypalV4VisibilityTracking object| BOLD object| meta string| attr object| ShopifyAnalytics object| trekkie function| fixMegaMenuOverflow object| jQuery1102040152659960091275 boolean| sliderActive undefined| slider function| createSlider function| createSlider2 function| zoomImage object| ShappifySaleEnds object| ShappifyToday object| Modernizr function| Sifter object| MicroPlugin function| Selectize function| dateFormat function| ShappCountdown object| el function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Isotope function| Masonry function| floatToString object| WebFont function| imagesLoaded function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto function| selectCallback function| FastClick function| replaceUrlParam object| timber function| SearchIndex function| Bloodhound function| IASCallbacks function| IASTriggerExtension function| IASSpinnerExtension function| FakeCrop function| Ajax function| ImageShopify function| CountDownShopify function| Cart function| attributeToString function| initWishlistSaveProductId function| initWishlistChecked function| initCompareSaveProductId function| initCompareChecked function| Filter function| InfiniteScroll function| Authorize function| App function| ntRemoveFromText function| initMobile function| is_mobile object| toastr object| images_size object| Handlebars object| ajaxCart object| ShopifyAPI object| Currency string| shopCurrency string| cookieCurrency object| currencySwitcher function| original_selectCallback boolean| isiDevice undefined| current object| Spurit function| setImmediate function| clearImmediate object| regeneratorRuntime function| _ object| SCTParams object| collectionsArr object| collectionsObj object| core string| property object| addToCartVariant object| addthis_share object| addthis_config string| lensHeight number| lensWidth boolean| __@@##MUH object| _visit object| BOOMR object| _atw string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks number| BOOMR_onload string| passthrough function| __orig__fbAsyncInit function| fbAsyncInit string| bdl_app_url function| shappify_pb_main function| shapp_disable_checkout function| shapp_enable_checkout function| shappify_pb_got_cart function| shappify_pb_got_suggestions function| bundles_refresh_shop_cart function| refresh_window boolean| isWaiting object| requestQueue function| runRequest function| addRequest function| nextRequest function| hideBoldLoader function| showBoldLoader function| triggerCartProcessing function| triggerCartProcessed function| updateBundleGetCart function| updateBundleGotCart function| getAjaxCartCallback function| set_jquery function| bundlejQuery boolean| hasCartLoaderFF number| tmp object| Widgetic function| widgeticReceiver object| Blogvio object| upsellTracker object| TrustedSite number| TrustedSite_done object| TrustedSiteInline object| $mcSite object| FB number| PIN_18957 object| __twttrll object| twttr object| __twttr object| oattr object| PIN_1637935668875 string| value object| key object| PinUtils function| moment number| visuallyReady function| Base function| FlipClock object| SCT_config function| mobilecheck

