travel.oregon.aaa.com Open in urlscan Pro
52.205.91.253  Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://click.email-aaaoregon.com/?qs=9f87214f10e6af999a6eac488178db54db78b38f4b7c49b75a6264b8d2102bcf14154fcb8308be0abdb994957abe7d88ce5245013f3b77c5 HTTP 302
   https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Page URL
   

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

• https://cm.everesttech.net/cm/dd?d_uuid=47184707640258246103906800018426211135 HTTP 302
• https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yfmd5QAAAKv6kgP0

Request Chain 34

• https://googleads.g.doubleclick.net/pagead/viewthroughconversion/997673764/?random=1643748837546&cv=9&fst=1643748837546&num=1&fmt=3&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&hn=www.googleadservices.com&async=1 HTTP 302
• https://www.google.com/pagead/1p-user-list/997673764/?random=1643748837546&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&is_vtc=1&random=1825566134&resp=GooglemKTybQhCsO HTTP 302
• https://www.google.de/pagead/1p-user-list/997673764/?random=1643748837546&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&is_vtc=1&random=1825566134&resp=GooglemKTybQhCsO&ipr=y

Request Chain 36

• https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994252266/?random=1643748837547&cv=9&fst=1643748837547&num=1&fmt=3&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&hn=www.googleadservices.com&async=1 HTTP 302
• https://www.google.com/pagead/1p-user-list/994252266/?random=1643748837547&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&is_vtc=1&random=244924652&resp=GooglemKTybQhCsO HTTP 302
• https://www.google.de/pagead/1p-user-list/994252266/?random=1643748837547&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&is_vtc=1&random=244924652&resp=GooglemKTybQhCsO&ipr=y

Request Chain 39

• https://googleads.g.doubleclick.net/pagead/viewthroughconversion/768643034/?random=1643748837549&cv=9&fst=1643748837549&num=1&fmt=3&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&hn=www.googleadservices.com&async=1 HTTP 302
• https://www.google.com/pagead/1p-user-list/768643034/?random=1643748837549&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&is_vtc=1&random=2508802087&resp=GooglemKTybQhCsO HTTP 302
• https://www.google.de/pagead/1p-user-list/768643034/?random=1643748837549&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&is_vtc=1&random=2508802087&resp=GooglemKTybQhCsO&ipr=y

Request Chain 59

• https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=47184707640258246103906800018426211135&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d47184707640258246103906800018426211135 HTTP 302
• https://dpm.demdex.net/ibs:dpid=269&dpuuid=55f961f9-9de5-4000-bea4-f9bff022b3a3&ddsuuid=47184707640258246103906800018426211135

Request Chain 73

• https://travel.oregon.aaa.com/resources/ncnu/orbit-logo.svg HTTP 303
• https://assets.blue.kube.tstllc.net/resources/ncnu/orbit-logo.svg

Request Chain 77

• https://pm.w55c.net/ping_match.gif?st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_ HTTP 302
• https://pm.w55c.net/ping_match.gif?scc=1&st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_ HTTP 302
• https://dpm.demdex.net/ibs:dpid=359&dpuuid=RBh12soJ1Nf0a25

Request Chain 83

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2359516&time=1643748838180&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2359516%26time%3D1643748838180%26url%3Dhttps%253A%252F%252Ftravel.oregon.aaa.com%252Fpromos%252Fromantic-retreats%253Fcmpid%253Dint_eml_out_txx-0222-nwslttr%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2359516&time=1643748838180&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2359516&time=1643748838180&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&liSync=true&e_ipv6=AQJX9uxkcCOh9QAAAX63EM0tHtk2L3fNXK5bbd4OujUYtDDmBh8Bu77reY8hraQBngj-gfcwdg

Request Chain 85

• https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/newyork-3-1080.jpg HTTP 302
• https://assets.blue.kube.tstllc.net/images/common/bgs/photo/newyork-3-1080.jpg?url=null%3FcacheBuster%3D0.09996987698299864

Request Chain 86

• https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/charleston_1920.jpg HTTP 302
• https://assets.blue.kube.tstllc.net/images/common/bgs/photo/charleston_1920.jpg?url=null%3FcacheBuster%3D0.9395544552113226

Request Chain 87

• https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/hiltonhead.jpg HTTP 302
• https://assets.blue.kube.tstllc.net/images/common/bgs/photo/hiltonhead.jpg?url=null%3FcacheBuster%3D0.31082897171332613

Request Chain 88

• https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/nashville-1-1080.jpg HTTP 302
• https://assets.blue.kube.tstllc.net/images/common/bgs/photo/nashville-1-1080.jpg?url=null%3FcacheBuster%3D0.1297306827117639

Request Chain 89

• https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/austin-1-1080.jpg HTTP 302
• https://assets.blue.kube.tstllc.net/images/common/bgs/photo/austin-1-1080.jpg?url=null%3FcacheBuster%3D0.9428261148598367

Request Chain 90

• https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/miami-1-1080.jpg HTTP 302
• https://assets.blue.kube.tstllc.net/images/common/bgs/photo/miami-1-1080.jpg?url=null%3FcacheBuster%3D0.38751871264223814

Request Chain 91

• https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/sanfrancisco-1-1080.jpg HTTP 302
• https://assets.blue.kube.tstllc.net/images/common/bgs/photo/sanfrancisco-1-1080.jpg?url=null%3FcacheBuster%3D0.30742555363549817

Request Chain 92

• https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/lajolla-1-1080.jpg HTTP 302
• https://assets.blue.kube.tstllc.net/images/common/bgs/photo/lajolla-1-1080.jpg?url=null%3FcacheBuster%3D0.17096688362365575

Request Chain 93

• https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/beijing-1-1080.jpg HTTP 302
• https://assets.blue.kube.tstllc.net/images/common/bgs/photo/beijing-1-1080.jpg?url=null%3FcacheBuster%3D0.8637406388132429

Request Chain 97

• https://idsync.rlcdn.com/365868.gif?partner_uid=47184707640258246103906800018426211135 HTTP 307
• https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomNDcxODQ3MDc2NDAyNTgyNDYxMDM5MDY4MDAwMTg0MjYyMTExMzUQABoNCOa75o8GEgUI6AcQAEIASgA HTTP 307
• https://dpm.demdex.net/ibs:dpid=477&dpuuid=36b5a4748b09a28c33e9f5d000168646e1d2863ec8cefa5ec3e66918c799daceb0da87c991749652

Request Chain 104

• https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D HTTP 302
• https://dpm.demdex.net/ibs:dpid=470&dpuuid=7049021469954091856

Request Chain 112

• https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1 HTTP 302
• https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1 HTTP 302
• https://dpm.demdex.net/ibs:dpid=903&dpuuid=39b70a51-49bd-4db0-b980-c636e62c6eef

Request Chain 113

• https://ps.eyeota.net/match?bid=6j5b2cv&uid=47184707640258246103906800018426211135&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D HTTP 302
• https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D

Request Chain 114

• https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=47184707640258246103906800018426211135&gdpr=0&gdpr_consent= HTTP 302
• https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-DisL84NE2pEtGDZHnIdECzvJotfau4xek4I-~A

Request Chain 116

• https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID) HTTP 302
• https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ6970352391838275343&uid=Q6970352391838275343&ref=%2Feucm%2Fp%2Fadpq HTTP 302
• https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 118

• https://ads.scorecardresearch.com/p?c1=9&c2=6034944&c3=2&cs_xi=47184707640258246103906800018426211135&rn=1643748837491&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D47184707640258246103906800018426211135 HTTP 302
• https://ads.scorecardresearch.com/p2?c1=9&c2=6034944&c3=2&cs_xi=47184707640258246103906800018426211135&rn=1643748837491&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D47184707640258246103906800018426211135 HTTP 302
• https://dpm.demdex.net/ibs:dpid=73426&dpuuid=47184707640258246103906800018426211135

Request Chain 119

• https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=47184707640258246103906800018426211135?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
• https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/tpid=47184707640258246103906800018426211135?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
• https://dpm.demdex.net/ibs:dpid=121998&dpuuid=62843101490b7c1708beb83337f6c4a

Request Chain 120

• https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWZtZDVRQUFBS3Y2a2dQMA==

Request Chain 121

• https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
• https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yfmd5QAAAKv6kgP0&expires=90

Request Chain 125

• https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yfmd5QAAAKv6kgP0 HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yfmd5QAAAKv6kgP0&C=1

Request Chain 126

• https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
• https://ib.adnxs.com/setuid?entity=158&code=Yfmd5QAAAKv6kgP0 HTTP 307
• https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYfmd5QAAAKv6kgP0

Request Chain 127

• https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
• https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yfmd5QAAAKv6kgP0

Request Chain 129

• https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
• https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yfmd5QAAAKv6kgP0

Request Chain 130

• https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
• https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yfmd5QAAAKv6kgP0&img=1 HTTP 302
• https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yfmd5QAAAKv6kgP0&img=1&__user_check__=1&sync_id=14d6d8c7-83a1-11ec-8a09-1bce7de30306

Request Chain 132

• https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
• https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yfmd5QAAAKv6kgP0&t=2592000&o=0

Request Chain 133

• https://g2.gumgum.com/adobe/s2s HTTP 302
• https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_ecaa9343-ae00-4df0-8b47-7d602c28b98c

Request Chain 134

• https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent= HTTP 303
• https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
• https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AALw1E7D8zwAAAdlLZj-Hw?gdpr=0

Request Chain 137

• https://sync.srv.stackadapt.com/sync?nid=adobe HTTP 302
• https://dpm.demdex.net/ibs:dpid=390122&dpuuid=8nJ3dp-CQRp08encYQCmQ8EbDgo

