urlscan.io logo urlscan.io
SecurityTrails logo

theatrewinterhaven.com Open in urlscan Pro
148.72.78.8  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://theatrewinterhaven.com/
Effective URL: https://theatrewinterhaven.com/
Submission: On November 17 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 39 IPs in 2 countries across 38 domains to perform 138 HTTP transactions. The main IP is 148.72.78.8, located in Ashburn, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is theatrewinterhaven.com.
TLS certificate: Issued by R11 on October 22nd 2024. Valid for: 3 months.
This is the only time theatrewinterhaven.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 69 148.72.78.8 26496 (AS-26496-...)
4 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2600:9000:214... 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
5 34.138.31.113 396982 (GOOGLE-CL...)
7 2607:f8b0:400... 15169 (GOOGLE)
2 18.238.49.101 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
3 2620:1ec:33:1... 8075 (MICROSOFT...)
2 2a03:2880:f00... 32934 (FACEBOOK)
2 34.86.110.8 396982 (GOOGLE-CL...)
1 2607:f8b0:400... 15169 (GOOGLE)
2 151.101.194.62 54113 (FASTLY)
1 2 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2a03:2880:f10... 32934 (FACEBOOK)
21 24 34.150.170.96 396982 (GOOGLE-CL...)
1 1 2600:9000:284... 16509 (AMAZON-02)
1 23.83.76.90 395954 (LEASEWEB-...)
1 69.194.240.13 26120 (RHYTHMONE)
1 2 52.223.22.214 16509 (AMAZON-02)
1 2600:1f18:612... 14618 (AMAZON-AES)
1 2 34.111.113.62 396982 (GOOGLE-CL...)
1 1 13.225.63.74 16509 (AMAZON-02)
1 1 2600:9000:21d... 16509 (AMAZON-02)
1 2 2600:9000:284... 16509 (AMAZON-02)
1 8.28.7.83 62713 (AS-PUBMATIC)
1 63.251.28.210 26558 (FREEWHEEL)
2 3 2600:1901:0:8... 396982 (GOOGLE-CL...)
3 3 142.250.80.66 15169 (GOOGLE)
1 2 52.0.156.250 14618 (AMAZON-AES)
1 2 2001:4998:14:... 14777 (YAHOO)
1 3.218.41.45 14618 (AMAZON-AES)
1 2 35.175.35.80 14618 (AMAZON-AES)
1 2 100.25.81.54 14618 (AMAZON-AES)
2 2 35.244.154.8 396982 (GOOGLE-CL...)
1 1 107.178.254.65 396982 (GOOGLE-CL...)
1 2 2620:1ec:21::14 8068 (MICROSOFT...)
1 1 142.251.40.98 15169 (GOOGLE)
1 2 68.67.160.117 29990 (ASN-APPNEX)
1 69.173.151.100 26667 (RUBICONPR...)
1 2 35.244.159.8 396982 (GOOGLE-CL...)
138 39
69    148.72.78.8 (Ashburn, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 8.78.72.148.host.secureserver.net
theatrewinterhaven.com
4    2607:f8b0:4006:80a::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
4    2607:f8b0:4006:81e::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2600:9000:2141:3200:6:9a19:88c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.rlets.com
2    2607:f8b0:4006:807::200e (United States)

ASN15169 (GOOGLE, US)
cse.google.com
3    2607:f8b0:4006:81f::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2607:f8b0:4006:80d::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    34.138.31.113 (North Charleston, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 113.31.138.34.bc.googleusercontent.com
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com
fault.rlets.com
7    2607:f8b0:4006:816::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
2    18.238.49.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-49-101.jfk52.r.cloudfront.net
capture-api.reachlocalservices.com
1    2607:f8b0:4006:81c::200e (United States)

ASN15169 (GOOGLE, US)
clients1.google.com
3    2620:1ec:33:1::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
2    2a03:2880:f00e:13:face:b00c:0:3 (Toronto, Canada)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    34.86.110.8 (Washington, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.110.86.34.bc.googleusercontent.com
tag.simpli.fi
i.simpli.fi
1    2607:f8b0:4006:822::2002 (United States)

ASN15169 (GOOGLE, US)
pubads.g.doubleclick.net
2    151.101.194.62 (San Francisco, United States)

ASN54113 (FASTLY, US)
freemiumleadsservice.localiq.com
2    2607:f8b0:4006:81e::2002 (United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2607:f8b0:4006:81f::2002 (United States)

ASN15169 (GOOGLE, US)
td.doubleclick.net
2    2a03:2880:f10e:83:face:b00c:0:25de (Toronto, Canada)

ASN32934 (FACEBOOK, US)
www.facebook.com
24    34.150.170.96 (Washington, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 96.170.150.34.bc.googleusercontent.com
um.simpli.fi
1    2600:9000:2840:8200:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)
s.ad.smaato.net
1    23.83.76.90 (Los Angeles, United States)

ASN395954 (LEASEWEB-USA-LAX, US)
rtb-csync.smartadserver.com
1    69.194.240.13 (United States)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
2    52.223.22.214 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
1    2600:1f18:612b:4264:1b19:8b47:338b:3179 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
simplifi.partners.tremorhub.com
2    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
1    13.225.63.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-74.ewr53.r.cloudfront.net
aa.agkn.com
1    2600:9000:21da:8000:19:fc2c:a140:93a1 (United States)

ASN16509 (AMAZON-02, US)
d.agkn.com
2    2600:9000:2840:b400:1b:6b7d:2300:93a1 (United States)

ASN16509 (AMAZON-02, US)
sync.intentiq.com
1    8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
1    63.251.28.210 (Secaucus, United States)

ASN26558 (FREEWHEEL, US)
ads.stickyadstv.com
3    2600:1901:0:8eee:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
fei.pro-market.net
pbid.pro-market.net
3    142.250.80.66 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net
cm.g.doubleclick.net
2    52.0.156.250 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-156-250.compute-1.amazonaws.com
loadm.exelator.com
2    2001:4998:14:800::1001 (United States)

ASN14777 (YAHOO, US)
ups.analytics.yahoo.com
1    3.218.41.45 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-218-41-45.compute-1.amazonaws.com
sync.bfmio.com
2    35.175.35.80 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-175-35-80.compute-1.amazonaws.com
bcp.crwdcntrl.net
2    100.25.81.54 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-25-81-54.compute-1.amazonaws.com
ce.lijit.com
2    35.244.154.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com
idsync.rlcdn.com
1    107.178.254.65 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 65.254.178.107.bc.googleusercontent.com
pippio.com
2    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    142.251.40.98 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f2.1e100.net
www.googleadservices.com
2    68.67.160.117 (Colonia, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
1    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com
us-u.openx.net
Apex Domain
Subdomains		 Transfer
69 theatrewinterhaven.com
theatrewinterhaven.com
3 MB
26 simpli.fi
tag.simpli.fi — Cisco Umbrella Rank: 5206
i.simpli.fi — Cisco Umbrella Rank: 4244
um.simpli.fi — Cisco Umbrella Rank: 878
15 KB
10 google.com
cse.google.com — Cisco Umbrella Rank: 3364
www.google.com — Cisco Umbrella Rank: 3
clients1.google.com — Cisco Umbrella Rank: 510
162 KB
7 doubleclick.net
pubads.g.doubleclick.net — Cisco Umbrella Rank: 438
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
td.doubleclick.net — Cisco Umbrella Rank: 182
cm.g.doubleclick.net — Cisco Umbrella Rank: 284
3 KB
7 rlets.com
cdn.rlets.com — Cisco Umbrella Rank: 16426
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com
fault.rlets.com — Cisco Umbrella Rank: 289671
92 KB
4 gstatic.com
fonts.gstatic.com
121 KB
4 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
4 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
274 KB
3 pro-market.net
fei.pro-market.net — Cisco Umbrella Rank: 2363
pbid.pro-market.net — Cisco Umbrella Rank: 9760
1 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 359
15 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36
22 KB
2 openx.net
us-u.openx.net — Cisco Umbrella Rank: 525
502 B
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 281
2 KB
2 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 333
900 B
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 476
833 B
2 lijit.com
ce.lijit.com — Cisco Umbrella Rank: 973
893 B
2 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1026
835 B
2 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 548
529 B
2 exelator.com
loadm.exelator.com — Cisco Umbrella Rank: 2185
2 KB
2 intentiq.com
sync.intentiq.com — Cisco Umbrella Rank: 1052
2 KB
2 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 550
d.agkn.com — Cisco Umbrella Rank: 758
1 KB
2 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 470
1 KB
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 429
969 B
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
212 B
2 localiq.com
freemiumleadsservice.localiq.com — Cisco Umbrella Rank: 151367
175 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 192
75 KB
2 reachlocalservices.com
capture-api.reachlocalservices.com — Cisco Umbrella Rank: 19383
592 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 419
1 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 96
23 B
1 pippio.com
pippio.com — Cisco Umbrella Rank: 805
633 B
1 bfmio.com
sync.bfmio.com — Cisco Umbrella Rank: 1532
421 B
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 619
654 B
1 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 886
548 B
1 tremorhub.com
simplifi.partners.tremorhub.com — Cisco Umbrella Rank: 6784
175 B
1 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 513
99 B
1 smartadserver.com
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 739
557 B
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 574
540 B
0 bluekai.com Failed
stags.bluekai.com Failed
138 38
Domain Requested by
69 theatrewinterhaven.com 1 redirects theatrewinterhaven.com
24 um.simpli.fi 21 redirects
7 www.google.com cse.google.com
theatrewinterhaven.com
www.googletagmanager.com
4 09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com cdn.rlets.com
4 fonts.gstatic.com fonts.googleapis.com
4 fonts.googleapis.com theatrewinterhaven.com
4 www.googletagmanager.com theatrewinterhaven.com
www.googletagmanager.com
cdn.rlets.com
3 cm.g.doubleclick.net 3 redirects
3 bat.bing.com theatrewinterhaven.com
bat.bing.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 us-u.openx.net 1 redirects
2 ib.adnxs.com 1 redirects
2 px.ads.linkedin.com 1 redirects
2 idsync.rlcdn.com 2 redirects
2 ce.lijit.com 1 redirects
2 bcp.crwdcntrl.net 1 redirects
2 ups.analytics.yahoo.com 1 redirects
2 loadm.exelator.com 1 redirects
2 fei.pro-market.net 2 redirects
2 sync.intentiq.com 1 redirects
2 pixel.tapad.com 1 redirects
2 eb2.3lift.com 1 redirects
2 www.facebook.com theatrewinterhaven.com
2 googleads.g.doubleclick.net 1 redirects www.googletagmanager.com
2 freemiumleadsservice.localiq.com cdn.rlets.com
2 connect.facebook.net cdn.rlets.com
connect.facebook.net
2 capture-api.reachlocalservices.com cdn.rlets.com
2 cse.google.com theatrewinterhaven.com
www.google.com
2 cdn.rlets.com theatrewinterhaven.com
cdn.rlets.com
1 pixel.rubiconproject.com
1 www.googleadservices.com 1 redirects
1 pippio.com 1 redirects
1 sync.bfmio.com
1 pbid.pro-market.net
1 ads.stickyadstv.com
1 image2.pubmatic.com
1 d.agkn.com 1 redirects
1 aa.agkn.com 1 redirects
1 simplifi.partners.tremorhub.com
1 sync.1rx.io
1 rtb-csync.smartadserver.com
1 s.ad.smaato.net 1 redirects
1 i.simpli.fi tag.simpli.fi
1 td.doubleclick.net www.googletagmanager.com
1 pubads.g.doubleclick.net theatrewinterhaven.com
1 tag.simpli.fi cdn.rlets.com
1 fault.rlets.com theatrewinterhaven.com
1 clients1.google.com theatrewinterhaven.com
0 stags.bluekai.com Failed
138 49

This site contains links to these domains. Also see Links.

Domain
app.arts-people.com
www.facebook.com
secure.qgiv.com
creative.cohencreek.com
localiq.com
Subject Issuer Validity Valid
theatrewinterhaven.com
R11		 2024-10-22 -
2025-01-20		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.rlets.com
Amazon RSA 2048 M02		 2024-09-29 -
2025-10-27		 a year crt.sh
*.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
captureapi.localiq.com
R11		 2024-10-12 -
2025-01-10		 3 months crt.sh
*.reachlocalservices.com
Amazon RSA 2048 M02		 2024-10-03 -
2025-11-01		 a year crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 03		 2024-09-16 -
2025-03-15		 6 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-08-26 -
2024-11-24		 3 months crt.sh
*.simpli.fi
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-11-13 -
2025-12-14		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
localiq.com
R10		 2024-10-31 -
2025-01-29		 3 months crt.sh
*.doubleclick.net
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://theatrewinterhaven.com/
Frame ID: 6E06C497175D115C9FB2A46274F095FE
Requests: 134 HTTP requests in this frame

Frame: https://09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/static/storage.html
Frame ID: CBA21AAD4451F2F837AFA302997F6191
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/11034151262?random=1731831603635&cv=11&fst=1731831603635&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4be0h2za200&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102077855&u_w=1600&u_h=1200&url=https%3A%2F%2Ftheatrewinterhaven.com%2F&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Theatre%20Winter%20Haven&did=dNDMyYj&gdid=dNDMyYj&npa=0&pscdl=noapi&auid=742420586.1731831604&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 4B6D89121376D8F823C1D55CC114FD16
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Ftheatrewinterhaven.com
Frame ID: F5A3696E5FDA8F4C140F50CDE887C4A9
Requests: 1 HTTP requests in this frame

Frame: https://cdn.rlets.com/capture_static/mms/capture.js
Frame ID: 79DB45F32204CC5458E4BA5A659AFA76
Requests: 2 HTTP requests in this frame

Frame: https://09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/static/storage.html
Frame ID: 024FF308A7A177EB751B74793A6BDA03
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Home - Theatre Winter Haven

Page URL History Show full URLs

  1. http://theatrewinterhaven.com/ HTTP 307
    https://theatrewinterhaven.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
  • wp-embed\.min\.js\?ver=([\d.]+)
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • /revslider/[/\w-]+/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