26 Cookies

Domain/Path Name / Value
store.mannheimsteamroller.com/ Name: secure_customer_sig
Value:
store.mannheimsteamroller.com/ Name: dynamic_checkout_shown_on_cart
Value: 1
.mannheimsteamroller.com/ Name: _orig_referrer
Value:
.mannheimsteamroller.com/ Name: _landing_page
Value: %2Fproducts%2Fchristmas-symphony%3Futm_source%3DMannheim%2BSteamroller%2BFan%2BClub%26utm_campaign%3D5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02%26utm_medium%3Demail%26utm_term%3D0_c4d4a4658a-5b813a6dfb-12259225%26mc_cid%3D5b813a6dfb%26mc_eid%3DUNIQID
.mannheimsteamroller.com/ Name: _y
Value: c8a4494a-b9b3-4a21-ad4f-32d9950a35ac
.mannheimsteamroller.com/ Name: _s
Value: 28255373-cc18-4f04-8128-1930980abe0c
.mannheimsteamroller.com/ Name: _shopify_y
Value: c8a4494a-b9b3-4a21-ad4f-32d9950a35ac
.mannheimsteamroller.com/ Name: _shopify_s
Value: 28255373-cc18-4f04-8128-1930980abe0c
.shappify.com/ Name: __cf_bm
Value: ZS6inJW75tc_S5NseQxBQUy2JVSDtNWRYGC_2vZcjpc-1637935667-0-AfYLgGz4uYE3zNpZ4EI7L4dJhaWvuaA3dtVJ2BPtDNsOmFkwE0tgYF76hnLt+bVcmj2YUxNJnE3i8A5b+7PiFzE=
.store.mannheimsteamroller.com/ Name: currency
Value: USD
store.mannheimsteamroller.com/ Name: __atuvc
Value: 1%7C47
store.mannheimsteamroller.com/ Name: __atuvs
Value: 61a0ea330b2f55e5000
.addthis.com/ Name: ouid
Value: 61a0ea34000114d678459f444bbad548139f09bf2ab0f9c7d944
.addthis.com/ Name: di2
Value: aU~ps#%!k#$M`#!AgP2TOFjODhOC_OB|OByIPv7LW6Lj6Hq01U#7Hp#7Ab#7&u#3>T#1:R#19w#*+X#&<}
.addthis.com/ Name: bt2
Value: 61a0ea34001Bs0002
.addthis.com/ Name: um
Value: j.'2021112614074829600983585942'
.addthis.com/ Name: uid
Value: 61a0ea3464367a2c
.addthis.com/ Name: na_id
Value: 2021112614074829600983585942
.addthis.com/ Name: vc
Value: 2
.addthis.com/ Name: uvc
Value: 1%7C47
.mannheimsteamroller.com/ Name: _shopify_sa_t
Value: 2021-11-26T14%3A07%3A48.361Z
.mannheimsteamroller.com/ Name: _shopify_sa_p
Value: utm_source%3DMannheim%2520Steamroller%2520Fan%2520Club%26utm_medium%3Demail%26utm_campaign%3D5b813a6dfb-EMAIL_CAMPAIGN_2017_11_22_COPY_02%26utm_term%3D0_c4d4a4658a-5b813a6dfb-12259225
.addthis.com/ Name: loc
Value: MDAwMDBOQUNBT04yMjUzMTA0MzUwNTAwMDBDSA==
.boldapps.net/ Name: __cf_bm
Value: 3yngfIunEqg7NzamHQm0MZsIbOR7l_Grxr57yL1OlMA-1637935668-0-AUubnM0TXFMAHO/xxJzTpqODRoesiysp+5qUH0eza66P0xn9ZeOIwDlVJWpfUXEm2iI+TRXj39sql1/ErVAGR2E=
store.mannheimsteamroller.com/ Name: trustedsite_visit
Value: 1
www.trustedsite.com/ Name: AWSALBCORS
Value: mtTQCyECc5v1h0OeGAxjvHYHNC5slcVW+8xbWex5cjhcXt8LdwyHtnNcwXB/LW/kyKSmU8uy3ZbaMZBZc0wZwBtwL0IHnU0V2tvlTcmklBomxaJ3RTXkMprg7cpn

206 Console Messages

Source Level URL
Text