138 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request romantic-retreats Show response travel.oregon.aaa.com/promos/ Redirect Chain http://click.email-aaaoregon.com/?qs=9f87214f10e6af999a6eac488178db54db78b38f4b7c49b75a6264b8d2102bcf14154fcb8308be0abdb994957abe7d88ce5245013f3b77c5 https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr	42 KB 11 KB	836ms 599ms	Document text/html	52.205.91.253 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.205.91.253 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-205-91-253.compute-1.amazonaws.com Software / Express Resource Hash 5ace1547d339b4a9996234d54bef7b4a30596ad28c7b489a21791c8be2d17e52 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Tue, 01 Feb 2022 20:53:56 GMT content-type text/html; charset=utf-8 x-powered-by Express etag W/"a9ea-5Zh8MgfZ4RrR0SJd+Q/oOGlIaPI" vary Accept-Encoding content-encoding gzip content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com strict-transport-security max-age=31536000; includeSubDomains Redirect headers Cache-Control private Content-Type text/html; charset=utf-8 Location https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Date Tue, 01 Feb 2022 20:53:54 GMT Connection close Content-Length 206
GET H2	200	icon fonts.googleapis.com/	569 B 868 B	40ms 17ms	Stylesheet text/css	2a00:1450:4001:803::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/icon?family=Material+Icons Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash d44a3249e2be052d683c7b58d03890937199b056a6313bd7ae0834281a70a2d6 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 01 Feb 2022 20:53:56 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Tue, 01 Feb 2022 20:53:56 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 01 Feb 2022 20:53:56 GMT
GET H2	200	antd.css travel.oregon.aaa.com/web-services/assets/stylesheets/	539 KB 62 KB	105ms 104ms	Stylesheet text/css	52.205.91.253 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://travel.oregon.aaa.com/web-services/assets/stylesheets/antd.css Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.205.91.253 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-205-91-253.compute-1.amazonaws.com Software / Express Resource Hash 060198d51a95c0ef3cd3ec467522a7bf45deab6194badabf37f485d7d242d55a Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:56 GMT content-encoding gzip etag W/"86bf1-17e9c26f978" last-modified Thu, 27 Jan 2022 15:28:27 GMT x-powered-by Express vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=0 content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com strict-transport-security max-age=31536000; includeSubDomains accept-ranges bytes
GET H2	200	accordion-menu.css travel.oregon.aaa.com/admin/assets/stylesheets/	23 KB 5 KB	107ms 105ms	Stylesheet text/css	52.205.91.253 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://travel.oregon.aaa.com/admin/assets/stylesheets/accordion-menu.css Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.205.91.253 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-205-91-253.compute-1.amazonaws.com Software / Express Resource Hash 5a6c087bd230e0833b16a80890a2771edceb70f7ec087965db5a43249d24e82b Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:56 GMT content-encoding gzip etag W/"5d3a-17e5ebaea18" last-modified Sat, 15 Jan 2022 17:13:35 GMT x-powered-by Express vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=0 content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com strict-transport-security max-age=31536000; includeSubDomains accept-ranges bytes
GET H2	200	main.css travel.oregon.aaa.com/admin/assets/stylesheets/	237 KB 57 KB	107ms 106ms	Stylesheet text/css	52.205.91.253 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://travel.oregon.aaa.com/admin/assets/stylesheets/main.css Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.205.91.253 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-205-91-253.compute-1.amazonaws.com Software / Express Resource Hash cc92a34d4f80b00b778cae0c189a12743bfba6cfcf344857a927ccfb3751580e Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:56 GMT content-encoding gzip etag W/"3b48a-17e5ebaea18" last-modified Sat, 15 Jan 2022 17:13:35 GMT x-powered-by Express vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=0 content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com strict-transport-security max-age=31536000; includeSubDomains accept-ranges bytes
GET H2	200	app-styles.css travel.oregon.aaa.com/monthly-deals/assets/stylesheets/	1 MB 416 KB	107ms 105ms	Stylesheet text/css	52.205.91.253 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://travel.oregon.aaa.com/monthly-deals/assets/stylesheets/app-styles.css Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.205.91.253 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-205-91-253.compute-1.amazonaws.com Software / Express Resource Hash 4dabfa5a81af0dd62510f9756e1b3f80c5c3410d9dbb0806d99475b91ccef49e Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:56 GMT content-encoding gzip etag W/"17cd64-17e49e0fe48" last-modified Tue, 11 Jan 2022 16:03:09 GMT x-powered-by Express vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=0 content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com strict-transport-security max-age=31536000; includeSubDomains accept-ranges bytes
GET H2	200	stylesheet.css api.blue.kube.tstllc.net/v1/licensees/ORA/layout/	45 B 434 B	444ms 110ms	Stylesheet text/css	3.227.89.185 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.blue.kube.tstllc.net/v1/licensees/ORA/layout/stylesheet.css Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_256_GCM Server 3.227.89.185 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-227-89-185.compute-1.amazonaws.com Software / Resource Hash 0a91d05b805d52abf7cda15a81b7b55b1fa5647d7cb78c843eb1bb2aa0877405 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip vary Accept-Encoding,Origin content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com content-length 71 strict-transport-security max-age=31536000; includeSubDomains content-type text/css
GET H2	200	font-awesome.css netdna.bootstrapcdn.com/font-awesome/3.2.1/css/	27 KB 6 KB	372ms 127ms	Stylesheet text/css	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 22a22e76f4de930e54dd33af00c71b68828847409e5e79787df5224dd9776c6f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 601 age 5247498 cdn-cachedat 08/03/2021 17:42:29 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cdn-proxyver 1.0 timing-allow-origin * access-control-allow-origin * last-modified Mon, 25 Jan 2021 22:04:51 GMT server cloudflare cdn-requestpullcode 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type text/css; charset=utf-8 cdn-cache HIT vary Accept-Encoding cache-control public, max-age=31919000 cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestid 9026c9e4abb125cb82a6f9e5488a7cfc cf-ray 6d6e12775f1e59e3-MXP cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	launch-9636619f7fc9.min.js Show response assets.adobedtm.com/5ddcd7778a26/796eaa550a09/	281 KB 82 KB	402ms 21ms	Script application/x-javascript	72.247.225.88 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.225.88 Berlin, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a72-247-225-88.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 5520dec99258b67ebb3f9c54ce8e992dc2107bac051948864f16d83be2c0a4bf Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip last-modified Thu, 20 Jan 2022 16:24:42 GMT server AkamaiNetStorage etag "01ec2fa927b14fd5e417f9d61601b070:1642695882.031324" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://travel.oregon.aaa.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 83384 expires Tue, 01 Feb 2022 21:53:57 GMT
GET H2	403	header.js oregon.aaa.com/etc/clientlibs/aaa-orid-web/remote/	0 0	291ms 96ms	Script text/html	45.60.150.98 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://oregon.aaa.com/etc/clientlibs/aaa-orid-web/remote/header.js Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.98 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET		footer.js oregon.aaa.com/etc/clientlibs/aaa-orid-web/remote/	0 0
GET H2	200	app-bundle.js Show response travel.oregon.aaa.com/monthly-deals/assets/resource/js/	3 MB 704 KB	107ms 107ms	Script application/javascript	52.205.91.253 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://travel.oregon.aaa.com/monthly-deals/assets/resource/js/app-bundle.js Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.205.91.253 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-205-91-253.compute-1.amazonaws.com Software / Express Resource Hash 4171eab8902be9ecc5e1b52b19226c0333f518c07ea4ca338b749007a5d3cda3 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip etag W/"2ddf8f-17e49e0fe48" last-modified Tue, 11 Jan 2022 16:03:09 GMT x-powered-by Express vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=0 content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com strict-transport-security max-age=31536000; includeSubDomains accept-ranges bytes
GET H2	200	vendors-bundle.js Show response travel.oregon.aaa.com/monthly-deals/assets/resource/js/	1 MB 320 KB	108ms 107ms	Script application/javascript	52.205.91.253 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://travel.oregon.aaa.com/monthly-deals/assets/resource/js/vendors-bundle.js Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.205.91.253 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-205-91-253.compute-1.amazonaws.com Software / Express Resource Hash 66fbfb1b83f4f28e1ad24e179b4c32004313cfdfd9067dfa843062623446e270 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip etag W/"144b98-17e49e0fe48" last-modified Tue, 11 Jan 2022 16:03:09 GMT x-powered-by Express vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control public, max-age=0 content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com strict-transport-security max-age=31536000; includeSubDomains accept-ranges bytes
GET H/1.1	200 OK	id Show response dpm.demdex.net/	5 KB 2 KB	166ms 40ms	XHR application/json	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F5237FF958248ED40A495E58%40AdobeOrg&d_nsid=0&ts=1643748837345 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash 9e24e9a41885b211e03c66ae07e28c2b663c1196252d9817bf69a58cf6bd5864 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://travel.oregon.aaa.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers DCS dcs-prod-irl1-2-v027-04eb20598.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-TID 4xZU2iXBRus= Vary Origin P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin https://travel.oregon.aaa.com Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Access-Control-Allow-Credentials true Connection keep-alive Content-Type application/json;charset=utf-8 Content-Length 1654 Expires Thu, 01 Jan 1970 00:00:00 UTC
GET H2	200	AppMeasurement.min.js Show response assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/	33 KB 12 KB	21ms 20ms	Script application/x-javascript	72.247.225.88 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/AppMeasurement.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.225.88 Berlin, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a72-247-225-88.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 04d439e000eb278a036c741b3a0b3ddb4b22087ff0bbb9342a6be5dc7d1ab60a Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip last-modified Mon, 18 Oct 2021 21:37:16 GMT server AkamaiNetStorage etag "820eb42f3120ddf65e303b24a8285815:1634593036.305122" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://travel.oregon.aaa.com cache-control no-cache accept-ranges bytes timing-allow-origin * content-length 12200 expires Tue, 01 Feb 2022 21:53:57 GMT