138
Requests

83 %
HTTPS

47 %
IPv6

38
Domains

49
Subdomains

39
IPs

2
Countries

4008 kB
Transfer

8785 kB
Size

78
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://theatrewinterhaven.com/ HTTP 307
    https://theatrewinterhaven.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 114
  • https://theatrewinterhaven.com/favicon.ico HTTP 302
  • https://theatrewinterhaven.com/wp-includes/images/w-logo-blue-white-bg.png
Request Chain 116
  • https://um.simpli.fi/smaato HTTP 302
  • https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=955048CCC945450C82822B4622A3087B HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=133&partneruserid=e56754cc73&gdpr=0&gdpr_consent=
Request Chain 117
  • https://um.simpli.fi/nexxen HTTP 302
  • https://sync.1rx.io/usersync/simplifi/955048CCC945450C82822B4622A3087B
Request Chain 118
  • https://um.simpli.fi/triplelift HTTP 302
  • https://eb2.3lift.com/xuid?mid=7969&xuid=955048CCC945450C82822B4622A3087B&dongle=yf3 HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=955048CCC945450C82822B4622A3087B&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
Request Chain 119
  • https://um.simpli.fi/telaria_p HTTP 302
  • https://simplifi.partners.tremorhub.com/sync?UISF=955048CCC945450C82822B4622A3087B
Request Chain 120
  • https://um.simpli.fi/tapad HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=955048CCC945450C82822B4622A3087B HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=955048CCC945450C82822B4622A3087B
Request Chain 121
  • https://um.simpli.fi/ad_advisor HTTP 302
  • https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=955048CCC945450C82822B4622A3087B HTTP 302
  • https://d.agkn.com/pixel/10751/?che=1731831604430&ip=5.181.234.133&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D213620605069008912637 HTTP 302
  • https://um.simpli.fi/aa_px?sk=213620605069008912637 HTTP 302
  • https://um.simpli.fi/empty.gif
Request Chain 122
  • https://um.simpli.fi/intentiq HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=955048CCC945450C82822B4622A3087B HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=955048CCC945450C82822B4622A3087B&ckls=true&ci=5lrHib0PjJ&nc=false&trid=-807545214
Request Chain 123
  • https://um.simpli.fi/pubmatic HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:955048CCC945450C82822B4622A3087B
Request Chain 124
  • https://um.simpli.fi/freewheel HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=955048CCC945450C82822B4622A3087B
Request Chain 125
  • https://um.simpli.fi/dtnx HTTP 302
  • https://fei.pro-market.net/engine?du=24;csync=955048CCC945450C82822B4622A3087B;mimetype=img; HTTP 302
  • https://fei.pro-market.net/engine?du=24;csync=955048CCC945450C82822B4622A3087B;mimetype=img;sr HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=datonics-ddp&google_cm&google_hm=NTQ3NDcyMDUzNDc1NDExOTI4OA== HTTP 302
  • https://pbid.pro-market.net/engine?du=53&mimetype=img&google_gid=CAESEHzn_ydIrEUBHeZ61vtHZ5c&google_cver=1
Request Chain 126
  • https://um.simpli.fi/exelatem HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=955048CCC945450C82822B4622A3087B&j=0 HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=955048CCC945450C82822B4622A3087B&j=0&xl8blockcheck=1
Request Chain 127
  • https://um.simpli.fi/yahoo HTTP 302
  • https://ups.analytics.yahoo.com/ups/55964/sync?uid=955048CCC945450C82822B4622A3087B HTTP 302
  • https://ups.analytics.yahoo.com/ups/55964/sync?uid=955048CCC945450C82822B4622A3087B&verify=true
Request Chain 128
  • https://um.simpli.fi/beachfront HTTP 302
  • https://sync.bfmio.com/sync?pid=141&uid=955048CCC945450C82822B4622A3087B
Request Chain 129
  • https://um.simpli.fi/bluekai HTTP 302
  • https://stags.bluekai.com/site/29931?id=955048CCC945450C82822B4622A3087B
Request Chain 130
  • https://um.simpli.fi/crwdcntrl HTTP 302
  • https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=955048CCC945450C82822B4622A3087B HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=955048CCC945450C82822B4622A3087B
Request Chain 131
  • https://um.simpli.fi/lj_match HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=955048CCC945450C82822B4622A3087B HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=955048CCC945450C82822B4622A3087B&dnr=1
Request Chain 132
  • https://um.simpli.fi/liveramp_match HTTP 302
  • https://idsync.rlcdn.com/419566.gif?partner_uid=955048CCC945450C82822B4622A3087B HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CO7NGRIrCicIARDuJBogOTU1MDQ4Q0NDOTQ1NDUwQzgyODIyQjQ2MjJBMzA4N0IQABoNCLTO5rkGEgUI6AcQAEIASgA HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=86892b88b49a10d01e0b08db20ff2dfb74536f57c7024f3b63aeaa4a9cb33f55791426b5417dce21&_=2 HTTP 307
  • https://px.ads.linkedin.com/db_sync?pid=10339&puuid=86892b88b49a10d01e0b08db20ff2dfb74536f57c7024f3b63aeaa4a9cb33f55791426b5417dce21&rand=01768505 HTTP 302
  • https://px.ads.linkedin.com/db_sync?pid=10339&puuid=86892b88b49a10d01e0b08db20ff2dfb74536f57c7024f3b63aeaa4a9cb33f55791426b5417dce21&rand=01768505&expected_cookie=0b5c521e-07a3-4f1c-b944-a5c7519bc322
Request Chain 133
  • https://www.googleadservices.com/pagead/conversion/1026675585/?random=1731831604252&cv=7&fst=1731831604252&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=452085429&cv=7&fst=1731831604252&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII6saxAgjTxbEC&pscrd=IhMImeHavPfiiQMVd3BHAR1ewSi9MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh9odHRwczovL3RoZWF0cmV3aW50ZXJoYXZlbi5jb20v HTTP 302
  • https://www.google.com/pagead/1p-conversion/1026675585/?random=452085429&cv=7&fst=1731831604252&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII6saxAgjTxbEC&pscrd=IhMImeHavPfiiQMVd3BHAR1ewSi9MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh9odHRwczovL3RoZWF0cmV3aW50ZXJoYXZlbi5jb20v&is_vtc=1&cid=CAQSKQCa7L7ddC1lWILC7uUTse60om1nTB__D-Fhm6ujo-hb6YZ4vhS9wb_8&random=1055582489
Request Chain 135
  • https://um.simpli.fi/an HTTP 302
  • https://ib.adnxs.com/setuid?entity=66&code=955048CCC945450C82822B4622A3087B HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D955048CCC945450C82822B4622A3087B
Request Chain 136
  • https://um.simpli.fi/rb_match HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=955048CCC945450C82822B4622A3087B&expires=365
Request Chain 137
  • https://um.simpli.fi/ox_match HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=955048CCC945450C82822B4622A3087B HTTP 302
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=955048CCC945450C82822B4622A3087B
Request Chain 138
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc HTTP 302
  • https://um.simpli.fi/g_match?id=&google_gid=CAESEDCHYsMmvYDwwIfNtI7oUK8&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=955048CCC945450C82822B4622A3087B HTTP 302
  • https://um.simpli.fi/g_match?id=

138 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
theatrewinterhaven.com/
Redirect Chain
  • http://theatrewinterhaven.com/
  • https://theatrewinterhaven.com/
443 KB
104 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache / PHP/7.4.33
Resource Hash
eb2921f1465ff76f0abb60b713f812dad2a49a7b050630c01a95f29635dcb59b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 17 Nov 2024 08:20:00 GMT
link
<https://theatrewinterhaven.com/wp-json/>; rel="https://api.w.org/", <https://theatrewinterhaven.com/wp-json/wp/v2/pages/7>; rel="alternate"; type="application/json", <https://theatrewinterhaven.com/>; rel=shortlink
server
Apache
vary
Accept-Encoding
x-powered-by
PHP/7.4.33

Redirect headers

Location
https://theatrewinterhaven.com/
Non-Authoritative-Reason
HttpsUpgrades
js
www.googletagmanager.com/gtag/ 		222 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-150210179-1
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a5593cfac4ce6ea49bc1b158c5f408d8061681b77e037fb052d041f902c413e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Sun, 17 Nov 2024 08:20:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:20:02 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sun, 17 Nov 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
81327
x-xss-protection
0
server
Google Tag Manager
dashicons.min.css
theatrewinterhaven.com/wp-includes/css/ 		58 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-includes/css/dashicons.min.css?ver=5.8.10
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"6e31e3-e688-5bca85cdbf580-br"
accept-ranges
bytes
content-length
35109
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 03 Mar 2021 21:16:22 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
extra.min.css
theatrewinterhaven.com/wp-content/plugins/menu-icons/css/ 		815 B
387 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/menu-icons/css/extra.min.css?ver=0.12.12
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
968ab8ae6f33119ee267a11ce60920934e0d5e9d4714a3eb6b47cb9f05e42a0f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3361455-32f-5e0f034503d80-br"
accept-ranges
bytes
content-length
272
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:05:58 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
style.min.css
theatrewinterhaven.com/wp-includes/css/dist/block-library/ 		79 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.10
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"6e3194-13abe-5cae72efad580-br"
accept-ranges
bytes
content-length
9945
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 01 Sep 2021 04:05:58 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
wpforms-full.min.css
theatrewinterhaven.com/wp-content/plugins/wpforms/assets/css/ 		39 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/wpforms/assets/css/wpforms-full.min.css?ver=1.7.4.2
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
f11881a89ad5ebdbfe75b6a82c4f1359bef968b54a8e006b0b677688ecfeb581

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3381004-9be9-5e0f0524b6940-br"
accept-ranges
bytes
content-length
5130
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:14:21 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
font-awesome.min.css
theatrewinterhaven.com/wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/css/ 		20 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/css/font-awesome.min.css?ver=5.8.10
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2aa10dc-511e-5e0f03bf15d80-br"
accept-ranges
bytes
content-length
4403
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:08:06 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
bootstrap-front.css
theatrewinterhaven.com/wp-content/plugins/responsive-accordion-and-collapse/css/ 		14 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-front.css?ver=5.8.10
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
4498d139af798037c0aba235558263582c4b970d63e8118091c8be9b168a38a4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"296187d-391d-5e0f03bf15d80-br"
accept-ranges
bytes
content-length
1405
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:08:06 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
rs6.css
theatrewinterhaven.com/wp-content/plugins/revslider/public/assets/css/ 		55 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.1.2
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
6f3678578e1fcd6df957011ade74254df8311409fd8e039246566c362a686be9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3062796-dc54-592e768542940-br"
accept-ranges
bytes
content-length
11317
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:51:09 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
bootstrap.css
theatrewinterhaven.com/wp-content/themes/tentered/css/ 		118 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/css/bootstrap.css?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
e26ed759335204be6103f18aa3c3b759db9dfe56d3ba100f62bc6ddfc1400d94

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2841309-1d9ae-592e6ff9a7800-br"
accept-ranges
bytes
content-length
18178
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
bootstrap-theme.css
theatrewinterhaven.com/wp-content/themes/tentered/css/ 		29 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/css/bootstrap-theme.css?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
4b3dbeecf46921246e986a63c23921664ee7af1e7375dc65a4826c7c92fd0ff8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2841308-7249-592e6ff9a7800-br"
accept-ranges
bytes
content-length
4927
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
style.css
theatrewinterhaven.com/wp-content/themes/tentered/ 		121 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/style.css?ver=5.8.10
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
4923a44bef23c4825e6ac229b46e4188bdd09c32d4de1d8292df0682f35a75ed

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2822a73-1e2d5-592e6ff9a7800-br"
accept-ranges
bytes
content-length
21466
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
custom.css
theatrewinterhaven.com/wp-content/themes/tentered/css/ 		0
55 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/css/custom.css?ver=5.8.10
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"284130b-0-592e6ff9a7800-br"
accept-ranges
bytes
content-length
1
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
js_composer.min.css
theatrewinterhaven.com/wp-content/plugins/js_composer/assets/css/ 		473 KB
40 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.3
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
bf376bda577cabdec91f4e3f27597af77cb736bd548e87e987e1ee97e0549f1c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3121ea6-765f9-592e707e370c0-br"
accept-ranges
bytes
content-length
40990
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:24:11 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
css
fonts.googleapis.com/ 		15 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway%3A100%2C200%2C300%2Cregular%2C500%2C600%2C700%2C800%2C900&subset=latin&ver=6.0.3
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
51fa07edfdf5bdd6bdd18ef279afa2f683c0fd625e5ef50b9587934743469d5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 17 Nov 2024 08:20:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:20:02 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sun, 17 Nov 2024 08:20:02 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
pum-site-styles.css
theatrewinterhaven.com/wp-content/uploads/pum/ 		20 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/uploads/pum/pum-site-styles.css?generated=1653510993&ver=1.16.7
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
6c5e609d5d4c983be45c8b523daf05fcb91d1c32f6d10d771ab61578e0e9017a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3381fca-4e40-5dfdc074f7400-br"
accept-ranges
bytes
content-length
3300
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 25 May 2022 20:36:32 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
css
fonts.googleapis.com/ 		12 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway:700,400,900%7CVolkhov:400italic%7CRoboto:700,400%7CPoppins:700,500&subset=latin&display=swap&ver=1618923524
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
fc8a742194347bc8cc92730ef97fb2dd5413b5fcb5862af37ad552cd6e8c3d38
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 17 Nov 2024 08:20:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:20:02 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sun, 17 Nov 2024 08:20:02 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
line-icons.css
theatrewinterhaven.com/wp-content/themes/tentered/css/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/css/line-icons.css?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
99e01f1eaf1c9c70794a563dd3ae46e882614f589317a43a57325e2b9faa2286

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2841310-202a-592e6ff9a7800-br"
accept-ranges
bytes
content-length
1426
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
font-awesome.css
theatrewinterhaven.com/wp-content/themes/tentered/css/ 		37 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/css/font-awesome.css?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
f18e2a4fa4a13217258c0bdcae26b0466602345e1a3c618630755b19eceb500d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"284130d-9221-592e6ff9a7800-br"
accept-ranges
bytes
content-length
7015
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
animations.css
theatrewinterhaven.com/wp-content/themes/tentered/css/ 		28 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/css/animations.css?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
fe1fe98bf4992245660e1b9747dbf026144e23d39edd9a6b78d4aeea667d4d47

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2841307-6e7e-592e6ff9a7800-br"
accept-ranges
bytes
content-length
2821
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
style.css
theatrewinterhaven.com/wp-content/themes/tentered-child/ 		318 B
236 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered-child/style.css?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
d74e5970c4ad983e2d9cddf8598231b9133452339b1b23354ad8a783d39dd6b9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2822a5a-13e-59478db40d9c0-br"
accept-ranges
bytes
content-length
155
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 09 Oct 2019 11:47:59 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
magnific-popup.css
theatrewinterhaven.com/wp-content/themes/tentered/vendor/magnific/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/vendor/magnific/magnific-popup.css?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
10235e05734f82cbf37a30d84733244e91c32647749d8720a88561d10bcba0f8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"28c336b-1707-592e6ff9a7800-br"
accept-ranges
bytes
content-length
1512
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
owl.carousel.css
theatrewinterhaven.com/wp-content/themes/tentered/vendor/owl-carousel/css/ 		5 KB
858 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/vendor/owl-carousel/css/owl.carousel.css?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
aa9f0cc78170ce1e34fd50564e59e59fe8ca9ba2241214375af8a440ae60088d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"28e1a31-1216-592e6ff9a7800-br"
accept-ranges
bytes
content-length
801
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
owl.theme.css
theatrewinterhaven.com/wp-content/themes/tentered/vendor/owl-carousel/css/ 		2 KB
678 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/vendor/owl-carousel/css/owl.theme.css?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
f1b477898af01dada83f9eb29b510feba8650cfd970ab0e9f3a8cf8d50b1d059