network error URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bold-upsell-custom.css?160
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://cdn.shopify.com/s/files/1/1258/7491/t/16/assets/bold-upsell-custom.css?160
Message:
Failed to load resource: the server responded with a status of 404 ()
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
amaicdn.com
api-public.addthis.com
assets.pinterest.com
bundles.boldapps.net
cdn.shopify.com
cdn.ywxi.net
chimpstatic.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
log.pinterest.com
m.addthis.com
monorail-edge.shopifysvc.com
platform.twitter.com
preordermanager.amai.com
s3-us-west-2.amazonaws.com
s7.addthis.com
secure.apps.shappify.com
shopify-sales-timer.s3.amazonaws.com
store.mannheimsteamroller.com
syndication.twitter.com
upsells.boldapps.net
v1.addthisedge.com
widgetic.com
www.facebook.com
www.trustedsite.com
z.moatads.com
s7.addthis.com
104.244.42.200
151.101.0.84
174.129.223.30
23.208.216.126
23.227.38.74
23.52.163.40
23.73.255.205
2600:1400:d:492::1931
2600:9000:210b:8000:14:6bfc:5740:93a1
2606:2800:220:131d:1d30:1f1d:238b:1e56
2606:4700:20::681a:cb7
2606:4700:3035::ac43:bb45
2606:4700::6810:6c12
2606:4700::6810:6d12
2606:4700::6811:572a
2607:f8b0:4006:80f::200a
2607:f8b0:4006:81e::2003
2607:f8b0:4006:823::200a
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
2a04:4e42:400::268
34.138.230.116
52.216.21.115
52.92.160.232
54.70.206.88
00a57617df99ac957720b7332f9d15449def3ebe11169d68f12c47a3cde5168d
020256ed061fcedb32b553f0b41a378cf675aaa30cc4bff1b0b4ff10d966f743
03d3dc01679028aacc8d5257992fabfda6773ff0880a0259f1666b509d088909
045e3e9d809f7ce8ebdffa7435f306fab3903c8e41919bf3d08ba974f899046e
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
069ca9398bb61f9d15df2bec10710fe7dd79f8dca34a6a9a26c42242e7ad777e
073c5c6ca551be8da8125a3f19543c67283197f50f7097af96ed78fccc9459bc
07ad707152bdc4a5b2563321b0c5b49fe144ba11eb2f02d08c869740ecb13136
0c8e286fa77c898fbc3d5958ea70329a60c14925a76a45e3c059e604622c7774
0d2fd5a42a1849ad0d820611e243fd81fe81ee767716b639ff7e88c1e9f78bb6
0e0a57061bb49265b9625aca8f3111ef3943dea05031a4c4be09b0ea9f07572e
0ef263550319255637345422d4d0d659c4e916d85c9ddba1457cdac1e1b7ded6
11bbdd8d16ffe55a66d680af15154b0abf1f04fedf348cc8a1888b1b3dacb615
12f63bb29363e0dd95f7258e419eab75bb717a689683c1f1c980aba23cff61ac
186ef01aca1c73789f73c2f4388a26387e38e5fd8a05f4f1c3785709cec25f66
19d31578c07647f1c2f442ff2018dc058bd6f53009730b72da9388412306c712
1b88de92c177074c266273089f091c29a305473c417d4f0155027495efd777c1
1e375b90aa0ff390bb8e01ce28f22238f5c86de0c54f1d97b36317679215a103
20f0315c97ff7007f2e7a94d659e094a7efc01b8306da53987538c1101489e0e
211af9761cd3bf4df824f1a9b1a5170650908c782d02f73ddfc57221d894f1d4
22cb0b052f391817811d2c75c58780d28b51723249a4d23211757a01dc64e49f
245b1992d58bb7732fae3a38762d68b4a2c44b975228082a46a339ae223fe23a