GET H2	200	AppMeasurement_Module_ActivityMap.min.js Show response assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/	3 KB 2 KB	22ms 21ms	Script application/x-javascript	72.247.225.88 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/AppMeasurement_Module_ActivityMap.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.225.88 Berlin, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a72-247-225-88.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 99affd7a1c868ecf15a0789fc85e87ca23ae783e7916aee316e6282d9777369c Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip last-modified Mon, 18 Oct 2021 21:37:16 GMT server AkamaiNetStorage etag "abbe69e5c8f385f00652c3d0c2bba347:1634593036.557115" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://travel.oregon.aaa.com cache-control no-cache accept-ranges bytes timing-allow-origin * content-length 1594 expires Tue, 01 Feb 2022 21:53:57 GMT
GET H2	200	AppMeasurement_Module_AudienceManagement.min.js Show response assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/	25 KB 9 KB	24ms 23ms	Script application/x-javascript	72.247.225.88 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/AppMeasurement_Module_AudienceManagement.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.225.88 Berlin, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a72-247-225-88.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 44495f451ea005302e82089cb8c166acd5e909b5862efc2fcba7f8249ff4469f Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip last-modified Mon, 18 Oct 2021 21:37:16 GMT server AkamaiNetStorage etag "66be6e24d6b0c77126d28b9abcd4eb38:1634593036.81505" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://travel.oregon.aaa.com cache-control no-cache accept-ranges bytes timing-allow-origin * content-length 8761 expires Tue, 01 Feb 2022 21:53:57 GMT
GET H2	200	AAA_ForeSeeAPI.js Show response www.aaa.com/configuration/	5 KB 3 KB	55ms 11ms	Script application/x-javascript	45.60.64.121 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.aaa.com/configuration/AAA_ForeSeeAPI.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.64.121 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash 15f1fde7deb1f2cfecb62abe9d99d230384ecbb429e962bd449f4259e64fbec6 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:56 GMT content-encoding gzip last-modified Thu, 31 Oct 2019 18:48:40 GMT x-cdn Imperva etag "be86fecf1b90d51:0" content-type application/x-javascript x-iinfo 5-137263599-0 0CNN RT(1643748836441 0) q(0 -1 -1 2) r(0 -1) cache-control max-age=64880, public content-length 2396 expires Wed, 02 Feb 2022 14:55:16 GMT
GET H2	200	AAA_ActionTags.js Show response www.aaa.com/configuration/SEM/	55 KB 14 KB	57ms 14ms	Script application/x-javascript	45.60.64.121 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.aaa.com/configuration/SEM/AAA_ActionTags.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.64.121 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash 7fde221486c3e05f825980fec689e0671182230722188921d256b58a7383d9cb Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:56 GMT content-encoding gzip last-modified Tue, 09 Jul 2019 18:06:54 GMT x-cdn Imperva etag "facf8178136d51:0" content-type application/x-javascript x-iinfo 5-137263600-0 0CNN RT(1643748836441 0) q(0 -1 -1 2) r(0 -1) cache-control max-age=61906, public content-length 14094 expires Wed, 02 Feb 2022 14:05:42 GMT
GET H2	200	dm_gtm.js Show response www.aaa.com/aaa/common/javascripts/	1 KB 1 KB	52ms 9ms	Script application/x-javascript	45.60.64.121 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.aaa.com/aaa/common/javascripts/dm_gtm.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.64.121 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash 059d3c257d61801506bdc30c1cfcc61fbdf4c5c94a4163bc0c62ee153253b609 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:56 GMT content-encoding gzip last-modified Mon, 07 Jan 2019 21:13:43 GMT x-cdn Imperva etag "585c9fdecda6d41:0" content-type application/x-javascript x-iinfo 5-137263601-0 0CNN RT(1643748836442 0) q(0 -1 -1 -1) r(0 -1) cache-control max-age=3600, public content-length 884 expires Tue, 01 Feb 2022 21:53:56 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	98 KB 39 KB	65ms 37ms	Script application/javascript	2a00:1450:4001:813::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=AW-1068577810 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 97ce6e4abb4d6d6d25e236992e51344a77231677ed002f782946345165a8c275 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 39582 x-xss-protection 0 last-modified Tue, 01 Feb 2022 18:57:08 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 01 Feb 2022 20:53:57 GMT
GET H2	200	jquery-2.2.4.min.js Show response code.jquery.com/	84 KB 29 KB	68ms 27ms	Script application/javascript	2001:4de0:ac18::1:a:3b HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-2.2.4.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Request headers Referer https://travel.oregon.aaa.com/ Origin https://travel.oregon.aaa.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip last-modified Fri, 20 Aug 2021 17:47:53 GMT server nginx etag W/"611feac9-14e4a" vary Accept-Encoding x-hw 1643748837.dop028.ml1.t,1643748837.cds213.ml1.hn,1643748837.cds220.ml1.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 29811
GET H2	403	header.js oregon.aaa.com/etc/clientlibs/aaa-orid-web/remote/	0 0	293ms 105ms	Script text/html	45.60.150.98 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://oregon.aaa.com/etc/clientlibs/aaa-orid-web/remote/header.js Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.98 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers
GET H2	200	gtm.js Show response www.googletagmanager.com/	298 KB 75 KB	35ms 34ms	Script application/javascript	2a00:1450:4001:813::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash dba7a572b7986dbb3ed55830ced970eea62bb2331ceb4850a78b9d7706f9e089 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 77083 x-xss-protection 0 last-modified Tue, 01 Feb 2022 18:57:08 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 01 Feb 2022 20:53:57 GMT
GET H2	200	inspectlet.js Show response cdn.inspectlet.com/	188 KB 62 KB	482ms 226ms	Script text/javascript	2606:4700:10::6816:39f5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.inspectlet.com/inspectlet.js?wid=696719950&r=456596 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:39f5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers cf-ray 6d6e127c0dab3004-BOS date Tue, 01 Feb 2022 20:53:57 GMT via 1.1 vegur cf-cache-status EXPIRED last-modified Tue, 01 Feb 2022 20:52:35 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/javascript;charset=UTF-8 cache-control s-maxage=60, max-age=14400 content-encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	conversion_async.js Show response www.googleadservices.com/pagead/	39 KB 15 KB	51ms 24ms	Script text/javascript	142.250.185.130 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googleadservices.com/pagead/conversion_async.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=AW-1068577810 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.185.130 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra16s50-in-f2.1e100.net Software cafe / Resource Hash 63158f73aa9f4d442cf349762c6beac9fcf35c14c3376888e728164acfde3b86 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14855 x-xss-protection 0 server cafe etag 17539559064140624452 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 timing-allow-origin * expires Tue, 01 Feb 2022 20:53:57 GMT
GET H/1.1	200 OK	dest5.html Show response aaanortheast.demdex.net/ Frame 3F0D	7 KB 3 KB	119ms 30ms	Document text/html	52.211.32.39 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://aaanortheast.demdex.net/dest5.html?d_nsid=0 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.211.32.39 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-211-32-39.eu-west-1.compute.amazonaws.com Software / Resource Hash 7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ Response headers Accept-Ranges bytes Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private content-encoding gzip Content-Type text/html;charset=UTF-8 date Tue, 1 Feb 2022 20:53:57 GMT DCS dcscanary-prod-irl1-1-v032-0f11ad0fe.edge-irl1.demdex.com UNKNOWN Expires Thu, 01 Jan 1970 00:00:00 UTC last-modified Wed, 19 Jan 2022 14:37:04 GMT P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains vary accept-encoding X-TID aNfqMBsFRKs= Content-Length 2791 Connection keep-alive
GET H2	200	id Show response mcdmetrics.aaa.com/	48 B 509 B	56ms 16ms	XHR application/x-javascript	13.36.218.177 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://mcdmetrics.aaa.com/id?d_visid_ver=5.2.0&d_fieldgroup=A&mcorgid=F5237FF958248ED40A495E58%40AdobeOrg&mid=47407367178275330923929011543116154745&ts=1643748837521 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-36-218-177.eu-west-3.compute.amazonaws.com Software jag / Resource Hash 2a7dd7a6d5625b93afca4784f2674d9dcdb3b23bf5a71bbe38217b99f46f02ed Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://travel.oregon.aaa.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server jag xserver anedge-cdfbd77b-nvch6 vary Origin x-c main-1585.I7afc85.M0-540 p3p CP="This is not a P3P policy" access-control-allow-origin https://travel.oregon.aaa.com cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true strict-transport-security max-age=31536000; includeSubDomains content-type application/x-javascript;charset=utf-8 content-length 48 x-xss-protection 1; mode=block
GET H/1.1	200 OK	ibs:dpid=411&dpuuid=Yfmd5QAAAKv6kgP0 dpm.demdex.net/ Redirect Chain https://cm.everesttech.net/cm/dd?d_uuid=47184707640258246103906800018426211135 https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yfmd5QAAAKv6kgP0	42 B 945 B	34ms 34ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yfmd5QAAAKv6kgP0 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-1-v027-0a1e7b08a.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID cpVffyDHRkM= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yfmd5QAAAKv6kgP0 Date Tue, 01 Feb 2022 20:53:57 GMT Cache-Control no-cache Server AMO-cookiemap/1.1 Connection keep-alive Content-Length 0 P3P CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
GET H2	200	json Show response mcdmetrics2.aaa.com/m2/aaanortheast/mbox/	552 B 1002 B	157ms 39ms	XHR application/json	52.31.113.161 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://mcdmetrics2.aaa.com/m2/aaanortheast/mbox/json?mbox=target-global-mbox&mboxSession=fa203528cc644cafb2de4bd3f2f48104&mboxPC=&mboxPage=32d275b45760470bbd8833d10c384c7e&mboxRid=8f949b13f5bc4c2489098ea990ccc030&mboxVersion=1.8.2&mboxCount=1&mboxTime=1643748837357&mboxHost=travel.oregon.aaa.com&mboxURL=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&mboxReferrer=&mboxXDomain=enabled&browserHeight=1200&browserWidth=1600&browserTimeOffset=0&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=Intel%20Iris%20OpenGL%20Engine&mboxMCSDID=7C0D1C01A3DE33F0-313B4C5E0A36ED64&vst.trk=mcdmetric.aaa.com&vst.trks=mcdmetrics.aaa.com&mboxMCGVID=47407367178275330923929011543116154745&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.31.113.161 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-31-113-161.eu-west-1.compute.amazonaws.com Software / Resource Hash 0c2889c03896d4cf778ca41b2ec1cacf8748951d3c96ec9533e47e6896b53c8c Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip content-type application/json;charset=UTF-8 vary Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers p3p CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" access-control-allow-origin https://travel.oregon.aaa.com cache-control no-cache access-control-allow-credentials true timing-allow-origin * x-request-id 8f949b13f5bc4c2489098ea990ccc030
GET H2	200	bat.js Show response bat.bing.com/	36 KB 11 KB	64ms 30ms	Script application/javascript	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJ469T8&l=aaa_gtm_dm Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash dfed159907574337d5a3198b898e17e6f0d6c5c325d8ee2fd2343b7cddb34994 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:56 GMT content-encoding gzip last-modified Fri, 03 Dec 2021 01:53:50 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 03DC12B0E3E34456B8D5A03BCAF413C6 Ref B: FRAEDGE1218 Ref C: 2022-02-01T20:53:57Z etag "0cb09ee8e7d71:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript access-control-allow-origin * cache-control private,max-age=1800 accept-ranges bytes content-length 10468