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"28e1a32-939-592e6ff9a7800-br"
accept-ranges
bytes
content-length
621
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
color1.css
theatrewinterhaven.com/wp-content/themes/tentered/colors/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/colors/color1.css?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
2a328cae02a4d83ba6485d74502e2dff2da6f3ca7760601bc925579d1e4a3bcf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"28412fd-1f05-592e6ff9a7800-br"
accept-ranges
bytes
content-length
1680
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
smartslider.min.css
theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/ 		22 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/smartslider.min.css?ver=6da04383
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
32323463e11100d0c528b106384b2f233245d523e6285442d5d3bed7fd60b136

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"338015f-5619-5e0f04373f900-br"
accept-ranges
bytes
content-length
3796
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:10:12 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
css
fonts.googleapis.com/ 		8 KB
886 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?display=swap&family=Montserrat%3A300%2C400%7CRoboto%3A300%2C400
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
661a1d0962a58f76bf40cb1f85086b8da9c1ba50d03b0947c37e1dc47d3520b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 17 Nov 2024 08:20:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:20:02 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sun, 17 Nov 2024 08:20:02 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
frontend-gtag.min.js
theatrewinterhaven.com/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/ 		12 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.5.3
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
23eb134e746f1e5c265c5d33d045af48c444617adaa281fb993d6070bdc04c9f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2982081-2e3b-5dfdbff6208c0-br"
accept-ranges
bytes
content-length
3016
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 25 May 2022 20:34:19 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
jquery.min.js
theatrewinterhaven.com/wp-includes/js/jquery/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"6e3669-15db1-5bd3006388300-br"
accept-ranges
bytes
content-length
30310
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 10 Mar 2021 15:07:24 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
jquery-migrate.min.js
theatrewinterhaven.com/wp-includes/js/jquery/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"6e3661-2bd8-5b45debe27b80-br"
accept-ranges
bytes
content-length
3998
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 18 Nov 2020 09:06:06 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
revolution.tools.min.js
theatrewinterhaven.com/wp-content/plugins/revslider/public/assets/js/ 		147 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
45012f93c4cbd739c51f4043a3a1d3c8377272ef606dd39e51a6a81e02dad594

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"30c17e2-24ba4-592e768542940-br"
accept-ranges
bytes
content-length
48190
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:51:09 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
rs6.min.js
theatrewinterhaven.com/wp-content/plugins/revslider/public/assets/js/ 		263 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.1.2
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
25946407ffe7464efd7ca1123c553ed781409890e0f700b9492f402842e61e08

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"30c17e3-41b15-592e768542940-br"
accept-ranges
bytes
content-length
63872
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:51:09 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
1e244879620e2a6a0f2d370.js
cdn.rlets.com/capture_configs/09d/e43/0dd/ 		219 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.rlets.com/capture_configs/09d/e43/0dd/1e244879620e2a6a0f2d370.js
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2141:3200:6:9a19:88c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
ecb5cd9d06c42427d7e95ed92a4196447ad545ac74da5cac40861a491678bf30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

x-request-id
b311564b3a1a235ad6ab171c061aa8b7
content-encoding
br
etag
W/"ecb5cd9d06c42427d7e95ed92a419644"
age
57004
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Tzg6oIerC9RgILOczBRLk3sYiQ4VoWxjUuyV4SmfLwdCGel7B7YSSQ==
date
Sat, 16 Nov 2024 16:29:58 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-runtime
0.199888
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
referrer-policy
strict-origin-when-cross-origin
x-download-options
noopen
via
1.1 77512d19cb7ad3590ec138f5d5b2dd86.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P10
wp-emoji-release.min.js
theatrewinterhaven.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.10
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"6e36fa-4705-5c4487ddedc00-br"
accept-ranges
bytes
content-length
4542
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Tue, 08 Jun 2021 22:15:12 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
n2.min.js
theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/ 		89 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/n2.min.js?ver=6da04383
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
f98cd3c4b9457469cbff9dfabd0c41d8a3356917442003e0d39d0591880924e8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"338015c-16588-5e0f04373f900-br"
accept-ranges
bytes
content-length
32806
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:10:12 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
smartslider-frontend.min.js
theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/ 		215 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/smartslider-frontend.min.js?ver=6da04383
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
2936ab5d0f5a13aff6095fd54ed7e673c45afb70273f9f6e8f798ae4a87ab776

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"338015e-35a83-5e0f04373f900-br"
accept-ranges
bytes
content-length
47222
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:10:12 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
ss-simple.min.js
theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Slider/SliderType/Simple/Assets/dist/ 		13 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Slider/SliderType/Simple/Assets/dist/ss-simple.min.js?ver=6da04383
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
ee16e195eeef694ffa4f93f5d1688a21ab150f6222d46d419ea1dd1e25a0cc13

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3380172-34d5-5e0f04373f900-br"
accept-ranges
bytes
content-length
2961
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:10:12 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
ss-carousel.min.js
theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3Pro/Slider/SliderType/Carousel/Assets/dist/ 		13 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3Pro/Slider/SliderType/Carousel/Assets/dist/ss-carousel.min.js?ver=6da04383
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
fcbad912a7693f00c9e02d8fb766d075849b5dcf067c6655158b099aa3e8aee1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3380230-32a4-5e0f04373f900-br"
accept-ranges
bytes
content-length
3190
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:10:12 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
w-arrow-image.min.js
theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Widget/Arrow/ArrowImage/Assets/dist/ 		1 KB
559 B 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Widget/Arrow/ArrowImage/Assets/dist/w-arrow-image.min.js?ver=6da04383
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
6b697ee3c5b264b4bdb9ee3e96432e58cc5563ba7d7d466c0103767cc3bb3362

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3380179-4e0-5e0f04373f900-br"
accept-ranges
bytes
content-length
502
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:10:12 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
w-bullet.min.js
theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Widget/Bullet/Assets/dist/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Widget/Bullet/Assets/dist/w-bullet.min.js?ver=6da04383
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
562cd3ea5b9986a885d58cd1de33e5d5ba546590cec9aa8e6d8e315b75c527cf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3380194-1527-5e0f04373f900-br"
accept-ranges
bytes
content-length
1768
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:10:12 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
twh-logoXSM.png
theatrewinterhaven.com/wp-content/uploads/2019/09/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://theatrewinterhaven.com/wp-content/uploads/2019/09/twh-logoXSM.png
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
0c7e445be8aba4f06d2bc32fa4983abe12f59329f60f86c1a76164171e140bfb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

accept-ranges
bytes
content-length
9395
etag
"33816db-24b3-592e86e59cc40"
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 14:04:25 GMT
content-type
image/png
server
Apache
twh-logoSM.png
theatrewinterhaven.com/wp-content/uploads/2019/09/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://theatrewinterhaven.com/wp-content/uploads/2019/09/twh-logoSM.png
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
3d7560abb48f8aa8e74373fb34f6da0df42e4359332c6f182aaf0671da86f4de

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

accept-ranges
bytes
content-length
15388
etag
"33816d8-3c1c-592e866e67300"
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 14:02:20 GMT
content-type
image/png
server
Apache
Christmas-Story-Labeled.jpg
theatrewinterhaven.com/wp-content/uploads/2024/08/ 		95 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://theatrewinterhaven.com/wp-content/uploads/2024/08/Christmas-Story-Labeled.jpg
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
25980a992153bff902703eef4f97823196687026d3fb483c2f17ea8e8464d1ee

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

accept-ranges
bytes
content-length
96933
etag
"2981c69-17aa5-61f1b366a17c8"
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 07 Aug 2024 17:26:37 GMT
content-type
image/jpeg
server
Apache
mask-icon-wht-50x50.png
theatrewinterhaven.com/wp-content/uploads/2019/09/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://theatrewinterhaven.com/wp-content/uploads/2019/09/mask-icon-wht-50x50.png
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
451b9ec6b2997fbb24746c1ebd5d4aa31f142bf766acf1e0fae4bd087abddfcf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

accept-ranges
bytes
content-length
1785
etag
"3381640-6f9-593cdcb10ae00"
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Mon, 30 Sep 2019 23:42:48 GMT
content-type
image/png
server
Apache
lights-icon-wht-50x50.png
theatrewinterhaven.com/wp-content/uploads/2019/09/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://theatrewinterhaven.com/wp-content/uploads/2019/09/lights-icon-wht-50x50.png
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
36d8bbd4e44a7c5987cec7ec57a79c611aa5ed3886a6d23ff8cda2161a052c16

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

accept-ranges
bytes
content-length
1715
etag
"338163c-6b3-593cdcb10ae00"
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Mon, 30 Sep 2019 23:42:48 GMT
content-type
image/png
server
Apache
theatre-icon-wht-60x60.png
theatrewinterhaven.com/wp-content/uploads/2019/09/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://theatrewinterhaven.com/wp-content/uploads/2019/09/theatre-icon-wht-60x60.png
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
6e98a18a98c9db7c4c2d9583c3c6a4e2a6ae2cba314af1f0c513b9f63d65862a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

accept-ranges
bytes
content-length
1637
etag
"33816c9-665-5ec7d1d9626c0"
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 02 Nov 2022 13:49:55 GMT
content-type
image/png
server
Apache
cse.js
cse.google.com/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cse.google.com/cse.js?cx=000611468187706953105:5fps0m6vybv
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
12288d905607f27a39505a85ebc5efab386d2a673594b05f11db93c408faca5b
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-rFyU1deE0fFd16iQaFdhHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-rFyU1deE0fFd16iQaFdhHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
content-encoding
br
accept-ch
Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
permissions-policy
unload=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2622
date
Sun, 17 Nov 2024 08:20:02 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
gws
x-frame-options
SAMEORIGIN
accordion-custom.js
theatrewinterhaven.com/wp-content/plugins/responsive-accordion-and-collapse/js/ 		64 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion-custom.js?ver=5.8.10
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
224dfe46fe982613c3d798fa23a740523866877e27981ee3814c427978f852f8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"29c12e4-ff41-5e0f03bf15d80-br"
accept-ranges
bytes
content-length
13214
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:08:06 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
accordion.js
theatrewinterhaven.com/wp-content/plugins/responsive-accordion-and-collapse/js/ 		461 B
213 B 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?ver=5.8.10
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
593ac639f7b6a3b6de766919b40ff748bedb63570719a55aec8f196ec7df742a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"29c12e5-1cd-5e0f03bf15d80-br"
accept-ranges
bytes
content-length
156
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:08:06 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
modernizr.js
theatrewinterhaven.com/wp-content/themes/tentered/js/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/js/modernizr.js?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
1acda5dc3f8982d34c308da783d450a9ff4ca79ee6a2b27414bb6a7400ebfd15

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2861cf5-3b31-592e6ff9a7800-br"
accept-ranges
bytes
content-length
5856
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
jquery.magnific-popup.min.js
theatrewinterhaven.com/wp-content/themes/tentered/vendor/magnific/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/vendor/magnific/jquery.magnific-popup.min.js?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
ecbef0f33e8ccedd2c605816e052cfff778abcc0e30a80b874c097a5fddd24fc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"28c336a-5297-592e6ff9a7800-br"
accept-ranges
bytes
content-length
7384
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
waypoints.js
theatrewinterhaven.com/wp-content/themes/tentered/js/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/js/waypoints.js?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
d271120b283f037391dcecfb7e65de5ac6d4feaf3a990ba2a4a2d5289a40333e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2861cf7-1f6c-592e6ff9a7800-br"
accept-ranges
bytes
content-length
2461
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
ui-plugins.js
theatrewinterhaven.com/wp-content/themes/tentered/js/ 		81 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/js/ui-plugins.js?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
63bf6a8cf2dba961cdaf128e28eddf9dec8c2a4fbfa3bb3f5dbf725b1544b728

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2861cf6-1455e-592e6ff9a7800-br"
accept-ranges
bytes
content-length
22096
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
helper-plugins.js
theatrewinterhaven.com/wp-content/themes/tentered/js/ 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/js/helper-plugins.js?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
0584decd9e130dbc5679f5b62661a255ecdfe23e2180d156b9f65ca8d01f8d38

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2861cf2-f785-592e6ff9a7800-br"
accept-ranges
bytes
content-length
20702
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
owl.carousel.min.js
theatrewinterhaven.com/wp-content/themes/tentered/vendor/owl-carousel/js/ 		23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/vendor/owl-carousel/js/owl.carousel.min.js?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
b3a5719d8d55ca45c7250adb027137b4761fcc9e96173013fd8e92345afc9487

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"28e1a33-5c5e-592e6ff9a7800-br"
accept-ranges
bytes
content-length
6300
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
jquery.flexslider-min.js
theatrewinterhaven.com/wp-content/plugins/js_composer/assets/lib/bower/flexslider/ 		21 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/js_composer/assets/lib/bower/flexslider/jquery.flexslider-min.js?ver=6.0.3
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
ccfb7762be932f26ce547d4bb7477b61cb54b3addd78b1c721738de5d2fdb4ec

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3360f9f-5561-592e707e370c0-br"
accept-ranges
bytes
content-length
6177
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:24:11 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
bootstrap.js
theatrewinterhaven.com/wp-content/themes/tentered/js/ 		36 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/js/bootstrap.js?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2861cef-9004-592e6ff9a7800-br"
accept-ranges
bytes
content-length
9448
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
init.js
theatrewinterhaven.com/wp-content/themes/tentered/js/ 		23 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/js/init.js?ver=1.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
23a7dc59fb1c1d587dde4864fc98913050d020bfa94567c4303d2a35298e426d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"2861cf4-5a09-592e6ff9a7800-br"
accept-ranges
bytes
content-length
4811
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
js_composer_front.min.js
theatrewinterhaven.com/wp-content/plugins/js_composer/assets/js/dist/ 		20 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.3
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
43cdf46f331fec5ba92e402e3d5cad473099892cbdafca02e607cd03705104bf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3360df4-5079-592e707e370c0-br"
accept-ranges
bytes
content-length
5556
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:24:11 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
core.min.js
theatrewinterhaven.com/wp-includes/js/jquery/ui/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"6e3678-5133-5bdd334ac27c0-br"
accept-ranges
bytes
content-length
6596
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 18 Mar 2021 17:48:23 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
pum-site-scripts.js
theatrewinterhaven.com/wp-content/uploads/pum/ 		68 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/uploads/pum/pum-site-scripts.js?defer&generated=1653510993&ver=1.16.7
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
98e8554219cacc7b84e8784e66c4e85d19db374420267abd48de5d1ce8c25576