24cdd7c0c4edc8f76a021e55ca359e036481c927530e6ab8373573fb5b4c721b
2816082c025f64540b613fde3096d814ae21ac75279461ec1d6bcb5c07099fdd
282f7f82642d0ee4a80ae0266a38882ab759a95ae8f4d65a5faee70bf827f7d1
2ef0cc1e828b27fd66ca9d77b1c5750ed658b428194d8ec696d7275ecf702b5d
30de098fc5522f2f79107897afcd6d00062cecce3101a40cb671ecc73c674422
321fffd9d643ce3d0b4170a99043586def55a56525374344feb754613a1831cc
34424e961d1d8c2050efcce35b3f0bca2fc3bbbae8dcc7dacfcbf762b9f5ca2a
346dcbd7c57fccd552686b1b8e02ca64215edb8efa7b8e6ce2ce4bde31403812
3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded
39b67047f62bfeb05b02e88df6cf72e2a71b5f4c6e6fde7e93c3ff365f30a63a
3c40cd169ced8d7ee501d4440e5229be5746aa4efdf4134da2762b29ea6ce96e
3e61b8d9fae3bf7e8dc6a117f45ea71454b348ce7ea966289ab63dd8072fff03
3faadebc89cdb21d11634a032816f152462d1cb8903eb21d0642501fcad065de
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4441d3fe3ba01c627ae4992a13ea07f70ad6b12378a40153db6fb6f8ad264066
453d0175b3e250ee15ac4af4f1d424ac87b80b1b9529189c07feb0db8ca8563e
48922662ded60ae654cf1bd95f3f85d65afa8121d93f155bc7c69cd3b9cb43c7
49003c970644945f5d917faa1ad44eb94547494d060c9d959132e8fe3db67205
4a942df3840bf9906c7d776a6c9b89e80a1024dd62ca9384f74d99cbd6db32bc
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4ffbb565d1944814db3519fce9d0d320c0741acc97fea796a5612b664d78366a
5122cd7eda76e629024c860bb8645a4ea096443c1424fb69091fd5359d33291f
565deac0c7edc7850a7762c24c560f0a9670aa5c52a728e9dbb43d5a7887c1d4
582e5b6c7f1b60a0a278e9b8c5e57535d8a84a758fe654003b86de304e66b3f8
5b6725689f9ca035bdd1f325690447c2cab1e9a27c39b3a3a6d702ab888236ac
5b8f8e24f2eabbda7290548383723a6329e14b886392f8f8ece080f6efe6878c
5f6e8a7ba95ff5f883f5e3fefc184719f45a1ed6dfec028a734694f2246f5c00
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
61f32a3c3336f0e0abedd74a5e21c4e6c30a7f6521c176c8c13fd9f387bfe167
6305b967d0267049439f5e037aa34218bce088cee2b6a715624065b351564fb1
639e1ed2ff83f3363bfe02331ce9d804ea58b0c52b974e998ec9e7c9976e77ce
640bb437573381031f580147a21b6d180f96592b310f0bbcf69eee7fbe3531b7
6522b65d1633ebd28856a3bbbb142027f7c6975e9a0de1b6a2479873b1e22d09
660aabb95e73c8818f3582b446067c6e35770cd46c49346374bf41155150c80e
6acd6e908d99d4d504c4524301ddd94befcde251afddf7d0d51a9cdd4aa734e4
71a1f71060033a3d191d074ba674204b757e851e63c87ba2579c3c338cfe9a23
73ea81488e436dcf501f872075efdd2aa3cebf6e334cb43467d14f28377b5804
7904ee2f3a727716d388ece888b992ccfc8a03e5d78cf62a6e7e454ec30dffeb
79b2c64048bd2c64b4c23bfb4ef8a4f97e4d539d0b792dfb1fc88f4bd925a26d
79be5893415ae1764252c67a9c20b0b5679f066426c9241d0437f6ee2cf75fbc
7a95ccc2cc17ee4212a5dd9d50c4fddd8e1a6d5195a372913d2b6bda4b33148a
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7becfb9e0a5ccbdcd505ea0205f20d569291586611dbdafb1d8ec4a302009a73
7d4369c5607bd53ec7d655fc80088960189b2f2f67e950cf265ea793d2d8eb6a
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7eb4509b0d4771082ac20521c1f2c79bf575a7d9d1b8b94c65654f090057975a