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/	2 KB 1 KB	47ms 20ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/995747453/?random=1643748837542&cv=9&fst=1643748837542&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 55c16aeb28c6c7b3205f386bdce29b68ab3050ef9528c65f7ec60775c4773b1a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1061 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/933849799/	2 KB 1 KB	44ms 19ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/933849799/?random=1643748837544&cv=9&fst=1643748837544&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e813ac9cb4f67d7b33b3b0018cb04eb776c1abc6ea4bb310e266c6ed98748873 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1061 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/994591697/	2 KB 1 KB	45ms 20ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994591697/?random=1643748837545&cv=9&fst=1643748837545&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 1f7d0db357782c5313280f2c0d1866699233eded789f292c2f4edbcf16c0334e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1062 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/1068577810/	2 KB 2 KB	43ms 19ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1068577810/?random=1643748837546&cv=9&fst=1643748837546&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1v0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 6ebd17d884f0bcbdd480c64ac4e540185c6968218718e25858702256b1560f53 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1087 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/997673764/ Redirect Chain https://googleads.g.doubleclick.net/pagead/viewthroughconversion/997673764/?random=1643748837546&cv=9&fst=1643748837546&num=1&fmt=3&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=16... https://www.google.com/pagead/1p-user-list/997673764/?random=1643748837546&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_npl... https://www.google.de/pagead/1p-user-list/997673764/?random=1643748837546&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplu...	42 B 108 B	21ms 21ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/997673764/?random=1643748837546&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&is_vtc=1&random=1825566134&resp=GooglemKTybQhCsO&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/gif location https://www.google.de/pagead/1p-user-list/997673764/?random=1643748837546&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&is_vtc=1&random=1825566134&resp=GooglemKTybQhCsO&ipr=y cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/962827280/	2 KB 1 KB	45ms 22ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/962827280/?random=1643748837547&cv=9&fst=1643748837547&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 40ef68eac836215630a8bf9c04244cdd07d6f84199f49dc227a70885672596a6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1061 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/994252266/ Redirect Chain https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994252266/?random=1643748837547&cv=9&fst=1643748837547&num=1&fmt=3&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=16... https://www.google.com/pagead/1p-user-list/994252266/?random=1643748837547&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_npl... https://www.google.de/pagead/1p-user-list/994252266/?random=1643748837547&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplu...	42 B 108 B	20ms 20ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/994252266/?random=1643748837547&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&is_vtc=1&random=244924652&resp=GooglemKTybQhCsO&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/gif location https://www.google.de/pagead/1p-user-list/994252266/?random=1643748837547&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&is_vtc=1&random=244924652&resp=GooglemKTybQhCsO&ipr=y cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/969619756/	2 KB 1 KB	20ms 19ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/969619756/?random=1643748837548&cv=9&fst=1643748837548&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash be29fabae911c484d73a3e101d770085217e1448c261f79f4f4ee4e32b0933aa Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1057 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/836762974/	2 KB 1 KB	20ms 19ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/836762974/?random=1643748837549&cv=9&fst=1643748837549&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 1b569efa4ec23002fdeb1573500fa18032b062541bf87beb8de977e8821fe97e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1062 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/768643034/ Redirect Chain https://googleads.g.doubleclick.net/pagead/viewthroughconversion/768643034/?random=1643748837549&cv=9&fst=1643748837549&num=1&fmt=3&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=16... https://www.google.com/pagead/1p-user-list/768643034/?random=1643748837549&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_npl... https://www.google.de/pagead/1p-user-list/768643034/?random=1643748837549&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplu...	42 B 108 B	31ms 30ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/768643034/?random=1643748837549&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&is_vtc=1&random=2508802087&resp=GooglemKTybQhCsO&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-type image/gif location https://www.google.de/pagead/1p-user-list/768643034/?random=1643748837549&cv=9&fst=1643745600000&num=1&fmt=3&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&is_vtc=1&random=2508802087&resp=GooglemKTybQhCsO&ipr=y cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/956500681/	2 KB 1 KB	22ms 21ms	Script text/javascript	2a00:1450:4001:82b::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956500681/?random=1643748837550&cv=9&fst=1643748837550&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 Requested by Host: www.googleadservices.com URL: https://www.googleadservices.com/pagead/conversion_async.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e28c345530276fd8c84d5345deb25467aa53def30943f2f9b7eee0d83ba0a2be Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1062 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/1068577810/	42 B 108 B	46ms 28ms	Image image/gif	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/1068577810/?random=1643748837546&cv=9&fst=1643745600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1v0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=2929274540&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/1068577810/	42 B 548 B	45ms 21ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/1068577810/?random=1643748837546&cv=9&fst=1643745600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1v0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=2929274540&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/933849799/	42 B 108 B	39ms 21ms	Image image/gif	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/933849799/?random=1643748837544&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=2312640200&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/933849799/	42 B 108 B	46ms 23ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/933849799/?random=1643748837544&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=2312640200&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/994591697/	42 B 548 B	37ms 20ms	Image image/gif	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/994591697/?random=1643748837545&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=456137144&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/994591697/	42 B 108 B	46ms 23ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/994591697/?random=1643748837545&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=456137144&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/995747453/	42 B 108 B	37ms 21ms	Image image/gif	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/995747453/?random=1643748837542&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=41693984&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/995747453/	42 B 108 B	21ms 20ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/995747453/?random=1643748837542&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=41693984&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/962827280/	42 B 108 B	24ms 24ms	Image image/gif	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/962827280/?random=1643748837547&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=2486261604&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/962827280/	42 B 108 B	21ms 20ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/962827280/?random=1643748837547&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=2486261604&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/836762974/	42 B 108 B	22ms 21ms	Image image/gif	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/836762974/?random=1643748837549&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=2871256662&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/836762974/	42 B 108 B	25ms 25ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/836762974/?random=1643748837549&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=2871256662&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/969619756/	42 B 108 B	24ms 23ms	Image image/gif	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/969619756/?random=1643748837548&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=1315896251&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/969619756/	42 B 108 B	21ms 21ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/969619756/?random=1643748837548&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=1315896251&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.com/pagead/1p-user-list/956500681/	42 B 108 B	25ms 24ms	Image image/gif	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/956500681/?random=1643748837550&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=3254303933&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/956500681/	42 B 108 B	22ms 22ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/956500681/?random=1643748837550&cv=9&fst=1643745600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg1v0&sendb=1&frm=0&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tiba=Travel%20Packages%20%26%20Discounts&async=1&fmt=3&is_vtc=1&random=3254303933&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-security-policy script-src 'none'; object-src 'none' content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	204	5950377.js Show response bat.bing.com/p/action/	0 116 B	167ms 167ms	Script text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/5950377.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers access-control-allow-origin * date Tue, 01 Feb 2022 20:53:57 GMT cache-control private,max-age=1800 accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 6DBB67C5102D40EFB632EE6AB79C5178 Ref B: FRAEDGE1218 Ref C: 2022-02-01T20:53:57Z x-cache CONFIG_NOCACHE
GET H2	204	16002467.js Show response bat.bing.com/p/action/	0 92 B	315ms 315ms	Script text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/16002467.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers access-control-allow-origin * date Tue, 01 Feb 2022 20:53:57 GMT cache-control private,max-age=1800 accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: A465C33964AC431098E95245EF280195 Ref B: FRAEDGE1218 Ref C: 2022-02-01T20:53:57Z x-cache CONFIG_NOCACHE