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3381fc9-1101b-5dfdc075eb640-br"
accept-ranges
bytes
content-length
16648
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 25 May 2022 20:36:33 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
wp-embed.min.js
theatrewinterhaven.com/wp-includes/js/ 		1 KB
784 B 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-includes/js/wp-embed.min.js?ver=5.8.10
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"6e3646-5c6-5fbd149e47980-br"
accept-ranges
bytes
content-length
703
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Tue, 16 May 2023 15:33:10 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
jquery.validate.min.js
theatrewinterhaven.com/wp-content/plugins/wpforms/assets/js/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/wpforms/assets/js/jquery.validate.min.js?ver=1.19.3
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
4c0cc637858d6503cba9262f8be75740c29e853605a153a7bde46a6e2e367eb0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"338113c-5f6e-5e0f0524b6940-br"
accept-ranges
bytes
content-length
7603
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:14:21 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
mailcheck.min.js
theatrewinterhaven.com/wp-content/plugins/wpforms/assets/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/wpforms/assets/js/mailcheck.min.js?ver=1.1.2
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
8a3820962c15d26c4cdc9eff4f8c66ed29f96e353b7893285cb14962d6a6956d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"338113f-fae-5e0f0524b6940-br"
accept-ranges
bytes
content-length
1616
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:14:21 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
punycode.min.js
theatrewinterhaven.com/wp-content/plugins/wpforms/assets/js/ 		2 KB
892 B 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/wpforms/assets/js/punycode.min.js?ver=1.0.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
69a15ba379260f131f7dfa2a5414cbdc48db661ac21d696773c7e67259255ca1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3381143-6b1-5e0f0524b6940-br"
accept-ranges
bytes
content-length
834
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:14:21 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
wpforms.min.js
theatrewinterhaven.com/wp-content/plugins/wpforms/assets/js/ 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/plugins/wpforms/assets/js/wpforms.min.js?ver=1.7.4.2
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
da342304a5d41b780a68df25dc5c8dca3acc843ca4bfb73935cbdf9cf03a69ff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"338114a-799c-5e0f0524b6940-br"
accept-ranges
bytes
content-length
9042
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 08 Jun 2022 14:14:21 GMT
vary
Accept-Encoding
server
Apache
content-type
text/javascript
js
www.googletagmanager.com/gtag/ 		273 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-2WFQZL6E8L&l=dataLayer&cx=c&gtm=457e4be0h2za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150210179-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
06c7a1d3e3aab4b57cb76265e149c1c0101f4a696a7fcbccea2a531cefca8469
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Sun, 17 Nov 2024 08:20:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:20:02 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
97914
x-xss-protection
0
server
Google Tag Manager
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150210179-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
gzip
age
674
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Sun, 17 Nov 2024 10:08:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:08:48 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
css
fonts.googleapis.com/ 		2 KB
654 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat:100
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/wp-content/uploads/pum/pum-site-styles.css?generated=1653510993&ver=1.16.7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1c445d2ae619f3e88627f553bd2f0e8ed5c4470d0b94624aab47c529a16cc010
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 17 Nov 2024 08:20:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:20:02 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sun, 17 Nov 2024 06:32:41 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
truncated
/ 		436 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
16a984a159a88bb6dc6437829381c3b6dfb4915638ba5a967cb4bfd9d0252878

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		450 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
45a2be788c9254fffe4a332f7b5131b4fe48c551ba2f1726a34cba4db3541020

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
Season-54-2.png
theatrewinterhaven.com/wp-content/uploads/2024/05/ 		248 KB
248 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://theatrewinterhaven.com/wp-content/uploads/2024/05/Season-54-2.png
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/smartslider.min.css?ver=6da04383
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
1589bfe7ace6391d6ac6f9f60215d8b4b77f770e63dd6389f13523a3d0d8fab3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/smartslider.min.css?ver=6da04383

Response headers

accept-ranges
bytes
content-length
253446
etag
"29a0017-3de06-6199ac31816a5"
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Wed, 29 May 2024 17:05:49 GMT
content-type
image/png
server
Apache
48105723266_1f78c22eb0_k.jpg
theatrewinterhaven.com/wp-content/uploads/2019/09/ 		848 KB
849 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://theatrewinterhaven.com/wp-content/uploads/2019/09/48105723266_1f78c22eb0_k.jpg?id=132
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
0a5dd7d2d36a09c18cd71963d4ecf337e9a5c321dfe0ef29fd78a741d1695e05

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

accept-ranges
bytes
content-length
868840
etag
"3381500-d41e8-5933ae00eb600"
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Mon, 23 Sep 2019 16:26:00 GMT
content-type
image/jpeg
server
Apache
curves.svg
theatrewinterhaven.com/wp-content/uploads/2019/10/ 		2 KB
972 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://theatrewinterhaven.com/wp-content/uploads/2019/10/curves.svg
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
8b904785b2133c35966b524ee1e149b88061016d480798f10a498d16267f1a18

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
etag
"3381733-8fc-593d8ae0f2380-br"
accept-ranges
bytes
content-length
879
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Tue, 01 Oct 2019 12:42:06 GMT
vary
Accept-Encoding
server
Apache
content-type
image/svg+xml
1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v34/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyC0ITw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway%3A100%2C200%2C300%2Cregular%2C500%2C600%2C700%2C800%2C900&subset=latin&ver=6.0.3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
47d477915fa5912616e2dc5df8c5780f9202671678cf275472bd39f3381c0098
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://theatrewinterhaven.com
Referer
https://fonts.googleapis.com/

Response headers

age
218320
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 14 Nov 2025 19:41:22 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 19:41:22 GMT
last-modified
Wed, 01 May 2024 20:31:48 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
48336
x-xss-protection
0
server
sffe
truncated
/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6db83b2803fed3f9b574567755102b18c401904a374c8acf4c9a2e9b0159cb4f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://theatrewinterhaven.com
Referer

Response headers

Content-Type
application/x-font-woff;charset=utf-8
fontawesome-webfont.woff2
theatrewinterhaven.com/wp-content/themes/tentered/css/fonts/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-content/themes/tentered/css/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/wp-content/themes/tentered/css/font-awesome.css?ver=1.0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://theatrewinterhaven.com
Referer
https://theatrewinterhaven.com/wp-content/themes/tentered/css/font-awesome.css?ver=1.0

Response headers

content-encoding
br
etag
"28820d8-12d68-592e6ff9a7800-br"
accept-ranges
bytes
content-length
77165
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 19 Sep 2019 12:21:52 GMT
vary
Accept-Encoding
server
Apache
content-type
font/woff2
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v29/ 		37 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?display=swap&family=Montserrat%3A300%2C400%7CRoboto%3A300%2C400
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://theatrewinterhaven.com
Referer
https://fonts.googleapis.com/

Response headers

age
307398
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 13 Nov 2025 18:56:44 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 13 Nov 2024 18:56:44 GMT
last-modified
Wed, 06 Nov 2024 17:30:37 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
37828
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700,400,900%7CVolkhov:400italic%7CRoboto:700,400%7CPoppins:700,500&subset=latin&display=swap&ver=1618923524
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://theatrewinterhaven.com
Referer
https://fonts.googleapis.com/

Response headers

age
160807
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 15 Nov 2025 11:39:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 15 Nov 2024 11:39:55 GMT
last-modified
Thu, 01 Aug 2024 20:41:21 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18596
x-xss-protection
0
server
sffe
collect
www.google-analytics.com/j/ 		1 B
423 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1810245579&t=pageview&_s=1&dl=https%3A%2F%2Ftheatrewinterhaven.com%2F&ul=en-us&de=UTF-8&dt=Home%20-%20Theatre%20Winter%20Haven&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1546749787&gjid=433415772&cid=442717051.1731831603&tid=UA-150210179-1&_gid=340884481.1731831603&_r=1&gtm=457e4be0h2za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067554~102067808~102077855~102081484&did=dNDMyYj&gdid=dNDMyYj&jsscut=1&z=876719565
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://theatrewinterhaven.com/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://theatrewinterhaven.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
1
server
Golfe2
storage.html
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/static/ Frame CBA2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/static/storage.html
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/09d/e43/0dd/1e244879620e2a6a0f2d370.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.31.113 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.31.138.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://theatrewinterhaven.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-length
2056
content-type
text/html
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 17 Oct 2024 15:04:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
cse_element__en.js
www.google.com/cse/static/element/8fa85d58e016b414/ 		286 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/cse/static/element/8fa85d58e016b414/cse_element__en.js?usqp=CAI%3D
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=000611468187706953105:5fps0m6vybv
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d480de66b420ea6afb356fe87de6fe62f5cbbd08662f077ff2edae95a2b900df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
gzip
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
x-content-type-options
nosniff
expires
Sun, 17 Nov 2024 08:20:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:20:02 GMT
content-type
text/javascript
vary
Accept-Encoding
last-modified
Wed, 12 Jun 2024 21:33:21 GMT
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
cache-control
private, max-age=31536000
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
content-length
95840
x-xss-protection
0
server
sffe
default+en.css
www.google.com/cse/static/element/8fa85d58e016b414/ 		41 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.google.com/cse/static/element/8fa85d58e016b414/default+en.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=000611468187706953105:5fps0m6vybv
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
gzip
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
x-content-type-options
nosniff
expires
Sun, 17 Nov 2024 08:20:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:20:02 GMT
content-type
text/css
vary
Accept-Encoding
last-modified
Wed, 12 Jun 2024 21:33:21 GMT
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
cache-control
private, max-age=31536000
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
content-length
9068
x-xss-protection
0
server
sffe
default.css
www.google.com/cse/static/style/look/v4/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.google.com/cse/static/style/look/v4/default.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=000611468187706953105:5fps0m6vybv
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
gzip
age
2378
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
x-content-type-options
nosniff
expires
Sun, 17 Nov 2024 08:30:24 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 07:40:24 GMT
last-modified
Wed, 17 Jun 2020 00:00:00 GMT
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=3000
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
content-length
1345
x-xss-protection
0
server
sffe
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-2WFQZL6E8L&gtm=45je4bc0h1v9125117473za200&_p=1731831602123&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067554~102067808~102077855&gdid=dNDMyYj&cid=442717051.1731831603&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1731831602&sct=1&seg=0&dl=https%3A%2F%2Ftheatrewinterhaven.com%2F&dt=Home%20-%20Theatre%20Winter%20Haven&en=page_view&_fv=1&_ss=1&ep.forceSSL=true&tfd=2315
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2WFQZL6E8L&l=dataLayer&cx=c&gtm=457e4be0h2za200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://theatrewinterhaven.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:20:02 GMT
content-type
text/plain
server
Golfe2
Wonderful-Life-Labeled.jpg
theatrewinterhaven.com/wp-content/uploads/2024/11/ 		77 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://theatrewinterhaven.com/wp-content/uploads/2024/11/Wonderful-Life-Labeled.jpg
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
6abe150b430defc26f37d8a78ba2135b5a5564ac04222d966ae5046277b12f4d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

accept-ranges
bytes
content-length
78406
etag
"29c0033-13246-6265a86eaef8c"
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 07 Nov 2024 22:55:12 GMT
content-type
image/jpeg
server
Apache
Assisted-Christmas.jpg
theatrewinterhaven.com/wp-content/uploads/2024/11/ 		844 KB
845 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://theatrewinterhaven.com/wp-content/uploads/2024/11/Assisted-Christmas.jpg
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
8b54d2ad716ecbf98e74d8f4f56ab179329b9f387a9d454d868d93bd9e61aaa3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

accept-ranges
bytes
content-length
864219
etag
"29c003b-d2fdb-6265a909f2d3b"
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 07 Nov 2024 22:57:55 GMT
content-type
image/jpeg
server
Apache
originCountry
capture-api.reachlocalservices.com/ 		36 B
592 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capture-api.reachlocalservices.com/originCountry
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/09d/e43/0dd/1e244879620e2a6a0f2d370.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-101.jfk52.r.cloudfront.net
Software
/
Resource Hash
9f4598a86a420a96418a5ab9e10a368fa49c379c2459637a219641b01536daf3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://theatrewinterhaven.com/

Response headers

x-amz-apigw-id
BYcQFGbWvHcEGZg=
x-amzn-trace-id
Root=1-6739a733-0e59a8671bf851a5063c4fcf;Parent=295f2f65ea38308c;Sampled=0;Lineage=1:a245b58f:0
access-control-allow-credentials
true
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
x-amzn-requestid
689b9996-470d-47cd-8851-47734c665c12
via
1.1 0b703f88574c6bad454306eb64dd50a2.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
36
x-amz-cf-id
yoj9y_WqWrScZoxH9fTKPIa13yM5Bxu9DtRI3dNeTcPTvXdWHtLynw==
date
Sun, 17 Nov 2024 08:20:03 GMT
content-type
application/json
x-amz-cf-pop
JFK52-P3
access-control-allow-headers
Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With
originCountry
capture-api.reachlocalservices.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://capture-api.reachlocalservices.com/originCountry
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.49.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-49-101.jfk52.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://theatrewinterhaven.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
GET,OPTIONS
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Sun, 17 Nov 2024 08:20:03 GMT
via
1.1 0b703f88574c6bad454306eb64dd50a2.cloudfront.net (CloudFront)
x-amz-apigw-id
BYcQDFwuvHcEPPg=
x-amz-cf-id
Jy5o_JCdr-dwBC2duNQaiAX4Aal5q8GFuPdgNNStRk1sZa8AlSScIw==
x-amz-cf-pop
JFK52-P3
x-amzn-requestid
f844ae6c-36a9-4437-99df-e7c72824f261
x-cache
Miss from cloudfront
async-ads.js
cse.google.com/adsense/search/ 		146 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cse.google.com/adsense/search/async-ads.js
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/8fa85d58e016b414/cse_element__en.js?usqp=CAI%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0737805b70de87ae8f852926e2084e56e0a963f771d65e22582e229ad3b556c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
gzip
etag
"6741358337942255353"
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
x-content-type-options
nosniff
expires
Sun, 17 Nov 2024 08:20:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:20:02 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
link
<https://syndicatedsearch.goog>; rel="preconnect"
cache-control
private, max-age=3600
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
x-xss-protection
0
server
sffe
branding.png
www.google.com/cse/static/images/1x/en/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/cse/static/images/1x/en/branding.png
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6ca8050d203fbcb8613c5b13d0bf8cfccb60e97f82334702edd7a48d09489d68
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

age
144520
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
x-content-type-options
nosniff
expires
Sat, 15 Nov 2025 16:11:22 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 15 Nov 2024 16:11:22 GMT
last-modified
Thu, 07 Dec 2023 21:00:00 GMT
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
content-length
1556
x-xss-protection
0
server
sffe
generate_204
clients1.google.com/ 		0
117 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://clients1.google.com/generate_204
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sun, 17 Nov 2024 08:20:03 GMT
cross-origin-resource-policy
cross-origin
Season51WebsiteBannerBackground.png
theatrewinterhaven.com/wp-content/uploads/2020/04/ 		140 KB
140 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://theatrewinterhaven.com/wp-content/uploads/2020/04/Season51WebsiteBannerBackground.png
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/smartslider-frontend.min.js?ver=6da04383
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
71620130f6e235adae3851594f3f6e606592953db85106f4c6b3974086f74cae