80a8f706d27fa1291270113918a6669ce32d8d54e6253dd6168d2824e7d0064f
81a19ccba74def3ced0f2656d08c4d116133adfa649effcafd03bfd1eee6c95d
81fc3743c2f3e5c144dd0463a8c57f77140f4295b8f576cfa0ea5924240a16e5
829963fc8364800c2f61ece45acfd5cb8111657235b70a841e5b63553d8cdcf6
83442f23cd2b3ec46114358b557a36fb369224f52d5ad9b5fb033f027aa46043
846851aa1249c0de2c577f36df89218d572683e4d96da0351077443a2706a75c
859adbfc48bb0b06c58fe109db4909585fbca5df398d49185fc0f486bad1ac96
863301c839a9097d15e72a059159ac280951ce48f332b9df6850c8474393a3d3
87e8399988880142f2c62771b9d8f2ff6c290b3ff745dd426eb0dfe0db9d1dae
886430890562cc216ae31a8047f07542f8df8c11f9465f9b08a8dd2da529ac9a
895a9abb219fd2af30ad07d7ed904c321249fa5d6a7cf966e69586443ff2ebca
8db5bb73b9ddf20fd1b88b3587c7f631e11d3bc9784327f6b08f48b078d30d0d
8e38d68218c650828bb81e12aa21878ae81e9ce0ba84532e46c088acbaabf6f5
8f9866e833ce88be6659d2d4c65850c504d68d36020217e3b396d9301cb76b68
911efb4e1383c28ad12d7f925d686dcd29d99421f2ca466ee63a867a138f5560
97d6537ea25fd895abfbfbfaa9ba8f60afa81742eda89a88b3a09766327a1e16
9813b0fcd11d038e3e01e1a2b22d3c8adb0e60e4bcd39b1bbe59a6485939dbc1
99f2266fa780b44460d6b43e7907280e7ce5b5c131baaadf4c754e4a01940050
9a9cb2ad25ffbdfe308987c344c5161213892665e8a6c2236fdf17086edf55a3
9bece345f853bede1479269d88030c4ac724b6360a6143be3b6b2a1e9d6f57a0
9c4ec2bc97a226122509a28e5eb7f54abbc1c60fc481176c213457a40336770a
9fdb4ccca2ca3cf95703b46a299b7906c662f500ff6eb1b409c5dffc1072e979
a2426f1111a7c61667d668e9012e3eab58f4e784fe70fe16293dc43b634f812a
a31a26eb998a31249f6c6fdb1dad3a537c8f68799b7ad67274052cf74db0c0e9
a3dd9be3f239f7aa17fbee85435c6a5326971e3bc6d994dea16d479c1d748080
a4aa9f775af34f63386d8b4d8a14fce2225c317c3f93cbafdeb5a8524eb542a1
a55261a7a987674749989983b5889eadaac6795d8d48548fb61470a96edb9524
a6d23ff530abf8a1f29d0153f8ddfb9bcd92638d0bb7894a87b100b8146d970b
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab455f20c1b9c777b6451db93db8fccc3efbadf020e6520ff680cb14e921dd1b
ac0daa16fac429a0b169261c82facc3c224f278108b7683ec1cfa8484a7dd05b
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
acefae6dc2e39d998b6360be788f2f856d094d179ce90843dcd3f6da3450115f
aeeea5052852429293bb9cabb7617dcae1e5a616851d41ec713ee5c2e1b3ae55
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
b49af5d8fb7348cd3bf23ae73743db7898911256ad9d2377678821186aba8ec3
b4f12f29925ade46c40ac66961ae40ea758da31851a6cd5ff346c3a37909e8c7
b727c48698c708c57542957cdd4d1c7c2f74ed9144006ac1d89ce529d1151a54
b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b
bddbba35635904eca1d7f9edc74bdbcba04ec0f5a16286fdbd8f78fb0f7e0c6f
bdfdd1a4ef85bcdabfc21825832cc157ed0eece870692bc3fee69a9e5a97d46a
bfc193cbebe23fedd2cbb97458b22ad84fc6335ded6b80b09f702735cc0476e7
bff42b43d858853bf4333fb583660bad4a4132bc073a35771188da5f78fdb09b
c0c85a9d81bc8b49d7392cf859dbab86ceb479876b8caa74ac0ce91626bb2743