GET H/1.1	200 OK	ibs:dpid=269&dpuuid=55f961f9-9de5-4000-bea4-f9bff022b3a3&ddsuuid=47184707640258246103906800018426211135 dpm.demdex.net/ Frame 3F0D Redirect Chain https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=47184707640258246103906800018426211135&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d47184707640258... https://dpm.demdex.net/ibs:dpid=269&dpuuid=55f961f9-9de5-4000-bea4-f9bff022b3a3&ddsuuid=47184707640258246103906800018426211135	42 B 945 B	35ms 35ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=269&dpuuid=55f961f9-9de5-4000-bea4-f9bff022b3a3&ddsuuid=47184707640258246103906800018426211135 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-0fa023e15.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID F9JYo0c/SDA= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Date Tue, 01 Feb 2022 20:53:57 GMT Server MT3 4133 baa842e master zrh-pixel-x30 config:1.0.0 Access-Control-Allow-Origin * P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" location https://dpm.demdex.net/ibs:dpid=269&dpuuid=55f961f9-9de5-4000-bea4-f9bff022b3a3&ddsuuid=47184707640258246103906800018426211135 Cache-Control no-cache Connection keep-alive Content-Type image/gif Keep-Alive timeout=360 Content-Length 0 Expires Tue, 01 Feb 2022 20:53:56 GMT
GET H/1.1	200 OK	insight.min.js Show response snap.licdn.com/li.lms-analytics/	5 KB 2 KB	59ms 16ms	Script application/x-javascript	2a02:26f0:f7::5c7b:e024 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:f7::5c7b:e024 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 01 Feb 2022 20:53:57 GMT Content-Encoding gzip Last-Modified Wed, 29 Sep 2021 19:17:49 GMT X-CDN AKAM Vary Accept-Encoding Content-Type application/x-javascript;charset=utf-8 Cache-Control max-age=15384 Connection keep-alive Accept-Ranges bytes Content-Length 2036
GET H2	200	uwt.js Show response static.ads-twitter.com/	14 KB 6 KB	39ms 19ms	Script application/javascript	199.232.136.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip last-modified Mon, 20 Sep 2021 23:58:10 GMT etag "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip" vary Accept-Encoding,Host x-tw-cdn FT p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" cache-control no-cache x-cache HIT, HIT accept-ranges bytes content-type application/javascript; charset=utf-8 content-length 5410 x-served-by cache-iad-kiad7000091-IAD, cache-hhn11545-HHN
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	99 KB 27 KB	23ms 8ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 26236 x-xss-protection 0 pragma public x-fb-debug ZiieMaq7Z/J65G/MS8i5+ESF8ZVzSi1zkdMcQkmwqz7EBjkpJCVoRCl/YPBaXyi7RYHOvZPGK04NPhs/8LdBKA== x-fb-trip-id 686109401 x-frame-options DENY cross-origin-opener-policy same-origin-allow-popups cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" date Tue, 01 Feb 2022 20:53:57 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	orid-engage.min.js Show response tracking.hivecloud.net/client-scripts/	8 KB 8 KB	143ms 35ms	Script application/octet-stream	2606:2800:233:1cb7:261b:1f9c:2074:3c EDGECAST
General Check archive.org Show headers Download Go to Full URL https://tracking.hivecloud.net/client-scripts/orid-engage.min.js Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (mil/6C53) / Resource Hash a80f0fb8fd48643a70a350d705ac3b18c9371285b13bcb0aad2a82ad256ca398 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-ms-lease-status unlocked x-ms-blob-type BlockBlob date Tue, 01 Feb 2022 20:53:57 GMT x-ms-meta-version 8 last-modified Thu, 26 Aug 2021 07:32:00 GMT server ECAcc (mil/6C53) content-md5 8SGip8+MiZFzIOIkWaocKQ== age 281916 etag 0x8D9686397D8BCEE x-cache HIT content-type application/octet-stream x-ms-request-id d50a6e97-301e-0036-3d1d-153c6a000000 x-ms-version 2009-09-19 accept-ranges bytes content-length 7945
GET H3	200	gtm.js Show response www.googletagmanager.com/	386 KB 79 KB	52ms 52ms	Script application/javascript	2a00:1450:4001:813::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-W79ZLQ Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 791d69afdaaa7f2b8b2a1dbc90a5162fc6c56155cb1d811cd9bff7bb0948cda1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 81259 x-xss-protection 0 last-modified Tue, 01 Feb 2022 18:57:08 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 01 Feb 2022 20:53:57 GMT
GET H3	200	gtm.js Show response www.googletagmanager.com/	367 KB 89 KB	62ms 61ms	Script application/javascript	2a00:1450:4001:813::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-T6BPC96 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash abbe99ce6d09f3c38f6cbd02dc99e3d76162d0a7807e266ff9e57f5203b23b0e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 90699 x-xss-protection 0 last-modified Tue, 01 Feb 2022 18:57:08 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 01 Feb 2022 20:53:57 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	30ms 7ms	Script text/javascript	2a00:1450:4001:82b::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Tue, 02 Nov 2021 17:39:06 GMT server Golfe2 age 2945 date Tue, 01 Feb 2022 20:04:52 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Tue, 01 Feb 2022 22:04:52 GMT
GET H2	200	RCfbfc6b65069e4aad9d750e99a5913f01-source.min.js Show response assets.adobedtm.com/5ddcd7778a26/796eaa550a09/9f5be917c364/	404 B 533 B	19ms 18ms	Script application/x-javascript	72.247.225.88 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/9f5be917c364/RCfbfc6b65069e4aad9d750e99a5913f01-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.225.88 Berlin, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a72-247-225-88.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 8ea90a7c82f3bfebf21335ab1006919284560bb70786cc8f04a1e3e8db35ed6a Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip last-modified Thu, 20 Jan 2022 16:24:42 GMT server AkamaiNetStorage etag "befd76bb5dfb0f9d6b35cf3dc6e049c7:1642695882.79939" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://travel.oregon.aaa.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 263 expires Tue, 01 Feb 2022 21:53:57 GMT
GET H2	200	RC1aa896e5d78447f688b0f20f0ffdae98-source.min.js Show response assets.adobedtm.com/5ddcd7778a26/796eaa550a09/9f5be917c364/	676 B 669 B	19ms 19ms	Script application/x-javascript	72.247.225.88 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/9f5be917c364/RC1aa896e5d78447f688b0f20f0ffdae98-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.225.88 Berlin, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a72-247-225-88.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 6d3bf18cfacc0773bd345c04d1f92dbcb94de827871ab0dbf4583fd757efefe5 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip last-modified Thu, 20 Jan 2022 16:24:42 GMT server AkamaiNetStorage etag "befd76bb5dfb0f9d6b35cf3dc6e049c7:1642695882.79939" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://travel.oregon.aaa.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 400 expires Tue, 01 Feb 2022 21:53:57 GMT
GET H2	200	RC866dae2562fe440999ce494bab28e7a9-source.min.js Show response assets.adobedtm.com/5ddcd7778a26/796eaa550a09/9f5be917c364/	447 B 560 B	21ms 21ms	Script application/x-javascript	72.247.225.88 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/9f5be917c364/RC866dae2562fe440999ce494bab28e7a9-source.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/5ddcd7778a26/796eaa550a09/launch-9636619f7fc9.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 72.247.225.88 Berlin, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a72-247-225-88.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 868214a252a6e53d2ba96ef005a383c16d89b4738cc0c8d5ed02d1caa81ecf31 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip last-modified Thu, 20 Jan 2022 16:24:42 GMT server AkamaiNetStorage etag "befd76bb5dfb0f9d6b35cf3dc6e049c7:1642695882.79939" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://travel.oregon.aaa.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 291 expires Tue, 01 Feb 2022 21:53:57 GMT
GET H2	200	productChannelMiniCartPackaging Show response travel.oregon.aaa.com/admin/rest/parameters/	95 B 578 B	117ms 117ms	Fetch application/json	52.205.91.253 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://travel.oregon.aaa.com/admin/rest/parameters/productChannelMiniCartPackaging Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/monthly-deals/assets/resource/js/app-bundle.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.205.91.253 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-205-91-253.compute-1.amazonaws.com Software / Resource Hash 8e41f69a870a35170119d8fd7c6c6514a9ec3c906b1870dc39202c4a9c24fd9b Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:57 GMT cache-control no-cache, max-age=0, must-revalidate, no-store content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com content-length 95 strict-transport-security max-age=31536000; includeSubDomains content-type application/json
GET H2	200	cityDeals Show response travel.oregon.aaa.com/monthly-deals/assets/hotel/	17 KB 4 KB	154ms 154ms	XHR application/json	52.205.91.253 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://travel.oregon.aaa.com/monthly-deals/assets/hotel/cityDeals Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/monthly-deals/assets/resource/js/app-bundle.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.205.91.253 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-205-91-253.compute-1.amazonaws.com Software / Express Resource Hash eeb6c287388989bee46ff57d8a448ada9e0867d531b624c67afb0db917565ced Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept application/json, text/plain, */* Referer https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT content-encoding gzip etag W/"4201-5f4H9wsJxoAjAFvrNcQ/UJgGndU" x-powered-by Express vary Accept-Encoding content-type application/json; charset=utf-8 content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	ld Show response travel.oregon.aaa.com/web-services/assets/featureToggles/	5 B 412 B	110ms 110ms	XHR application/json	52.205.91.253 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://travel.oregon.aaa.com/web-services/assets/featureToggles/ld?key=MiniCart&anonymous=true Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/monthly-deals/assets/resource/js/app-bundle.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.205.91.253 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-205-91-253.compute-1.amazonaws.com Software / Express Resource Hash fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept application/json, text/plain, */* Referer https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT etag W/"5-fLbvuYullyqbUJDcLlF/4U0SywQ" x-powered-by Express vary Accept-Encoding content-type application/json; charset=utf-8 content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com strict-transport-security max-age=31536000; includeSubDomains content-length 5
GET H2	200	orbit-logo.svg assets.blue.kube.tstllc.net/resources/ncnu/ Redirect Chain https://travel.oregon.aaa.com/resources/ncnu/orbit-logo.svg https://assets.blue.kube.tstllc.net/resources/ncnu/orbit-logo.svg	2 KB 3 KB	156ms 104ms	Image image/svg+xml	3.227.89.185 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://assets.blue.kube.tstllc.net/resources/ncnu/orbit-logo.svg Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 3.227.89.185 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-227-89-185.compute-1.amazonaws.com Software / Resource Hash a936718fb9a2b2ba6e7a83411a740ab0f4bca9b5c2cafffb81c38fa34b6147cc Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT last-modified Thu, 06 Jan 2022 03:57:36 GMT etag "61d668b0-8e2" strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET, POST, OPTIONS content-type image/svg+xml access-control-allow-origin * content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type content-length 2274 Redirect headers location https://assets.blue.kube.tstllc.net/resources/ncnu/orbit-logo.svg date Tue, 01 Feb 2022 20:53:58 GMT content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com content-length 166 strict-transport-security max-age=31536000; includeSubDomains content-type text/html
GET H2	200	tag.js Show response lptag.liveperson.net/tag/	21 KB 8 KB	647ms 153ms	Script application/javascript	199.187.116.153 LIVEPERSON