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

accept-ranges
bytes
content-length
143113
etag
"338193f-22f09-5a44b27282c80"
date
Sun, 17 Nov 2024 08:20:03 GMT
last-modified
Mon, 27 Apr 2020 19:59:30 GMT
content-type
image/png
server
Apache
_.gif
fault.rlets.com/static/ 		43 B
441 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fault.rlets.com/static/_.gif?s=09de430d-d1e2-4487-9620-e2a6a0f2d370&m=Unknown%20OS%20or%20OS%20Version&f=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F130.0.0.0%20Safari%2F537.36
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.31.113 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.31.138.34.bc.googleusercontent.com
Software
/
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options ALLOWALL

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

x-frame-options
ALLOWALL
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
34345669e1fabf3f6608799fea88358c
cache-control
max-age=0, private, must-revalidate
etag
W/"42b976597a2d977d0e300f6d06bc903d"
content-transfer-encoding
binary
access-control-allow-methods
GET, POST, PUT, OPTIONS
access-control-allow-origin
*
date
Sun, 17 Nov 2024 08:20:03 GMT
content-type
image/gif
content-disposition
inline
x-runtime
0.002237
access-control-allow-headers
Content-Type
bat.js
bat.bing.com/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
gzip
etag
"028e0691d20db1:0"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 8E413B495FB349168A50C42E01908F58 Ref B: EWR30EDGE1417 Ref C: 2024-11-17T08:20:03Z
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
14570
date
Sun, 17 Nov 2024 08:20:03 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 22:47:44 GMT
vary
Accept-Encoding
fbevents.js
connect.facebook.net/en_US/ 		239 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/09d/e43/0dd/1e244879620e2a6a0f2d370.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f00e:13:face:b00c:0:3 Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
43a683165a27224ef2d2717bd57c8c203aa570ce39140504d086562eefbb0f1f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-ok8KQSPd' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 17 Nov 2024 08:20:03 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-ok8KQSPd' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=16, rtx=0, c=23, mss=1232, tbw=4457, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
drBattFJlEiIZQ9xfh7f2FHb51EInhCDwKhE0ksKY1XBmYEFxdrn4htQ66aw72Uaq5HYKW1oA0lP5mlBmL3Vjw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62152
x-xss-protection
0
origin-agent-cluster
?1
js
www.googletagmanager.com/gtag/ 		285 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-11034151262
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/09d/e43/0dd/1e244879620e2a6a0f2d370.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c4a9e329a89541f01a8b577ceea8d57684c0cca2c0de71f33ae55f5487454727
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Sun, 17 Nov 2024 08:20:03 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 17 Nov 2024 08:20:03 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Sun, 17 Nov 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
100217
x-xss-protection
0
server
Google Tag Manager
d9a5dd70-50f0-0134-a365-0cc47abc2b4e
tag.simpli.fi/sifitag/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.simpli.fi/sifitag/d9a5dd70-50f0-0134-a365-0cc47abc2b4e
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/09d/e43/0dd/1e244879620e2a6a0f2d370.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.86.110.8 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.110.86.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
60f1b526f73cadfcecf31331815e8a748dac5fbf2d78fc9040404f38f374e6bf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

x-request-id
GAizqvAE4SQQwHgoy7SD
cache-control
max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-encoding
gzip
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
date
Sun, 17 Nov 2024 08:20:03 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
openresty
activity;xsp=5036396
pubads.g.doubleclick.net/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubads.g.doubleclick.net/activity;xsp=5036396
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
42
date
Sun, 17 Nov 2024 08:20:03 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
visits
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/api/v1/visits
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.31.113 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.31.138.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options ALLOWALL

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://theatrewinterhaven.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
GET, POST, PUT, OPTIONS
access-control-allow-origin
*
cache-control
no-cache
content-type
text/html
date
Sun, 17 Nov 2024 08:20:03 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-frame-options
ALLOWALL
x-request-id
6a4fe75eb7082aa4826509861afaa2d7
x-runtime
0.001749
visits
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/api/v1/ 		0
383 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/api/v1/visits
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/09d/e43/0dd/1e244879620e2a6a0f2d370.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.31.113 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.31.138.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options ALLOWALL

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://theatrewinterhaven.com/

Response headers

x-frame-options
ALLOWALL
strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
57bd9daf21d452a98dba91afe288c8ff
cache-control
no-cache
access-control-allow-methods
GET, POST, PUT, OPTIONS
access-control-allow-origin
*
date
Sun, 17 Nov 2024 08:20:03 GMT
content-type
text/html
x-runtime
0.009371
access-control-allow-headers
Content-Type
localiq-widgets.js
freemiumleadsservice.localiq.com/public/ 		581 KB
175 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://freemiumleadsservice.localiq.com/public/localiq-widgets.js?v=1
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/09d/e43/0dd/1e244879620e2a6a0f2d370.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.62 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
aedcd80986b89e0d6de60768279993c4b414a9d0909baf056948d60abd23afc5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

fam-ttl
120.000
content-encoding
gzip
x-timer
S1731831603.489962,VS0,VE72
via
1.1 google, 1.1 varnish
accept-ranges
bytes
x-cache
MISS
date
Sun, 17 Nov 2024 08:20:03 GMT
last-modified
Wed, 04 Sep 2024 20:30:15 GMT
content-type
text/javascript
x-served-by
cache-lga21936-LGA
x-cache-hits
0
vary
Accept-Encoding
97010644.js
bat.bing.com/p/action/ 		363 B
422 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/97010644.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
br
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 70E3CF0A92644F12942FD28242B7E52E Ref B: EWR30EDGE1417 Ref C: 2024-11-17T08:20:03Z
x-cache
CONFIG_NOCACHE
date
Sun, 17 Nov 2024 08:20:03 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
collect
www.google.com/ccm/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Ftheatrewinterhaven.com%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=846360971.1731831604&auid=742420586.1731831604&npa=0&did=dNDMyYj&gdid=dNDMyYj&gtm=45be4be0h2za200&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102077855&tft=1731831603644&tfd=3097&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11034151262
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/11034151262/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11034151262/?random=1731831603635&cv=11&fst=1731831603635&bg=ffffff&guid=ON&async=1&gtm=45be4be0h2za200&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102077855&u_w=1600&u_h=1200&url=https%3A%2F%2Ftheatrewinterhaven.com%2F&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Theatre%20Winter%20Haven&did=dNDMyYj&gdid=dNDMyYj&npa=0&pscdl=noapi&auid=742420586.1731831604&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11034151262
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5faff818dc5b155f496c8f26d8a05634d255c2aa7a87385d9bc557fcf50a8c84
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2343
date
Sun, 17 Nov 2024 08:20:03 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
11034151262
td.doubleclick.net/td/rul/ Frame 4B6D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/11034151262?random=1731831603635&cv=11&fst=1731831603635&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4be0h2za200&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102077855&u_w=1600&u_h=1200&url=https%3A%2F%2Ftheatrewinterhaven.com%2F&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Theatre%20Winter%20Haven&did=dNDMyYj&gdid=dNDMyYj&npa=0&pscdl=noapi&auid=742420586.1731831604&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11034151262
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://theatrewinterhaven.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
565
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 17 Nov 2024 08:20:03 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
705019884164472
connect.facebook.net/signals/config/ 		69 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/705019884164472?v=2.9.177&r=stable&domain=theatrewinterhaven.com&hme=c3e4904c1dde42d643265ef909b9e193c41cedcd6f559a3ff5e1b178e36647fa&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f00e:13:face:b00c:0:3 Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eec4b591a29ccc760ab4a0d78f2ed3d9c6d902dc08974cad61f3d6477a9ad0c6
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-uIxnZvK3' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 17 Nov 2024 08:20:03 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-uIxnZvK3' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=15, rtx=0, c=71, mss=1232, tbw=70981, tp=68, tpl=0, uplat=57, ullat=0
pragma
public
x-fb-debug
sQ5+kSIsoZm6IzsFmCaSsBmAKgf8uWO6h7EZ4M/7hxiaPRElBSkOA/d9cmXAeQlooJVGYF8FmqTZQpjYRzOnqA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame F5A3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Ftheatrewinterhaven.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11034151262
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Sun, 17 Nov 2024 08:20:03 GMT
expires
Mon, 17 Nov 2025 08:20:03 GMT
last-modified
Mon, 21 Oct 2024 16:58:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
0
bat.bing.com/action/ 		0
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=97010644&Ver=2&mid=3197bd7e-ff2f-4a48-a4d3-b8ab8d576759&bo=1&sid=bf03bf50a4bc11efb024bf74b5339856&vid=bf04d150a4bc11ef9bf4e7eb6a711c71&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=Home%20-%20Theatre%20Winter%20Haven&p=https%3A%2F%2Ftheatrewinterhaven.com%2F&r=&lt=2435&evt=pageLoad&sv=1&cdb=AQAQ&rn=618823
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, must-revalidate
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 9371FDC449B24CFFA4C34BD305A61CBB Ref B: EWR30EDGE1417 Ref C: 2024-11-17T08:20:03Z
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Sun, 17 Nov 2024 08:20:03 GMT
/
www.google.com/pagead/1p-user-list/11034151262/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/11034151262/?random=1731831603635&cv=11&fst=1731830400000&bg=ffffff&guid=ON&async=1&gtm=45be4be0h2za200&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102077855&u_w=1600&u_h=1200&url=https%3A%2F%2Ftheatrewinterhaven.com%2F&hn=www.googleadservices.com&frm=0&tiba=Home%20-%20Theatre%20Winter%20Haven&did=dNDMyYj&gdid=dNDMyYj&npa=0&pscdl=noapi&auid=742420586.1731831604&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQCa7L7dTtV0BXg_cJKAt_s_Dj_0M7Z_XHYBB8J8t6ClD7TdcLyVyecP&random=1104953757&rmt_tld=0&ipr=y
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sun, 17 Nov 2024 08:20:03 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=705019884164472&ev=PageView&dl=https%3A%2F%2Ftheatrewinterhaven.com%2F&rl=&if=false&ts=1731831603887&sw=1600&sh=1200&v=2.9.177&r=stable&ec=0&o=4126&fbp=fb.1.1731831603884.21262323550270819&ler=empty&cdl=API_unavailable&it=1731831603693&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=23, mss=1232, tbw=4666, tp=13, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
196 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=705019884164472&ev=PageView&dl=https%3A%2F%2Ftheatrewinterhaven.com%2F&rl=&if=false&ts=1731831603887&sw=1600&sh=1200&v=2.9.177&r=stable&ec=0&o=4126&fbp=fb.1.1731831603884.21262323550270819&ler=empty&cdl=API_unavailable&it=1731831603693&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=FGET
Requested by
Host: theatrewinterhaven.com
URL: https://theatrewinterhaven.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7438160102915150375"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
8TDYb2JLKKJSM3ZDqdwQh0aug7Q94XwzhRmP2UQvMt3GnBT2Ax1vmc/IGYOK0UHm/kqgFgzuu4iHfJuxdbMGzQ==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7438160102915150375", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=20, rtx=0, c=23, mss=1232, tbw=5034, tp=16, tpl=0, uplat=83, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
capture.js
cdn.rlets.com/capture_static/mms/ Frame 79DB 		175 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.rlets.com/capture_static/mms/capture.js
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_configs/09d/e43/0dd/1e244879620e2a6a0f2d370.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2141:3200:6:9a19:88c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
29966ce69e5cc846ac2cdce0a30e5d7797bb8334c9fe729534a205e25db16120

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

x-amz-cf-pop
JFK50-P10
content-encoding
br
etag
W/"a2e2dbde8a8c2c25cddaa1adf5a68764"
age
44687
via
1.1 77512d19cb7ad3590ec138f5d5b2dd86.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
xcriRw8Sg1l1JTqtGOqSTbtpzqedb_89EdqiIfNiidZT_CFFNh93hw==
date
Sat, 16 Nov 2024 20:10:22 GMT
content-type
application/javascript
vary
accept-encoding
server
AmazonS3
last-modified
Thu, 07 Nov 2024 17:47:21 GMT
x-amz-server-side-encryption
AES256
storage.html
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/static/ Frame 024F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/static/storage.html
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_static/mms/capture.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.138.31.113 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.31.138.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-length
2056
content-type
text/html
date
Sun, 17 Nov 2024 08:20:02 GMT
last-modified
Thu, 17 Oct 2024 15:04:05 GMT
p
i.simpli.fi/ 		809 B
769 B 		Script
General
Check archive.org
Download Go to
Full URL
https://i.simpli.fi/p?cid=22180&cb=sifi_att_2994318277495583._hp
Requested by
Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/d9a5dd70-50f0-0134-a365-0cc47abc2b4e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.86.110.8 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.110.86.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
ecdafd6f787ded03168486561409fa73c581d0c31c3215255b9e9de75b8c31c5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-encoding
gzip
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
openresty
w-logo-blue-white-bg.png
theatrewinterhaven.com/wp-includes/images/
Redirect Chain
  • https://theatrewinterhaven.com/favicon.ico
  • https://theatrewinterhaven.com/wp-includes/images/w-logo-blue-white-bg.png
4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://theatrewinterhaven.com/wp-includes/images/w-logo-blue-white-bg.png
Protocol
H2
Server
148.72.78.8 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
8.78.72.148.host.secureserver.net
Software
Apache /
Resource Hash
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

accept-ranges
bytes
content-length
4119
etag
"6e306a-1017-5a624e1454500"
date
Sun, 17 Nov 2024 08:20:05 GMT
last-modified
Thu, 21 May 2020 09:10:12 GMT
content-type
image/png
server
Apache