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c696de4c3bffff1930d31a5f99fd1bd5fe660f2bdbc4f6601f5500f786fb692a
c69e528427c8218cb4bc5fe647db3366146403d53593a3f96482479a14eca234
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c8048752e2260e948686dd9f326fdc242e897b4cc8d5324cbaa05de22c75750f
c8da3d1ab690b842e502d50b685c069664cf07c2aeef312806974703689f3f9f
ce4547c612c4efd5eecd7e16c47bdd6a33ed788aec261e771877c774b26b9d00
cf09cf4fe3ac51fe7db563cbfbf53adb16d17d75d4288002358bc883012f5461
d1e9fd89f7772e932d857e64ae9ff086810e3e8394d3720470756c2de69fea91
d5f7497a0cc616f1966d0ff5d7aced455748eb6fe8da233c01b62e5cd0131111
d60c40d0f004b5f759ccb67857c8d9bc3f0fb6f74dea446dce2917beded7d61b
d749eb62e331c970c314b8a5c15b28e6859ada77e6f12744146a1193c3fb25ce
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
d8ae2cda39264b831ea5c4440e1df3be6944b2aeaf54fbfc41b6696e3624f0cf
d94cce9ec0cffd5417657d26aa1741a7e3b2b0a5f4232a80d789c1a254c4e2ef
de0653541de96b651cd9f2179fb45d52422560ecff2a52566172b4da275b7793
de2dee51f5c08806fcf82a5b776ed0f5706b872c9c1a2cf639c588e2951fe52d
de60204842daf5531d76ca6a7104d8def25ab425a0b32e8d7b42f610699abf9e
df870e6ec42abc29c776c7144bfceec6e31d4ba9dfdd3b94d49ae607209dbe82
e0a2ca62a811279a19f1a26a7dcb809caab7490808bb66c0081a19354a3a3709
e0f455d1d1498d51838797b63bfdd045e33d3c3a2350af4696c6f0bb7af4b163
e28d860a51754d183f6f97432fd94046cd31afb7ce65c8ea179b0ff63b3d84fa
e3850d25d5596e92887ed401c10cc55856d087e9cc690013d8a96f2ae69c1d74
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f924eac92aa3cc4ea64f2891447e8bd3af49e1a5c0bcd04b7356e2f7f1c04c
e53dca3111b1336cffd918dbd56d41ec90fe05685e3f0863036f3973f4391a0d
e94e010e92e659b566dbc436fdfe5242764380e00398907a14955ba301a4749f
eabcd621d6b8bc1f12ae51c08e26244be0b7a0360b4c32e2db8271595a1254a5
ec8bdf6deb889cd67eb602bce3fbd54efa7b5ebb64d871e5f8e22f4c4d13b2d7
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
f11b7bc12475ee06547f27ba064c8985adb1ab7ad8650b49de7f3d0a4f46503e
f2431d9cae765db6e982c7d0c4c9a9d15d6dc9d986ae8f28c38412ad6fd941c5
f4da2313ec5a6f93ff25851dfb2949f7f6cc5d0087ef20f5dce3037f7fb3c7a9
f604b43dc601775028505e3ccf95a6e44626f3b2cc41fbacdbcd87a31434f0ef
f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f
f73150e288aa203fa8970bb6e6f1ebb3d98466dbc38352e177f6abee70a50095
f908be4322ec368a47a2f78a6181c819cb49c89d20a8510c4ef67ef8fbca3086
f90abe8ed675ad8dea42d36c57156f378ab98301a28e5913ded0dec3029cbb94
f9b028844cba5c51be4d554b91f048daf7c3943926add67b6be2d46c28207e90
f9bebc380403f032fb83a6c9c7b36a2740553a3e54f60f426bfa8a38ed4ae68b
fa10d16a37e32f2224fbfb2abe309993609b834516bea92bf74ca2559252e55f
fa1983cd8b5e7dc6b6e03342469435dd02475c9c94d4e128522fe08ffcacd919
fae111500cc7ac97add95d1e3338f4b5d722991c712983632339b50c37fb3c59
fb16c823b3edaf3b3dd09e69848bbd8a72039156863697ace4c4b7a303709701
fe6b72c2bbdd3369ac0bfefe8648e3c889efca213baefd4cfb0dd9363563831f