General Check archive.org Show headers Download Go to Full URL https://lptag.liveperson.net/tag/tag.js?site=24461917 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.187.116.153 , United States, ASN11054 (LIVEPERSON, US), Reverse DNS Software ws / Resource Hash 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT content-encoding gzip last-modified Thu, 03 Sep 2020 08:27:49 GMT server ws etag "5f50a905-1d8f" access-control-allow-methods GET, POST, PATCH content-type application/javascript access-control-expose-headers X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options cache-control public, max-age=630 access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token content-length 7567
GET H2	204	0 bat.bing.com/action/	0 151 B	31ms 31ms	Image text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=5950377&tm=gtm002&Ver=2&mid=24d0beb4-0bff-4d31-9d44-5ad0353b95ad&sid=1370059083a111ecbe3d818d7a3ce2cc&vid=137028f083a111ec856ea74bceb83bd3&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Travel%20Packages%20%26%20Discounts&p=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&r=&lt=2273&evt=pageLoad&msclkid=N&sv=1&rn=177228 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 469881ECBC9D4A4F93E376F4D08DC2ED Ref B: FRAEDGE1218 Ref C: 2022-02-01T20:53:58Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	204	0 bat.bing.com/action/	0 95 B	31ms 30ms	Image text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=16002467&tm=gtm002&Ver=2&mid=268b2e78-f52a-4c2d-bb20-690aa15d4060&sid=1370059083a111ecbe3d818d7a3ce2cc&vid=137028f083a111ec856ea74bceb83bd3&vids=0&gtm_tag_source=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Travel%20Packages%20%26%20Discounts&p=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&r=&lt=2273&evt=pageLoad&msclkid=N&sv=1&rn=80466 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:57 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: E39F2FFCE94644D69605B092D5B9DBD0 Ref B: FRAEDGE1218 Ref C: 2022-02-01T20:53:58Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	ibs:dpid=359&dpuuid=RBh12soJ1Nf0a25 dpm.demdex.net/ Frame 3F0D Redirect Chain https://pm.w55c.net/ping_match.gif?st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_ https://pm.w55c.net/ping_match.gif?scc=1&st=dmx&rurl=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D359%26dpuuid%3D_wfivefivec_ https://dpm.demdex.net/ibs:dpid=359&dpuuid=RBh12soJ1Nf0a25	42 B 945 B	34ms 34ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=359&dpuuid=RBh12soJ1Nf0a25 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-069e5a96a.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID 07PnDzJeRZw= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Pragma no-cache Date Tue, 01 Feb 2022 20:53:58 GMT Server PingMatch/v2.0.30-702-g2925257#rel-ec2-master i-07dabe3ed4c3409c7@us-east-1d@dxedge-app-us-east-1-prod-asg Strict-Transport-Security max-age=2592000; includeSubDomains Location https://dpm.demdex.net/ibs:dpid=359&dpuuid=RBh12soJ1Nf0a25 Cache-Control no-cache, must-revalidate Connection keep-alive Content-Length 0 Expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	romantic-retreats-bg.jpg web-assets.tstllc.net/static-content/images/common/campaign/	295 KB 296 KB	375ms 130ms	Image image/jpeg	18.66.112.109 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://web-assets.tstllc.net/static-content/images/common/campaign/romantic-retreats-bg.jpg Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.109 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-109.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash eb1337219f7e6b96bda8e5a137435f2fb45c348512d71c7871b1fc6250f10e4c Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-amz-version-id FlwV2.lwCFGO9MRl6vrvYHxuf2qBcvNw via 1.1 3517ce13630d84c5b14e88de469985cc.cloudfront.net (CloudFront) last-modified Wed, 26 Jan 2022 02:41:21 GMT server AmazonS3 x-amz-cf-pop FRA56-P5 etag "0fe4b63f02bf7b0d1e2fc3fa77aedb91" x-cache RefreshHit from cloudfront content-type image/jpeg date Tue, 01 Feb 2022 20:53:59 GMT content-length 302376 x-amz-cf-id 79g_CmseNhsd_v-HVw_NVr22KIs7ZkX1uTGTqUa03RHJbb3BKyhkig==
GET DATA	200 OK	truncated /	20 KB 20 KB		Font font/opentype
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash c2f965626d99effacab4a09cb8f96e0b4a00065365fa3bd63d9f5944030a5882 Request headers Referer Origin https://travel.oregon.aaa.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type font/opentype
GET DATA	200 OK	truncated /	15 KB 15 KB		Font font/opentype
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash bb2e1a97e3bc84334fa38904266d7ef01dc9407e17b3fcf54ea4a8ecbf494abf Request headers Referer Origin https://travel.oregon.aaa.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type font/opentype
GET H3	200	fontawesome-webfont.woff netdna.bootstrapcdn.com/font-awesome/3.2.1/font/	43 KB 43 KB	390ms 166ms	Font font/woff	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://netdna.bootstrapcdn.com/font-awesome/3.2.1/font/fontawesome-webfont.woff?v=3.2.1 Requested by Host: netdna.bootstrapcdn.com URL: https://netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 18e6b5ff511b90edf098e62ac45ed9d6673a3eee10165d0de4164d4d02a3a77f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css Origin https://travel.oregon.aaa.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT x-content-type-options nosniff cf-cache-status MISS cdn-edgestorageid 756 access-control-allow-origin * cdn-proxyver 1.02 cdn-cachedat 01/30/2022 18:50:27 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 43572 timing-allow-origin * last-modified Mon, 25 Jan 2021 22:04:51 GMT server cloudflare cdn-requestpullcode 200 etag "b683029bafe0305ac2234038a03e1541" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type font/woff cdn-cache HIT vary Accept-Encoding cache-control public, max-age=31919000 cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestid 5384c8a5f3b93f9ba3e6421ef48baff0 accept-ranges bytes cf-ray 6d6e127fab68374d-MXP cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET DATA	200 OK	truncated /	20 KB 20 KB		Font font/opentype
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8b3e8e10db2f90bdb8710b478c200588b2396146e4b07b22a795ad79e062360f Request headers Referer Origin https://travel.oregon.aaa.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Content-Type font/opentype
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2359516&time=1643748838180&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2359516%26time%3D1643748838180%26url%3Dhttps%253A%252F%252Ftravel.oregon.aaa.com%... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2359516&time=1643748838180&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2359516&time=1643748838180&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&liSync=tru...	0 156 B	446ms 237ms	Image application/javascript	108.174.10.14 LINKEDIN
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2359516&time=1643748838180&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&liSync=true&e_ipv6=AQJX9uxkcCOh9QAAAX63EM0tHtk2L3fNXK5bbd4OujUYtDDmBh8Bu77reY8hraQBngj-gfcwdg Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 108.174.10.14 , United States, ASN14413 (LINKEDIN, US), Reverse DNS 108-174-10-14.fwd.linkedin.com Software Play / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:59 GMT server Play linkedin-action 1 x-li-fabric prod-lor1 x-li-proto http/2 x-li-pop prod-lva1 content-type application/javascript content-length 0 x-li-uuid cBlBNNzEzxYA4ZaV4SoAAA== Redirect headers date Tue, 01 Feb 2022 20:53:58 GMT x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 5DD52912A257465498C44D223A235EAF Ref B: FRAEDGE1210 Ref C: 2022-02-01T20:53:58Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lor1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2359516&time=1643748838180&url=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&liSync=true&e_ipv6=AQJX9uxkcCOh9QAAAX63EM0tHtk2L3fNXK5bbd4OujUYtDDmBh8Bu77reY8hraQBngj-gfcwdg x-li-proto http/2 content-length 0 x-li-uuid AAXW+xmhP4HU3bsX+2YIUA==
GET H3	200	136696297006053 Show response connect.facebook.net/signals/config/	306 KB 87 KB	17ms 8ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/136696297006053?v=2.9.52&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 6c6912340fa8da45fe9756f88d9503899f789c4774281bd338c4f0e451558897 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 89221 x-xss-protection 0 pragma public x-fb-debug dbWpM4Xluldl5Qbfa+2mT913CjDQJQ2JuJizBIk+qznVqNcVTIo4ZDuXd/+pKxYX8pRB0vNKjPLJQQTZIi9PKA== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups x-frame-options DENY date Tue, 01 Feb 2022 20:53:58 GMT strict-transport-security max-age=31536000; preload; includeSubDomains report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=1200 x-fb-rlafr 0 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	newyork-3-1080.jpg assets.blue.kube.tstllc.net/images/common/bgs/photo/ Redirect Chain https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/newyork-3-1080.jpg https://assets.blue.kube.tstllc.net/images/common/bgs/photo/newyork-3-1080.jpg?url=null%3FcacheBuster%3D0.09996987698299864	760 KB 762 KB	212ms 212ms	Image image/jpeg	3.227.89.185 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://assets.blue.kube.tstllc.net/images/common/bgs/photo/newyork-3-1080.jpg?url=null%3FcacheBuster%3D0.09996987698299864 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 3.227.89.185 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-227-89-185.compute-1.amazonaws.com Software / Resource Hash 6f6bf40ac925a6ceb591135fd5d19060b978774c6f616bae70c49e5f16e38265 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT last-modified Thu, 06 Jan 2022 03:57:33 GMT etag "61d668ad-bdfa3" strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET, POST, OPTIONS content-type image/jpeg access-control-allow-origin * content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type content-length 778147 Redirect headers location https://assets.blue.kube.tstllc.net/images/common/bgs/photo/newyork-3-1080.jpg?url=null%3FcacheBuster%3D0.09996987698299864 date Tue, 01 Feb 2022 20:53:58 GMT cache-control no-cache, no-store, must-revalidate content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com x-powered-by Express strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	charleston_1920.jpg assets.blue.kube.tstllc.net/images/common/bgs/photo/ Redirect Chain https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/charleston_1920.jpg https://assets.blue.kube.tstllc.net/images/common/bgs/photo/charleston_1920.jpg?url=null%3FcacheBuster%3D0.9395544552113226	594 KB 596 KB	842ms 841ms	Image image/jpeg	3.227.89.185 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://assets.blue.kube.tstllc.net/images/common/bgs/photo/charleston_1920.jpg?url=null%3FcacheBuster%3D0.9395544552113226 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 3.227.89.185 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-227-89-185.compute-1.amazonaws.com Software / Resource Hash de41e49b6f041c99e05c641fd35923d61bafceddd9e59a11c96559c7ce8fbe9d Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT last-modified Thu, 06 Jan 2022 03:57:32 GMT etag "61d668ac-947f3" strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET, POST, OPTIONS content-type image/jpeg access-control-allow-origin * content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type content-length 608243 Redirect headers location https://assets.blue.kube.tstllc.net/images/common/bgs/photo/charleston_1920.jpg?url=null%3FcacheBuster%3D0.9395544552113226 date Tue, 01 Feb 2022 20:53:58 GMT cache-control no-cache, no-store, must-revalidate content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com x-powered-by Express strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	hiltonhead.jpg assets.blue.kube.tstllc.net/images/common/bgs/photo/ Redirect Chain https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/hiltonhead.jpg https://assets.blue.kube.tstllc.net/images/common/bgs/photo/hiltonhead.jpg?url=null%3FcacheBuster%3D0.31082897171332613	577 KB 579 KB	111ms 111ms	Image image/jpeg	3.227.89.185 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://assets.blue.kube.tstllc.net/images/common/bgs/photo/hiltonhead.jpg?url=null%3FcacheBuster%3D0.31082897171332613 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 