Redirect headers

x-redirect-by
WordPress
link
<https://theatrewinterhaven.com/wp-json/>; rel="https://api.w.org/"
location
https://theatrewinterhaven.com/wp-includes/images/w-logo-blue-white-bg.png
content-encoding
br
content-length
1
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.4.33
vary
Accept-Encoding
server
Apache
localiq-widgets.js
freemiumleadsservice.localiq.com/public/ Frame 79DB 		581 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://freemiumleadsservice.localiq.com/public/localiq-widgets.js?v=1
Requested by
Host: cdn.rlets.com
URL: https://cdn.rlets.com/capture_static/mms/capture.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.62 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
aedcd80986b89e0d6de60768279993c4b414a9d0909baf056948d60abd23afc5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

fam-ttl
120.000
content-encoding
gzip
x-timer
S1731831603.489962,VS0,VE72
via
1.1 google, 1.1 varnish
accept-ranges
bytes
x-cache
MISS
date
Sun, 17 Nov 2024 08:20:03 GMT
last-modified
Wed, 04 Sep 2024 20:30:15 GMT
content-type
text/javascript
x-served-by
cache-lga21936-LGA
x-cache-hits
0
vary
Accept-Encoding
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://um.simpli.fi/smaato
  • https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=955048CCC945450C82822B4622A3087B
  • https://rtb-csync.smartadserver.com/redir/?partnerid=133&partneruserid=e56754cc73&gdpr=0&gdpr_consent=
43 B
557 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=133&partneruserid=e56754cc73&gdpr=0&gdpr_consent=
Protocol
H2
Server
23.83.76.90 Los Angeles, United States, ASN395954 (LEASEWEB-USA-LAX, US),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
no-cache,no-store
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date
Sun, 17 Nov 2024 08:20:04 GMT
pragma
no-cache
content-type
image/gif

Redirect headers

cache-control
no-cache, must-revalidate
location
https://rtb-csync.smartadserver.com/redir/?partnerid=133&partneruserid=e56754cc73&gdpr=0&gdpr_consent=
via
1.1 e9fae68a5077ddad48f891e10e9046ae.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
TXKFGsp7LHH-emhWe0Vo-ARaO7hNizgXmZyvjGCzKyeqvWADV504ww==
date
Sun, 17 Nov 2024 08:20:04 GMT
x-amz-cf-pop
JFK52-P7
server
CloudFront
955048CCC945450C82822B4622A3087B
sync.1rx.io/usersync/simplifi/
Redirect Chain
  • https://um.simpli.fi/nexxen
  • https://sync.1rx.io/usersync/simplifi/955048CCC945450C82822B4622A3087B
0
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.1rx.io/usersync/simplifi/955048CCC945450C82822B4622A3087B
Protocol
H2
Server
69.194.240.13 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

expires
0
cache-control
no-store, no-cache, must-revalidate
date
Sun, 17 Nov 2024 08:19:47 GMT
pragma
no-cache

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://sync.1rx.io/usersync/simplifi/955048CCC945450C82822B4622A3087B
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Sat, 16 Nov 2024 08:20:04 GMT
access-control-allow-origin
*
content-length
142
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
xuid
eb2.3lift.com/
Redirect Chain
  • https://um.simpli.fi/triplelift
  • https://eb2.3lift.com/xuid?mid=7969&xuid=955048CCC945450C82822B4622A3087B&dongle=yf3
  • https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=955048CCC945450C82822B4622A3087B&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
37 B
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=955048CCC945450C82822B4622A3087B&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
Protocol
H2
Server
52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
image/gif

Redirect headers

cache-control
no-cache, no-store, must-revalidate
location
/xuid?ld=1&mid=7969&xuid=955048CCC945450C82822B4622A3087B&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date
Sun, 17 Nov 2024 08:20:04 GMT
sync
simplifi.partners.tremorhub.com/
Redirect Chain
  • https://um.simpli.fi/telaria_p
  • https://simplifi.partners.tremorhub.com/sync?UISF=955048CCC945450C82822B4622A3087B
43 B
175 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simplifi.partners.tremorhub.com/sync?UISF=955048CCC945450C82822B4622A3087B
Protocol
H2
Server
2600:1f18:612b:4264:1b19:8b47:338b:3179 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
image/gif
server
nginx

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://simplifi.partners.tremorhub.com/sync?UISF=955048CCC945450C82822B4622A3087B
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Sat, 16 Nov 2024 08:20:04 GMT
access-control-allow-origin
*
content-length
142
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain
  • https://um.simpli.fi/tapad
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=955048CCC945450C82822B4622A3087B
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=955048CCC945450C82822B4622A3087B
95 B
428 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=955048CCC945450C82822B4622A3087B
Protocol
H2
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
Jetty(11.0.13) /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

strict-transport-security
max-age=31536000
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
95
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
image/png
server
Jetty(11.0.13)

Redirect headers

strict-transport-security
max-age=31536000
location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=955048CCC945450C82822B4622A3087B
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
0
date
Sun, 17 Nov 2024 08:20:04 GMT
server
Jetty(11.0.13)
empty.gif
um.simpli.fi/
Redirect Chain
  • https://um.simpli.fi/ad_advisor
  • https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=955048CCC945450C82822B4622A3087B
  • https://d.agkn.com/pixel/10751/?che=1731831604430&ip=5.181.234.133&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D213620605069008912637
  • https://um.simpli.fi/aa_px?sk=213620605069008912637
  • https://um.simpli.fi/empty.gif
43 B
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/empty.gif
Protocol
H2
Server
34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
96.170.150.34.bc.googleusercontent.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
access-control-allow-origin
*
content-length
43
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
image/gif
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
location
/empty.gif
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-length
142
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain
  • https://um.simpli.fi/intentiq
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=955048CCC945450C82822B4622A3087B
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=955048CCC945450C82822B4622A3087B&ckls=true&ci=5lrHib0PjJ&nc=false&trid=-807545214
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=955048CCC945450C82822B4622A3087B&ckls=true&ci=5lrHib0PjJ&nc=false&trid=-807545214
Protocol
H2
Server
2600:9000:2840:b400:1b:6b7d:2300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 e48704e6e4e9818f22c02e73e105de8e.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P7
x-amz-cf-id
huOcYfIxwfojrrxN4vgp8qD4ICCh1e06dPcowztjR-Cx4dhhXqCiOw==

Redirect headers

patent
https://www.almondnet.com/ip
cache-control
no-cache, no-store, must-revalidate
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=955048CCC945450C82822B4622A3087B&ckls=true&ci=5lrHib0PjJ&nc=false&trid=-807545214
pragma
no-cache
via
1.1 e48704e6e4e9818f22c02e73e105de8e.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P7
x-amz-cf-id
vrbYzGzcaAiWceZka1rTUqZVuCXZOmGD7PnjiKQmrK3naPcIEDPf6Q==
Pug
image2.pubmatic.com/AdServer/
Redirect Chain
  • https://um.simpli.fi/pubmatic
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:955048CCC945450C82822B4622A3087B
42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:955048CCC945450C82822B4622A3087B
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
no-store, no-cache, private
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Sun, 17 Nov 2024 08:20:03 GMT
content-type
image/gif; charset=utf-8
server
nginx

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:955048CCC945450C82822B4622A3087B
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Sat, 16 Nov 2024 08:20:04 GMT
access-control-allow-origin
*
content-length
142
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
user-registering
ads.stickyadstv.com/
Redirect Chain
  • https://um.simpli.fi/freewheel
  • https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=955048CCC945450C82822B4622A3087B
43 B
654 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=955048CCC945450C82822B4622A3087B
Protocol
HTTP/1.1
Server
63.251.28.210 Secaucus, United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache
Pragma
no-cache
x-sticky-vk
1731831604942004-162
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Date
Sun, 17 Nov 2024 08:20:04 GMT
Content-Type
image/gif
Server
nginx

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=955048CCC945450C82822B4622A3087B
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Sat, 16 Nov 2024 08:20:04 GMT
access-control-allow-origin
*
content-length
142
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
engine
pbid.pro-market.net/
Redirect Chain
  • https://um.simpli.fi/dtnx
  • https://fei.pro-market.net/engine?du=24;csync=955048CCC945450C82822B4622A3087B;mimetype=img;
  • https://fei.pro-market.net/engine?du=24;csync=955048CCC945450C82822B4622A3087B;mimetype=img;sr
  • https://cm.g.doubleclick.net/pixel?google_nid=datonics-ddp&google_cm&google_hm=NTQ3NDcyMDUzNDc1NDExOTI4OA==
  • https://pbid.pro-market.net/engine?du=53&mimetype=img&google_gid=CAESEHzn_ydIrEUBHeZ61vtHZ5c&google_cver=1
43 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbid.pro-market.net/engine?du=53&mimetype=img&google_gid=CAESEHzn_ydIrEUBHeZ61vtHZ5c&google_cver=1
Protocol
H2
Server
2600:1901:0:8eee:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 google
anserver
gapp10.c.datonics-gcp-01.internal
expires
Mon, 1 Jan 1990 0:0:0 GMT
access-control-allow-origin
*
alt-svc
clear
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
content-length
43
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
image/gif
server
Apache-Coyote/1.1

Redirect headers

cache-control
no-cache, must-revalidate
location
https://pbid.pro-market.net/engine?du=53&mimetype=img&google_gid=CAESEHzn_ydIrEUBHeZ61vtHZ5c&google_cver=1
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
315
date
Sun, 17 Nov 2024 08:20:04 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
/
loadm.exelator.com/load/
Redirect Chain
  • https://um.simpli.fi/exelatem
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=955048CCC945450C82822B4622A3087B&j=0
  • https://loadm.exelator.com/load/?p=204&g=2191&simid=955048CCC945450C82822B4622A3087B&j=0&xl8blockcheck=1
0
771 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadm.exelator.com/load/?p=204&g=2191&simid=955048CCC945450C82822B4622A3087B&j=0&xl8blockcheck=1
Protocol
H2
Server
52.0.156.250 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-0-156-250.compute-1.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
no-cache
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
date
Sun, 17 Nov 2024 08:20:04 GMT
x-powered-by
Undertow/1
server
nginx
access-control-allow-credentials
true

Redirect headers

cache-control
no-cache
location
https://loadm.exelator.com/load/?p=204&g=2191&simid=955048CCC945450C82822B4622A3087B&j=0&xl8blockcheck=1
access-control-allow-credentials
true
content-length
0
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
image/gif
x-powered-by
Undertow/1
server
nginx
sync
ups.analytics.yahoo.com/ups/55964/
Redirect Chain
  • https://um.simpli.fi/yahoo
  • https://ups.analytics.yahoo.com/ups/55964/sync?uid=955048CCC945450C82822B4622A3087B
  • https://ups.analytics.yahoo.com/ups/55964/sync?uid=955048CCC945450C82822B4622A3087B&verify=true
0
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55964/sync?uid=955048CCC945450C82822B4622A3087B&verify=true
Protocol
H2
Server
2001:4998:14:800::1001 , United States, ASN14777 (YAHOO, US),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date
Sun, 17 Nov 2024 08:20:04 GMT
age
0
content-type
text/html
server
ATS
referrer-policy
no-referrer-when-downgrade

Redirect headers

strict-transport-security
max-age=31536000
location
https://ups.analytics.yahoo.com/ups/55964/sync?uid=955048CCC945450C82822B4622A3087B&verify=true
age
0
referrer-policy
no-referrer-when-downgrade
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
text/html
server
ATS
sync
sync.bfmio.com/
Redirect Chain
  • https://um.simpli.fi/beachfront
  • https://sync.bfmio.com/sync?pid=141&uid=955048CCC945450C82822B4622A3087B
0
421 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.bfmio.com/sync?pid=141&uid=955048CCC945450C82822B4622A3087B
Protocol
HTTP/1.1
Server
3.218.41.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-218-41-45.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

Date
Sun, 17 Nov 2024 08:20:04 GMT
Connection
keep-alive

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://sync.bfmio.com/sync?pid=141&uid=955048CCC945450C82822B4622A3087B
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Sat, 16 Nov 2024 08:20:04 GMT
access-control-allow-origin
*
content-length
142
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
29931
stags.bluekai.com/site/
Redirect Chain
  • https://um.simpli.fi/bluekai
  • https://stags.bluekai.com/site/29931?id=955048CCC945450C82822B4622A3087B
0
0
tpid=955048CCC945450C82822B4622A3087B
bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/
Redirect Chain
  • https://um.simpli.fi/crwdcntrl
  • https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=955048CCC945450C82822B4622A3087B
  • https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=955048CCC945450C82822B4622A3087B
49 B
546 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=955048CCC945450C82822B4622A3087B
Protocol
H2
Server
35.175.35.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-175-35-80.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
no-cache
pragma
no-cache
expires
0
access-control-allow-origin
*
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
49
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
image/gif
x-server
10.40.52.131
server
Jetty(9.4.38.v20210224)

Redirect headers

cache-control
no-cache
location
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=955048CCC945450C82822B4622A3087B
pragma
no-cache
expires
0
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
0
date
Sun, 17 Nov 2024 08:20:04 GMT
x-server
10.40.61.72
server
Jetty(9.4.38.v20210224)
merge
ce.lijit.com/
Redirect Chain
  • https://um.simpli.fi/lj_match
  • https://ce.lijit.com/merge?pid=2&3pid=955048CCC945450C82822B4622A3087B
  • https://ce.lijit.com/merge?pid=2&3pid=955048CCC945450C82822B4622A3087B&dnr=1
43 B
510 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=2&3pid=955048CCC945450C82822B4622A3087B&dnr=1
Protocol
H2
Server
100.25.81.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-25-81-54.compute-1.amazonaws.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
pragma
no-cache
expires
Fri, 20 Mar 2009 00:00:00 GMT
content-length
43
p3p
CP="CUR ADM OUR NOR STA NID"
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
image/gif
vary
Accept-Encoding

Redirect headers

cache-control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
location
https://ce.lijit.com/merge?pid=2&3pid=955048CCC945450C82822B4622A3087B&dnr=1
pragma
no-cache
expires
Fri, 20 Mar 2009 00:00:00 GMT
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Sun, 17 Nov 2024 08:20:04 GMT
vary
Accept-Encoding
db_sync
px.ads.linkedin.com/
Redirect Chain
  • https://um.simpli.fi/liveramp_match
  • https://idsync.rlcdn.com/419566.gif?partner_uid=955048CCC945450C82822B4622A3087B
  • https://idsync.rlcdn.com/1000.gif?memo=CO7NGRIrCicIARDuJBogOTU1MDQ4Q0NDOTQ1NDUwQzgyODIyQjQ2MjJBMzA4N0IQABoNCLTO5rkGEgUI6AcQAEIASgA
  • https://pippio.com/api/sync?pid=5324&it=1&iv=86892b88b49a10d01e0b08db20ff2dfb74536f57c7024f3b63aeaa4a9cb33f55791426b5417dce21&_=2
  • https://px.ads.linkedin.com/db_sync?pid=10339&puuid=86892b88b49a10d01e0b08db20ff2dfb74536f57c7024f3b63aeaa4a9cb33f55791426b5417dce21&rand=01768505
  • https://px.ads.linkedin.com/db_sync?pid=10339&puuid=86892b88b49a10d01e0b08db20ff2dfb74536f57c7024f3b63aeaa4a9cb33f55791426b5417dce21&rand=01768505&expected_cookie=0b5c521e-07a3-4f1c-b944-a5c7519bc322
0
143 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=86892b88b49a10d01e0b08db20ff2dfb74536f57c7024f3b63aeaa4a9cb33f55791426b5417dce21&rand=01768505&expected_cookie=0b5c521e-07a3-4f1c-b944-a5c7519bc322
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: FD9CF87DC29D4F5CBE7590AFE54425F7 Ref B: EWR30EDGE1422 Ref C: 2024-11-17T08:20:04Z
x-li-fabric
prod-lva1
x-li-uuid
AAYnF3ebKY8OJXiR0acFPg==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Sun, 17 Nov 2024 08:20:03 GMT