3.227.89.185 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-227-89-185.compute-1.amazonaws.com Software / Resource Hash 4f45c44cab2b708f858f32ace7bce397e3b96bd98888eb27af0afc0382087e18 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT last-modified Thu, 06 Jan 2022 03:57:32 GMT etag "61d668ac-90337" strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET, POST, OPTIONS content-type image/jpeg access-control-allow-origin * content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type content-length 590647 Redirect headers location https://assets.blue.kube.tstllc.net/images/common/bgs/photo/hiltonhead.jpg?url=null%3FcacheBuster%3D0.31082897171332613 date Tue, 01 Feb 2022 20:53:58 GMT cache-control no-cache, no-store, must-revalidate content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com x-powered-by Express strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	nashville-1-1080.jpg assets.blue.kube.tstllc.net/images/common/bgs/photo/ Redirect Chain https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/nashville-1-1080.jpg https://assets.blue.kube.tstllc.net/images/common/bgs/photo/nashville-1-1080.jpg?url=null%3FcacheBuster%3D0.1297306827117639	626 KB 628 KB	1035ms 1035ms	Image image/jpeg	3.227.89.185 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://assets.blue.kube.tstllc.net/images/common/bgs/photo/nashville-1-1080.jpg?url=null%3FcacheBuster%3D0.1297306827117639 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 3.227.89.185 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-227-89-185.compute-1.amazonaws.com Software / Resource Hash fcc2d9c106330f765597a15f690d6479e3982fd29ca137ffcbf4d00f122267a6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT last-modified Thu, 06 Jan 2022 03:57:33 GMT etag "61d668ad-9c7ef" strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET, POST, OPTIONS content-type image/jpeg access-control-allow-origin * content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type content-length 641007 Redirect headers location https://assets.blue.kube.tstllc.net/images/common/bgs/photo/nashville-1-1080.jpg?url=null%3FcacheBuster%3D0.1297306827117639 date Tue, 01 Feb 2022 20:53:58 GMT cache-control no-cache, no-store, must-revalidate content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com x-powered-by Express strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	austin-1-1080.jpg assets.blue.kube.tstllc.net/images/common/bgs/photo/ Redirect Chain https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/austin-1-1080.jpg https://assets.blue.kube.tstllc.net/images/common/bgs/photo/austin-1-1080.jpg?url=null%3FcacheBuster%3D0.9428261148598367	739 KB 741 KB	1035ms 1035ms	Image image/jpeg	3.227.89.185 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://assets.blue.kube.tstllc.net/images/common/bgs/photo/austin-1-1080.jpg?url=null%3FcacheBuster%3D0.9428261148598367 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 3.227.89.185 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-227-89-185.compute-1.amazonaws.com Software / Resource Hash 46d48acee5b7760c92a479ba9d89f0da2927baa527a523c1eff35cdeefb20827 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT last-modified Thu, 06 Jan 2022 03:57:32 GMT etag "61d668ac-b8a2d" strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET, POST, OPTIONS content-type image/jpeg access-control-allow-origin * content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type content-length 756269 Redirect headers location https://assets.blue.kube.tstllc.net/images/common/bgs/photo/austin-1-1080.jpg?url=null%3FcacheBuster%3D0.9428261148598367 date Tue, 01 Feb 2022 20:53:58 GMT cache-control no-cache, no-store, must-revalidate content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com x-powered-by Express strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	miami-1-1080.jpg assets.blue.kube.tstllc.net/images/common/bgs/photo/ Redirect Chain https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/miami-1-1080.jpg https://assets.blue.kube.tstllc.net/images/common/bgs/photo/miami-1-1080.jpg?url=null%3FcacheBuster%3D0.38751871264223814	652 KB 654 KB	1179ms 1179ms	Image image/jpeg	3.227.89.185 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://assets.blue.kube.tstllc.net/images/common/bgs/photo/miami-1-1080.jpg?url=null%3FcacheBuster%3D0.38751871264223814 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 3.227.89.185 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-227-89-185.compute-1.amazonaws.com Software / Resource Hash 5c5a02a18099156afe238aafeba27ac85c813b4a9dbefdcd0d7a7cd90c4c2d6a Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT last-modified Thu, 06 Jan 2022 03:57:32 GMT etag "61d668ac-a2e47" strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET, POST, OPTIONS content-type image/jpeg access-control-allow-origin * content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type content-length 667207 Redirect headers location https://assets.blue.kube.tstllc.net/images/common/bgs/photo/miami-1-1080.jpg?url=null%3FcacheBuster%3D0.38751871264223814 date Tue, 01 Feb 2022 20:53:58 GMT cache-control no-cache, no-store, must-revalidate content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com x-powered-by Express strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	sanfrancisco-1-1080.jpg assets.blue.kube.tstllc.net/images/common/bgs/photo/ Redirect Chain https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/sanfrancisco-1-1080.jpg https://assets.blue.kube.tstllc.net/images/common/bgs/photo/sanfrancisco-1-1080.jpg?url=null%3FcacheBuster%3D0.30742555363549817	1000 KB 1003 KB	762ms 762ms	Image image/jpeg	3.227.89.185 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://assets.blue.kube.tstllc.net/images/common/bgs/photo/sanfrancisco-1-1080.jpg?url=null%3FcacheBuster%3D0.30742555363549817 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 3.227.89.185 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-227-89-185.compute-1.amazonaws.com Software / Resource Hash 0c165b866b991b3701d407ef8230c5d2e2690042f1068ef0c87b8737f84919e8 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT last-modified Thu, 06 Jan 2022 03:57:33 GMT etag "61d668ad-f9f39" strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET, POST, OPTIONS content-type image/jpeg access-control-allow-origin * content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type content-length 1023801 Redirect headers location https://assets.blue.kube.tstllc.net/images/common/bgs/photo/sanfrancisco-1-1080.jpg?url=null%3FcacheBuster%3D0.30742555363549817 date Tue, 01 Feb 2022 20:53:58 GMT cache-control no-cache, no-store, must-revalidate content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com x-powered-by Express strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	lajolla-1-1080.jpg assets.blue.kube.tstllc.net/images/common/bgs/photo/ Redirect Chain https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/lajolla-1-1080.jpg https://assets.blue.kube.tstllc.net/images/common/bgs/photo/lajolla-1-1080.jpg?url=null%3FcacheBuster%3D0.17096688362365575	514 KB 515 KB	1136ms 1135ms	Image image/jpeg	3.227.89.185 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://assets.blue.kube.tstllc.net/images/common/bgs/photo/lajolla-1-1080.jpg?url=null%3FcacheBuster%3D0.17096688362365575 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 3.227.89.185 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-227-89-185.compute-1.amazonaws.com Software / Resource Hash 87f8100cfcb119de9867849385e1817b0c225eb8f8c3116a286d47a1ce31f1db Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT last-modified Thu, 06 Jan 2022 03:57:32 GMT etag "61d668ac-80675" strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET, POST, OPTIONS content-type image/jpeg access-control-allow-origin * content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type content-length 525941 Redirect headers location https://assets.blue.kube.tstllc.net/images/common/bgs/photo/lajolla-1-1080.jpg?url=null%3FcacheBuster%3D0.17096688362365575 date Tue, 01 Feb 2022 20:53:58 GMT cache-control no-cache, no-store, must-revalidate content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com x-powered-by Express strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	beijing-1-1080.jpg assets.blue.kube.tstllc.net/images/common/bgs/photo/ Redirect Chain https://travel.oregon.aaa.com/monthly-deals/common/assets/images/bgs/photo/beijing-1-1080.jpg https://assets.blue.kube.tstllc.net/images/common/bgs/photo/beijing-1-1080.jpg?url=null%3FcacheBuster%3D0.8637406388132429	487 KB 488 KB	1073ms 1073ms	Image image/jpeg	3.227.89.185 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://assets.blue.kube.tstllc.net/images/common/bgs/photo/beijing-1-1080.jpg?url=null%3FcacheBuster%3D0.8637406388132429 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 3.227.89.185 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-227-89-185.compute-1.amazonaws.com Software / Resource Hash d1953e7721a949fbf26a6454b11091e7943792c66307f5366e04999b74f6b183 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT last-modified Thu, 06 Jan 2022 03:57:32 GMT etag "61d668ac-79b02" strict-transport-security max-age=31536000; includeSubDomains access-control-allow-methods GET, POST, OPTIONS content-type image/jpeg access-control-allow-origin * content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com accept-ranges bytes access-control-allow-headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type content-length 498434 Redirect headers location https://assets.blue.kube.tstllc.net/images/common/bgs/photo/beijing-1-1080.jpg?url=null%3FcacheBuster%3D0.8637406388132429 date Tue, 01 Feb 2022 20:53:58 GMT cache-control no-cache, no-store, must-revalidate content-security-policy frame-ancestors 'self' *.tstllc.net wta-travel.com http://wta-travel.com *.wta-travel.com tpi.ca http://tpi.ca *.tpi.ca *.aaa.com ama.ab.ca *.amatravel.ca *.atlantic.caa.ca *.caamanitoba.com *.caaneo.ca *.caask.ca *.caaniagara.ca *.thoragentconnection.com caascotravel.com x-powered-by Express strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	adsct Show response analytics.twitter.com/i/	31 B 459 B	201ms 120ms	Script application/javascript	104.244.42.67 TWITTER
General Check archive.org Show headers Download Go to Full URL https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o2gtk&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=86504391-ac5c-4da2-8e79-5bc6cfed3743&tw_document_href=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&tpx_cb=twttr.conversion.loadPixels Requested by Host: static.ads-twitter.com URL: https://static.ads-twitter.com/uwt.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.67 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-response-time 113 date Tue, 01 Feb 2022 20:53:57 GMT content-encoding gzip server tsa_o strict-transport-security max-age=631138519 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" cache-control no-cache, no-store, max-age=0 x-connection-hash b376361ef9aad14055007d853866a69a558602a41a28898b129357afa1e38a6f content-type application/javascript;charset=utf-8 content-length 57
GET H2	200	adsct t.co/i/	43 B 338 B	193ms 112ms	Image image/gif	104.244.42.5 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o2gtk&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=86504391-ac5c-4da2-8e79-5bc6cfed3743&tw_document_href=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.5 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers x-response-time 105 date Tue, 01 Feb 2022 20:53:57 GMT server tsa_o strict-transport-security max-age=0 content-type image/gif;charset=utf-8 cache-control no-cache, no-store, max-age=0 x-connection-hash c7598d5b6938b625288e174472b37ad7bfcac2e0f67a42a4ff9c032dc8b1ce56 content-length 43