Redirect headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
location
/db_sync?pid=10339&puuid=86892b88b49a10d01e0b08db20ff2dfb74536f57c7024f3b63aeaa4a9cb33f55791426b5417dce21&rand=01768505&expected_cookie=0b5c521e-07a3-4f1c-b944-a5c7519bc322
x-msedge-ref
Ref A: 61362CE546D4428AAC830D162DF65EE3 Ref B: EWR30EDGE1422 Ref C: 2024-11-17T08:20:04Z
x-li-fabric
prod-lva1
x-li-uuid
AAYnF3eatr+Z+CqLj8F/cQ==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Sun, 17 Nov 2024 08:20:03 GMT
/
www.google.com/pagead/1p-conversion/1026675585/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/1026675585/?random=1731831604252&cv=7&fst=1731831604252&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=452085429&cv=7&fst=1731831604252&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHB...
  • https://www.google.com/pagead/1p-conversion/1026675585/?random=452085429&cv=7&fst=1731831604252&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDs...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-conversion/1026675585/?random=452085429&cv=7&fst=1731831604252&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII6saxAgjTxbEC&pscrd=IhMImeHavPfiiQMVd3BHAR1ewSi9MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh9odHRwczovL3RoZWF0cmV3aW50ZXJoYXZlbi5jb20v&is_vtc=1&cid=CAQSKQCa7L7ddC1lWILC7uUTse60om1nTB__D-Fhm6ujo-hb6YZ4vhS9wb_8&random=1055582489
Protocol
H3
Server
2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Sun, 17 Nov 2024 08:20:04 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
location
https://www.google.com/pagead/1p-conversion/1026675585/?random=452085429&cv=7&fst=1731831604252&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCOvGsQII6saxAgjTxbEC&pscrd=IhMImeHavPfiiQMVd3BHAR1ewSi9MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOh9odHRwczovL3RoZWF0cmV3aW50ZXJoYXZlbi5jb20v&is_vtc=1&cid=CAQSKQCa7L7ddC1lWILC7uUTse60om1nTB__D-Fhm6ujo-hb6YZ4vhS9wb_8&random=1055582489
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
42
date
Sun, 17 Nov 2024 08:20:04 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
spotx_match
um.simpli.fi/ 		0
272 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/spotx_match
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
96.170.150.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

access-control-allow-methods
GET, POST, OPTIONS
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-origin
*
date
Sun, 17 Nov 2024 08:20:04 GMT
x-content-type-options
nosniff
bounce
ib.adnxs.com/
Redirect Chain
  • https://um.simpli.fi/an
  • https://ib.adnxs.com/setuid?entity=66&code=955048CCC945450C82822B4622A3087B
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D955048CCC945450C82822B4622A3087B
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D955048CCC945450C82822B4622A3087B
Protocol
H2
Server
68.67.160.117 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
5.181.234.133; 5.181.234.133; 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
cb5fefab-3fb0-41ed-a110-9c167211f2c1
content-length
43
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Sun, 17 Nov 2024 08:20:04 GMT
x-xss-protection
0
content-type
image/gif
server
nginx/1.23.4

Redirect headers

cache-control
no-store, no-cache, private
location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D955048CCC945450C82822B4622A3087B
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin
5.181.234.133; 5.181.234.133; 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid
e095580e-22ed-4113-993e-840ea52bfe0e
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Sun, 17 Nov 2024 08:20:04 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
tap.php
pixel.rubiconproject.com/
Redirect Chain
  • https://um.simpli.fi/rb_match
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=955048CCC945450C82822B4622A3087B&expires=365
42 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=955048CCC945450C82822B4622A3087B&expires=365
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
f72efbd84733ea5ba734e4e8fe0395a3
Pragma
no-cache
content-length
42
Content-Type
image/gif

Redirect headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
location
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=955048CCC945450C82822B4622A3087B&expires=365
x-content-type-options
nosniff
access-control-allow-methods
GET, POST, OPTIONS
expires
Sat, 16 Nov 2024 08:20:04 GMT
access-control-allow-origin
*
content-length
142
date
Sun, 17 Nov 2024 08:20:04 GMT
content-type
text/html
server
openresty
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://um.simpli.fi/ox_match
  • https://us-u.openx.net/w/1.0/sd?id=537072966&val=955048CCC945450C82822B4622A3087B
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=955048CCC945450C82822B4622A3087B
43 B
171 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=955048CCC945450C82822B4622A3087B
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

cache-control
private, max-age=0, no-cache
pragma
no-cache
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
p3p
CP="CUR ADM OUR NOR STA NID"
date
Sun, 17 Nov 2024 08:20:03 GMT
content-type
image/gif
vary
Accept
server
OXGW/0.0.0

Redirect headers

via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
location
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=955048CCC945450C82822B4622A3087B
p3p
CP="CUR ADM OUR NOR STA NID"
content-length
0
date
Sun, 17 Nov 2024 08:20:04 GMT
server
OXGW/0.0.0
g_match
um.simpli.fi/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
  • https://um.simpli.fi/g_match?id=&google_gid=CAESEDCHYsMmvYDwwIfNtI7oUK8&google_cver=1
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=955048CCC945450C82822B4622A3087B
  • https://um.simpli.fi/g_match?id=
0
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/g_match?id=
Protocol
H2
Server
34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
96.170.150.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://theatrewinterhaven.com/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
no-cache
access-control-allow-methods
GET, POST, OPTIONS
x-content-type-options
nosniff
expires
Sat, 16 Nov 2024 08:20:04 GMT
access-control-allow-origin
*
date
Sun, 17 Nov 2024 08:20:04 GMT
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

cache-control
no-cache, must-revalidate
location
https://um.simpli.fi/g_match?id=
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
229
date
Sun, 17 Nov 2024 08:20:04 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
truncated
/ 		12 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4036c5b5a6b7f83759558544aa72071cd8eed0fa684c8bcc36e8f785e7f928c4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:700,400,900%7CVolkhov:400italic%7CRoboto:700,400%7CPoppins:700,500&subset=latin&display=swap&ver=1618923524
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://theatrewinterhaven.com
Referer
https://fonts.googleapis.com/

Response headers

age
330932
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 13 Nov 2025 12:24:32 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 13 Nov 2024 12:24:32 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
stags.bluekai.com
URL
https://stags.bluekai.com/site/29931?id=955048CCC945450C82822B4622A3087B

Verdicts & Comments Add Verdict or Comment

119 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 string| em_version boolean| em_track_user object| disableStrs function| __gtagTrackerIsOptedOut function| __gtagTrackerOptout function| gaOptout function| __gtagDataLayer function| __gtagTracker object| dataLayer object| ExactMetricsDualTracker function| gtag function| __gaTracker object| _wpemojiSettings object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| ExactMetrics object| ExactMetricsObject object| exactmetrics_frontend function| jQuery object| punchgs object| _gsScope function| setREVStartSize object| _N2 object| gaplugins object| gaGlobal object| gaData object| rl_widget_cfg object| RLCAP object| captureStatus object| html5 object| Modernizr function| yepnope object| __gcse object| twemoji object| wp function| NextendThrottle function| NextendDeBounce object| n2const function| Swipe object| imi_local function| vc_js function| vc_plugin_flexslider function| vc_googleplus function| vc_pinterest function| vc_progress_bar function| vc_waypoints function| vc_toggleBehaviour function| vc_tabsBehaviour function| vc_accordionBehaviour function| vc_teaserGrid function| vc_carouselBehaviour function| vc_slidersBehaviour function| vc_prettyPhoto function| vc_google_fonts function| vc_rowBehaviour function| vc_gridBehaviour function| getColumnsCount function| wpb_prepare_tab_content function| vc_ttaActivation function| vc_accordionActivate function| initVideoBackgrounds function| vc_initVideoBackgrounds function| insertYoutubeVideoAsBackground function| vcResizeVideoBackground function| vcExtractYoutubeId function| vc_googleMapsPointer function| vc_setHoverBoxPerspective function| vc_setHoverBoxHeight function| vc_prepareHoverBox object| module$exports$cse$search object| module$exports$cse$CustomImageSearch object| module$exports$cse$CustomWebSearch object| google object| module$exports$cse$searchcontrol object| module$exports$cse$customsearchcontrol object| pum_vars object| pum_sub_vars object| pum_popups object| PUM object| PUM_Accessibility object| PUM_Analytics function| pm_cookie function| pm_cookie_json function| pm_remove_cookie string| ajaxurl object| pum function| FormSerializer object| Mailcheck object| punycode object| wpforms object| wpforms_settings function| _googCsa number| nextSearchboxId number| googleNDT_ number| googleAltLoader object| gsapVersions object| n2ss object| n2-ss-3 object| n2-ss-2 object| uetq function| fbq function| _fbq object| RL object| sifi_att_2994318277495583 function| UET function| UET_init function| UET_push object| ueto_f2f8897a5c object| GooglebQhCsO function| LocalIQWidgets object| localIqWidgetConfig string| localIqShadowId boolean| LocaliqWidgetsInitialized

78 Cookies

Domain/Path Name / Value
.theatrewinterhaven.com/ Name: _gid
Value: GA1.2.340884481.1731831603
.theatrewinterhaven.com/ Name: _gat_gtag_UA_150210179_1
Value: 1
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/ Name: test
Value: test
.theatrewinterhaven.com/ Name: _ga_2WFQZL6E8L
Value: GS1.1.1731831602.1.0.1731831602.0.0.0
.theatrewinterhaven.com/ Name: _ga
Value: GA1.1.442717051.1731831603
theatrewinterhaven.com/ Name: _wpfuuid
Value: 2ec1d900-3bed-44ce-b251-b4386f6baa97
theatrewinterhaven.com/ Name: rl_visitor_history
Value: 373b963a-05b3-4ed4-9bc7-bc5f70b9dd69
theatrewinterhaven.com/ Name: sifi_user_id
Value: undefined
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/ Name: bot_type
Value:
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/ Name: history_campaign
Value:
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/ Name: history_referrer_type
Value: DIRECT
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/ Name: last_activity_at
Value: 1731831603433
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/ Name: visitor_id
Value: 373b963a-05b3-4ed4-9bc7-bc5f70b9dd69
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/ Name: sifi_user_id
Value:
09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com/ Name: visit_id
Value: 76e4a9f2-1a87-4053-b93c-63f28565fa3e
.simpli.fi/ Name: suid
Value: 955048CCC945450C82822B4622A3087B
.theatrewinterhaven.com/ Name: _gcl_au
Value: 1.1.742420586.1731831604
.theatrewinterhaven.com/ Name: _uetsid
Value: bf03bf50a4bc11efb024bf74b5339856
.theatrewinterhaven.com/ Name: _uetvid
Value: bf04d150a4bc11ef9bf4e7eb6a711c71
.doubleclick.net/ Name: IDE
Value: AHWqTUnVgo4GNfryTFDylPzVnaxjXVp1ZU10qZMd1_WvcB1KBLNHq6rAZR_Wgo3b
.bing.com/ Name: MUID
Value: 33CB3AF142E06F8830962FCB43486E13
.bat.bing.com/ Name: MR
Value: 0
.theatrewinterhaven.com/ Name: _fbp
Value: fb.1.1731831603884.21262323550270819
.simpli.fi/ Name: uid_syncd_secure
Value: true
.tapad.com/ Name: TapAd_TS
Value: 1731831604390
.tapad.com/ Name: TapAd_DID
Value: 54cd0353-4d48-4a89-b8cf-4b62333407ca
.smaato.net/ Name: SCM
Value: e56754cc73
.smaato.net/ Name: SCMsas
Value: e56754cc73
.smaato.net/ Name: SCM1001136
Value: e56754cc73
.3lift.com/ Name: tluidp
Value: 4415693786040235649191
.3lift.com/ Name: tluid
Value: 4415693786040235649191
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.agkn.com/ Name: ab
Value: 0001%3AeZFRBB6DerqHaWhiaMZaIMwApNPewdGd
.adnxs.com/ Name: XANDR_PANID
Value: e1g7-kRlm06U8x1WUxcIXPxDxlIymgKgxSY0rDPOgRRG9gccVihSfAtqqhIusUZloCIRzOU9Ey7h6z4LM-0td9w3yff0C3Bst0Y2iJmLGgg.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 4627064038373623873
.adnxs.com/ Name: anj
Value: dTM7k!M4.FE:2jUF']wIg2Il_hMuR.!]tbPl1N!7On*M$=BX).jE3$Bl#K)/e:5eXcyLXKdX=lCe9C@HiJh:SliysxaW##[/X%W#.wL4W1Qw2(=/2eU
.intentiq.com/ Name: IQver
Value: 1.9
.intentiq.com/ Name: intentIQ
Value: 5lrHib0PjJ
.openx.net/ Name: i
Value: 402592ff-4434-4bad-b39a-ffef841c582e|1731831604
.intentiq.com/ Name: ASDT
Value: 0
.intentiq.com/ Name: IQPData
Value: 95808134#1731831604471#0#1731831604471
.intentiq.com/ Name: intentIQCDate
Value: 1731831604473
.intentiq.com/ Name: CSDT
Value: UEQ6MTAwNDNfMCZVVU4ydjg3
.lijit.com/ Name: ljt_reader
Value: Jrk0AQZHaJmZlB_eTB-SppPB
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:955048CCC945450C82822B4622A3087B&KRTB&23486-uid:955048CCC945450C82822B4622A3087B&KRTB&23489-uid:955048CCC945450C82822B4622A3087B&KRTB&23539-uid:955048CCC945450C82822B4622A3087B
.pubmatic.com/ Name: PugT
Value: 1731831603
.rlcdn.com/ Name: rlas3
Value: alMEiO/6XRelvoZP8O1SSE6U+YotEiG+ccFV0YR/xbk=
.bfmio.com/ Name: __141_cid
Value: 955048CCC945450C82822B4622A3087B
.bfmio.com/ Name: __io_cid
Value: 193fe6329b0957cc737c5bd0328d2cfaa25f3ead
.yahoo.com/ Name: A3
Value: d=AQABBDSnOWcCECQu5BuS3f0vhVZq0rFQiY8FEgEBAQH4OmdDZ9xH0iMA_eMAAA&S=AQAAAv5d9Jxp6ef0FJP_taduJUU
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: bf60a502ebc6815ab8353e6ff83f22f0
.agkn.com/ Name: u
Value: C|0AAAAAAAALsxjtAAAAAAA
.rubiconproject.com/ Name: audit_p
Value: 1|vDFb6HlpF35MqvG5m2wBkUDRaZ3wabnWW6ATRCFjtwHRuZ+dvyOZuBKKKMw0/AX1WoIO6Wi07HRw0S94mtzOHxX1ClJMS060s8vYM4pkAilGUi7FQWeCTMBYBwrYNj+qKuQKS3/bOYQnkZfnr9l1TH3XUuBNKpaQwP3NzD435qNZYr2f2sSAEVDfv570ZGhx
.rubiconproject.com/ Name: khaos
Value: M3LBTMAA-1S-L63M
.rubiconproject.com/ Name: khaos_p
Value: M3LBTMAA-1S-L63M
.rubiconproject.com/ Name: audit
Value: 1|vDFb6HlpF35MqvG5m2wBkUDRaZ3wabnWW6ATRCFjtwHRuZ+dvyOZuBKKKMw0/AX1WoIO6Wi07HRw0S94mtzOHxX1ClJMS060s8vYM4pkAilGUi7FQWeCTMBYBwrYNj+qKuQKS3/bOYQnkZfnr9l1TH3XUuBNKpaQwP3NzD435qNZYr2f2sSAEVDfv570ZGhx
.rubiconproject.com/ Name: receive-cookie-deprecation
Value: 1
.pro-market.net/ Name: anHistory
Value: "15leagkz5946w+2+!#7%.%Z#_Z3"
.lijit.com/ Name: _ljtrtb_2
Value: 955048CCC945450C82822B4622A3087B
.exelator.com/ Name: EE
Value: "567bc69449559fcb1e37de051b64033f"
.analytics.yahoo.com/ Name: IDSYNC
Value: 176k~2lvk
.rlcdn.com/ Name: pxrc
Value: CLTO5rkGEgUI6AcQABIFCOhHEAA=
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQcHUzDwp2czSxMTS1NQyLTnJMNXYPCXVwNQwyczEwNg4bXFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDYYEl%252BUWb6otDgxUUpaQyLSopPBZ%252BcMxsAhnoqXA%253D%253D"
.pro-market.net/ Name: anProfile
Value: "15leagkz5946w+1+1f=1+1g=1+1j=57:1+rs=s+rt=2A0D56000024150010125E635E05DE13+s2=(sn35tg)+vm=24-955048CCC945450C82822B4622A3087B:53-CAESEHzn_ydIrEUBHeZ61vtHZ5c"
.pippio.com/ Name: did
Value: cswVpMFcG6o4dD4y
.pippio.com/ Name: didts
Value: 1731831604
.pippio.com/ Name: nnls
Value:
.pippio.com/ Name: pxrc
Value: CLTO5rkGEgYIgr0rEAA=
.linkedin.com/ Name: li_sugr
Value: 0b5c521e-07a3-4f1c-b944-a5c7519bc322
.linkedin.com/ Name: bcookie
Value: "v=2&07d5bf3c-02d5-484d-8e6b-6c6419edf300"
.linkedin.com/ Name: lidc
Value: "b=VGST05:s=V:r=V:a=V:p=V:g=3233:u=1:x=1:i=1731831604:t=1731918004:v=2:sig=AQFAQb2361ulCAYy47xiKNqGMl-VLQyO"
.smartadserver.com/ Name: pid
Value: 8801285303318459412
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: csync
Value: 133:e56754cc73
.ads.stickyadstv.com/ Name: UID
Value: ce5e64d72c3a496a7a93a439fac3421
.ads.stickyadstv.com/ Name: uid-bp-26865
Value: 955048CCC945450C82822B4622A3087B

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

09de430d-d1e2-4487-9620-e2a6a0f2d370.rlets.com
aa.agkn.com
ads.stickyadstv.com
bat.bing.com
bcp.crwdcntrl.net
capture-api.reachlocalservices.com
cdn.rlets.com
ce.lijit.com
clients1.google.com
cm.g.doubleclick.net
connect.facebook.net
cse.google.com
d.agkn.com
eb2.3lift.com
fault.rlets.com
fei.pro-market.net
fonts.googleapis.com
fonts.gstatic.com
freemiumleadsservice.localiq.com
googleads.g.doubleclick.net
i.simpli.fi
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
loadm.exelator.com
pbid.pro-market.net
pippio.com
pixel.rubiconproject.com
pixel.tapad.com
pubads.g.doubleclick.net
px.ads.linkedin.com
rtb-csync.smartadserver.com
s.ad.smaato.net
simplifi.partners.tremorhub.com
stags.bluekai.com
sync.1rx.io
sync.bfmio.com
sync.intentiq.com
tag.simpli.fi
td.doubleclick.net
theatrewinterhaven.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
stags.bluekai.com
100.25.81.54
107.178.254.65
13.225.63.74
142.250.80.66
142.251.40.98
148.72.78.8
151.101.194.62
18.238.49.101
2001:4998:14:800::1001
23.83.76.90
2600:1901:0:8eee::
2600:1f18:612b:4264:1b19:8b47:338b:3179
2600:9000:2141:3200:6:9a19:88c0:93a1
2600:9000:21da:8000:19:fc2c:a140:93a1
2600:9000:2840:8200:1b:5138:8a40:93a1
2600:9000:2840:b400:1b:6b7d:2300:93a1
2607:f8b0:4006:807::200e
2607:f8b0:4006:80a::2008
2607:f8b0:4006:80d::2003
2607:f8b0:4006:816::2004
2607:f8b0:4006:81c::200e
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81e::200a
2607:f8b0:4006:81f::2002
2607:f8b0:4006:81f::200e
2607:f8b0:4006:822::2002
2620:1ec:21::14
2620:1ec:33:1::10
2a03:2880:f00e:13:face:b00c:0:3
2a03:2880:f10e:83:face:b00c:0:25de
3.218.41.45
34.111.113.62
34.138.31.113
34.150.170.96
34.86.110.8
35.175.35.80
35.244.154.8
35.244.159.8
52.0.156.250
52.223.22.214
63.251.28.210
68.67.160.117
69.173.151.100
69.194.240.13
8.28.7.83
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0584decd9e130dbc5679f5b62661a255ecdfe23e2180d156b9f65ca8d01f8d38
06c7a1d3e3aab4b57cb76265e149c1c0101f4a696a7fcbccea2a531cefca8469
0a5dd7d2d36a09c18cd71963d4ecf337e9a5c321dfe0ef29fd78a741d1695e05
0c7e445be8aba4f06d2bc32fa4983abe12f59329f60f86c1a76164171e140bfb
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e
10235e05734f82cbf37a30d84733244e91c32647749d8720a88561d10bcba0f8
12288d905607f27a39505a85ebc5efab386d2a673594b05f11db93c408faca5b
1589bfe7ace6391d6ac6f9f60215d8b4b77f770e63dd6389f13523a3d0d8fab3
16a984a159a88bb6dc6437829381c3b6dfb4915638ba5a967cb4bfd9d0252878
1acda5dc3f8982d34c308da783d450a9ff4ca79ee6a2b27414bb6a7400ebfd15
1c445d2ae619f3e88627f553bd2f0e8ed5c4470d0b94624aab47c529a16cc010
224dfe46fe982613c3d798fa23a740523866877e27981ee3814c427978f852f8
23a7dc59fb1c1d587dde4864fc98913050d020bfa94567c4303d2a35298e426d
23eb134e746f1e5c265c5d33d045af48c444617adaa281fb993d6070bdc04c9f
25946407ffe7464efd7ca1123c553ed781409890e0f700b9492f402842e61e08
25980a992153bff902703eef4f97823196687026d3fb483c2f17ea8e8464d1ee
2936ab5d0f5a13aff6095fd54ed7e673c45afb70273f9f6e8f798ae4a87ab776
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
29966ce69e5cc846ac2cdce0a30e5d7797bb8334c9fe729534a205e25db16120
2a328cae02a4d83ba6485d74502e2dff2da6f3ca7760601bc925579d1e4a3bcf
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
32323463e11100d0c528b106384b2f233245d523e6285442d5d3bed7fd60b136
3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a
36d8bbd4e44a7c5987cec7ec57a79c611aa5ed3886a6d23ff8cda2161a052c16
3d7560abb48f8aa8e74373fb34f6da0df42e4359332c6f182aaf0671da86f4de
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
4036c5b5a6b7f83759558544aa72071cd8eed0fa684c8bcc36e8f785e7f928c4
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
43a683165a27224ef2d2717bd57c8c203aa570ce39140504d086562eefbb0f1f
43cdf46f331fec5ba92e402e3d5cad473099892cbdafca02e607cd03705104bf
4498d139af798037c0aba235558263582c4b970d63e8118091c8be9b168a38a4
45012f93c4cbd739c51f4043a3a1d3c8377272ef606dd39e51a6a81e02dad594
451b9ec6b2997fbb24746c1ebd5d4aa31f142bf766acf1e0fae4bd087abddfcf
45a2be788c9254fffe4a332f7b5131b4fe48c551ba2f1726a34cba4db3541020
47d477915fa5912616e2dc5df8c5780f9202671678cf275472bd39f3381c0098
4922a8859b315c354c23ad278e35483c6cf29aebf1c509c2c928c1f41634fe43
4923a44bef23c4825e6ac229b46e4188bdd09c32d4de1d8292df0682f35a75ed
4b3dbeecf46921246e986a63c23921664ee7af1e7375dc65a4826c7c92fd0ff8
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c0cc637858d6503cba9262f8be75740c29e853605a153a7bde46a6e2e367eb0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
51fa07edfdf5bdd6bdd18ef279afa2f683c0fd625e5ef50b9587934743469d5e
562cd3ea5b9986a885d58cd1de33e5d5ba546590cec9aa8e6d8e315b75c527cf
593ac639f7b6a3b6de766919b40ff748bedb63570719a55aec8f196ec7df742a
5faff818dc5b155f496c8f26d8a05634d255c2aa7a87385d9bc557fcf50a8c84
60f1b526f73cadfcecf31331815e8a748dac5fbf2d78fc9040404f38f374e6bf
63bf6a8cf2dba961cdaf128e28eddf9dec8c2a4fbfa3bb3f5dbf725b1544b728
661a1d0962a58f76bf40cb1f85086b8da9c1ba50d03b0947c37e1dc47d3520b9
69a15ba379260f131f7dfa2a5414cbdc48db661ac21d696773c7e67259255ca1
6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd
6abe150b430defc26f37d8a78ba2135b5a5564ac04222d966ae5046277b12f4d
6b697ee3c5b264b4bdb9ee3e96432e58cc5563ba7d7d466c0103767cc3bb3362
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
6c5e609d5d4c983be45c8b523daf05fcb91d1c32f6d10d771ab61578e0e9017a
6ca8050d203fbcb8613c5b13d0bf8cfccb60e97f82334702edd7a48d09489d68
6db83b2803fed3f9b574567755102b18c401904a374c8acf4c9a2e9b0159cb4f
6e98a18a98c9db7c4c2d9583c3c6a4e2a6ae2cba314af1f0c513b9f63d65862a
6f3678578e1fcd6df957011ade74254df8311409fd8e039246566c362a686be9
71620130f6e235adae3851594f3f6e606592953db85106f4c6b3974086f74cae
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a3820962c15d26c4cdc9eff4f8c66ed29f96e353b7893285cb14962d6a6956d
8b54d2ad716ecbf98e74d8f4f56ab179329b9f387a9d454d868d93bd9e61aaa3
8b904785b2133c35966b524ee1e149b88061016d480798f10a498d16267f1a18
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
968ab8ae6f33119ee267a11ce60920934e0d5e9d4714a3eb6b47cb9f05e42a0f
98e8554219cacc7b84e8784e66c4e85d19db374420267abd48de5d1ce8c25576
99e01f1eaf1c9c70794a563dd3ae46e882614f589317a43a57325e2b9faa2286
9f4598a86a420a96418a5ab9e10a368fa49c379c2459637a219641b01536daf3
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a5402de70228d4bf5379b518225b702918f6ae277e9293f9d16334c2b1fa31e3
a5593cfac4ce6ea49bc1b158c5f408d8061681b77e037fb052d041f902c413e7
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aa9f0cc78170ce1e34fd50564e59e59fe8ca9ba2241214375af8a440ae60088d
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
aedcd80986b89e0d6de60768279993c4b414a9d0909baf056948d60abd23afc5
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3a5719d8d55ca45c7250adb027137b4761fcc9e96173013fd8e92345afc9487
b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bf376bda577cabdec91f4e3f27597af77cb736bd548e87e987e1ee97e0549f1c
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c4a9e329a89541f01a8b577ceea8d57684c0cca2c0de71f33ae55f5487454727
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
ccfb7762be932f26ce547d4bb7477b61cb54b3addd78b1c721738de5d2fdb4ec
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0737805b70de87ae8f852926e2084e56e0a963f771d65e22582e229ad3b556c
d271120b283f037391dcecfb7e65de5ac6d4feaf3a990ba2a4a2d5289a40333e
d480de66b420ea6afb356fe87de6fe62f5cbbd08662f077ff2edae95a2b900df
d74e5970c4ad983e2d9cddf8598231b9133452339b1b23354ad8a783d39dd6b9
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
da342304a5d41b780a68df25dc5c8dca3acc843ca4bfb73935cbdf9cf03a69ff
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e26ed759335204be6103f18aa3c3b759db9dfe56d3ba100f62bc6ddfc1400d94
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb2921f1465ff76f0abb60b713f812dad2a49a7b050630c01a95f29635dcb59b
ecb5cd9d06c42427d7e95ed92a4196447ad545ac74da5cac40861a491678bf30
ecbef0f33e8ccedd2c605816e052cfff778abcc0e30a80b874c097a5fddd24fc
ecdafd6f787ded03168486561409fa73c581d0c31c3215255b9e9de75b8c31c5
ee16e195eeef694ffa4f93f5d1688a21ab150f6222d46d419ea1dd1e25a0cc13
eec4b591a29ccc760ab4a0d78f2ed3d9c6d902dc08974cad61f3d6477a9ad0c6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f11881a89ad5ebdbfe75b6a82c4f1359bef968b54a8e006b0b677688ecfeb581
f18e2a4fa4a13217258c0bdcae26b0466602345e1a3c618630755b19eceb500d
f1b477898af01dada83f9eb29b510feba8650cfd970ab0e9f3a8cf8d50b1d059
f98cd3c4b9457469cbff9dfabd0c41d8a3356917442003e0d39d0591880924e8
fc8a742194347bc8cc92730ef97fb2dd5413b5fcb5862af37ad552cd6e8c3d38
fcbad912a7693f00c9e02d8fb766d075849b5dcf067c6655158b099aa3e8aee1
fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1
fe1fe98bf4992245660e1b9747dbf026144e23d39edd9a6b78d4aeea667d4d47