POST H/1.1	200 OK	v2 Show response hivetracking.azurewebsites.net/api/	0 311 B	309ms 210ms	XHR text/plain	51.141.12.112 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://hivetracking.azurewebsites.net/api/v2 Requested by Host: tracking.hivecloud.net URL: https://tracking.hivecloud.net/client-scripts/orid-engage.min.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 51.141.12.112 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://travel.oregon.aaa.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Pragma no-cache Date Tue, 01 Feb 2022 20:53:58 GMT Server Microsoft-IIS/10.0 X-AspNet-Version 4.0.30319 X-Powered-By ASP.NET Access-Control-Allow-Origin * Cache-Control no-cache Request-Context appId=cid-v1:087a7d2d-9dc1-4232-a84e-a8c6d2b7d14a Content-Length 0 Expires -1
GET H/1.1	200 OK	ibs:dpid=477&dpuuid=36b5a4748b09a28c33e9f5d000168646e1d2863ec8cefa5ec3e66918c799daceb0da87c991749652 dpm.demdex.net/ Frame 3F0D Redirect Chain https://idsync.rlcdn.com/365868.gif?partner_uid=47184707640258246103906800018426211135 https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomNDcxODQ3MDc2NDAyNTgyNDYxMDM5MDY4MDAwMTg0MjYyMTExMzUQABoNCOa75o8GEgUI6AcQAEIASgA https://dpm.demdex.net/ibs:dpid=477&dpuuid=36b5a4748b09a28c33e9f5d000168646e1d2863ec8cefa5ec3e66918c799daceb0da87c991749652	42 B 945 B	36ms 36ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=477&dpuuid=36b5a4748b09a28c33e9f5d000168646e1d2863ec8cefa5ec3e66918c799daceb0da87c991749652 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-0da9e18e5.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID c3yjtyL7SuY= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers date Tue, 01 Feb 2022 20:53:58 GMT via 1.1 google p3p CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" location https://dpm.demdex.net/ibs:dpid=477&dpuuid=36b5a4748b09a28c33e9f5d000168646e1d2863ec8cefa5ec3e66918c799daceb0da87c991749652 cache-control no-cache, no-store timing-allow-origin * alt-svc clear content-length 0
POST H3	200	collect Show response www.google-analytics.com/j/	2 B 22 B	33ms 17ms	XHR text/plain	2a00:1450:4001:82b::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j96&a=580727096&t=pageview&_s=1&dl=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&ul=en-us&de=UTF-8&dt=Travel%20Packages%20%26%20Discounts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=874842185&gjid=349463793&cid=1728157001.1643748838&tid=UA-96133587-4&_gid=1502420547.1643748838&_r=1&gtm=2wg1v0T6BPC96&cd1=000&cd2=Travel&cd3=TST&cd108=travel.oregon.aaa.com%2Fpromos%2Fromantic-retreats&cd109=&cd111=&z=863759776 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://travel.oregon.aaa.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:58 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://travel.oregon.aaa.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	200	collect Show response www.google-analytics.com/j/	2 B 22 B	15ms 15ms	XHR text/plain	2a00:1450:4001:82b::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j96&a=580727096&t=pageview&_s=1&dl=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&dp=%2Fpromos%2Fromantic-retreats&ul=en-us&de=UTF-8&dt=Travel%20Packages%20%26%20Discounts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAAC~&jid=1487195569&gjid=1355776781&cid=1728157001.1643748838&tid=UA-55392727-1&_gid=1502420547.1643748838&_r=1&gtm=2wg1v0W79ZLQ&cd11=2022-02-01T20%3A53%3A58%2B00%3A00&cd9=1728157001.1643748838&z=905894890 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://travel.oregon.aaa.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:58 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://travel.oregon.aaa.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	44 B 407 B	23ms 8ms	Image image/gif	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=136696297006053&ev=PageView&dl=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&rl=&if=false&ts=1643748838336&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=30&fbp=fb.1.1643748838334.1144422850&it=1643748838189&coo=false&rqm=GET Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 content-length 44 expires Tue, 01 Feb 2022 20:53:58 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 446 B	59ms 19ms	XHR text/plain	2a00:1450:400c:c06::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-96133587-4&cid=1728157001.1643748838&jid=874842185&gjid=349463793&_gid=1502420547.1643748838&_u=aEDAAEAAAAAAAC~&z=250834268 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://travel.oregon.aaa.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Tue, 01 Feb 2022 20:53:58 GMT content-type text/plain access-control-allow-origin https://travel.oregon.aaa.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 70 B	59ms 20ms	XHR text/plain	2a00:1450:400c:c06::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-55392727-1&cid=1728157001.1643748838&jid=1487195569&gjid=1355776781&_gid=1502420547.1643748838&_u=aEDAAEABAAAAAC~&z=2084649191 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://travel.oregon.aaa.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Tue, 01 Feb 2022 20:53:58 GMT content-type text/plain access-control-allow-origin https://travel.oregon.aaa.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	696719950 Show response hn.inspectlet.com/ginit/	212 B 465 B	176ms 169ms	XHR application/json	2606:4700:10::6816:39f5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hn.inspectlet.com/ginit/696719950 Requested by Host: cdn.inspectlet.com URL: https://cdn.inspectlet.com/inspectlet.js?wid=696719950&r=456596 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:39f5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash f20fefbae1bca4cc01bb0111edfb014e3f2d60371167bb0a5362f5cfc5952162 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://travel.oregon.aaa.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Tue, 01 Feb 2022 20:53:58 GMT via 1.1 vegur cf-cache-status DYNAMIC x-powered-by Express content-encoding gzip alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 server cloudflare etag W/"d4-xtTi6TDDwQR60D82nWYSHg" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-allow-methods GET, POST content-type application/json; charset=utf-8 access-control-allow-origin https://travel.oregon.aaa.com cache-control no-cache access-control-allow-credentials true cf-ray 6d6e12801fc03004-BOS access-control-allow-headers X-Requested-With, Content-Type
GET H/1.1	200 OK	ibs:dpid=470&dpuuid=7049021469954091856 dpm.demdex.net/ Frame 3F0D Redirect Chain https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjM2NTYzMjkvdC8y/url/https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D470%26dpuuid%3D%24!%7BTURN_UUID%7D https://dpm.demdex.net/ibs:dpid=470&dpuuid=7049021469954091856	42 B 945 B	71ms 71ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=470&dpuuid=7049021469954091856 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-0fa023e15.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID z+7prafhRE0= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers location https://dpm.demdex.net/ibs:dpid=470&dpuuid=7049021469954091856 pragma no-cache date Tue, 01 Feb 2022 20:53:58 GMT cache-control max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0 content-length 0 p3p policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	53ms 34ms	Image image/gif	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-96133587-4&cid=1728157001.1643748838&jid=874842185&_u=aEDAAEAAAAAAAC~&z=246094377 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:58 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	72ms 54ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-96133587-4&cid=1728157001.1643748838&jid=874842185&_u=aEDAAEAAAAAAAC~&z=246094377 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:58 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	73ms 54ms	Image image/gif	2a00:1450:4001:801::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-55392727-1&cid=1728157001.1643748838&jid=1487195569&_u=aEDAAEABAAAAAC~&z=907364405 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:58 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	49ms 32ms	Image image/gif	2a00:1450:4001:828::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-55392727-1&cid=1728157001.1643748838&jid=1487195569&_u=aEDAAEABAAAAAC~&z=907364405 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:58 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	200	tag Show response hn.inspectlet.com/	4 B 328 B	270ms 153ms	XHR text/html	2606:4700:10::6816:39f5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hn.inspectlet.com/tag Requested by Host: cdn.inspectlet.com URL: https://cdn.inspectlet.com/inspectlet.js?wid=696719950&r=456596 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:10::6816:39f5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 9795c5ff8937f23526ccb207a5684c1fc94a7854e19c021b39d944e51f5baef2 Request headers Accept */* Referer https://travel.oregon.aaa.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Tue, 01 Feb 2022 20:53:58 GMT via 1.1 vegur cf-cache-status DYNAMIC server cloudflare access-control-allow-headers X-Requested-With, Content-Type x-powered-by Express etag W/"4-b9sIeqP7+8uCh6WToJGeYQ" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-allow-methods GET, POST content-type text/html; charset=utf-8 access-control-allow-origin * cache-control no-cache cf-ray 6d6e12821dfaebf0-BOS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 4
POST H3	200	tag Show response hn.inspectlet.com/	4 B 292 B	284ms 167ms	XHR text/html	2606:4700:10::6816:39f5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hn.inspectlet.com/tag Requested by Host: cdn.inspectlet.com URL: https://cdn.inspectlet.com/inspectlet.js?wid=696719950&r=456596 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:10::6816:39f5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 9795c5ff8937f23526ccb207a5684c1fc94a7854e19c021b39d944e51f5baef2 Request headers Accept */* Referer https://travel.oregon.aaa.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Tue, 01 Feb 2022 20:53:58 GMT via 1.1 vegur cf-cache-status DYNAMIC server cloudflare access-control-allow-headers X-Requested-With, Content-Type x-powered-by Express etag W/"4-b9sIeqP7+8uCh6WToJGeYQ" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-allow-methods GET, POST content-type text/html; charset=utf-8 access-control-allow-origin * cache-control no-cache cf-ray 6d6e12821dfcebf0-BOS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 4
GET H2	200	hbpix idpix.media6degrees.com/orbserv/ Frame 3F0D	43 B 278 B	256ms 127ms	Image image/gif	2606:4700::6812:b4f CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://idpix.media6degrees.com/orbserv/hbpix?pixId=16873&pcv=70&ptid=66&tpuv=01&tpu=47184707640258246103906800018426211135 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2606:4700::6812:b4f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4abdc5bae3773141e85e6bed6c09953d57aded7ef98b1d304c42807f2229474f Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:58 GMT cf-cache-status DYNAMIC last-modified Fri, 15 Sep 2017 19:12:19 GMT server cloudflare etag "59bc2613-2b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type image/gif accept-ranges bytes cf-ray 6d6e1281d8ca924a-FRA content-length 43
GET H/1.1	200 OK	ibs:dpid=903&dpuuid=39b70a51-49bd-4db0-b980-c636e62c6eef dpm.demdex.net/ Frame 3F0D Redirect Chain https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1 https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1 https://dpm.demdex.net/ibs:dpid=903&dpuuid=39b70a51-49bd-4db0-b980-c636e62c6eef	42 B 945 B	39ms 38ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=903&dpuuid=39b70a51-49bd-4db0-b980-c636e62c6eef Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-1-v027-08ad91823.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID vV6wb7yvSug= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers pragma no-cache date Tue, 01 Feb 2022 20:53:58 GMT x-aspnet-version 4.0.30319 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV" location https://dpm.demdex.net/ibs:dpid=903&dpuuid=39b70a51-49bd-4db0-b980-c636e62c6eef cache-control private,no-cache, must-revalidate content-type text/html content-length 189
GET H/1.1	200 OK	ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D dpm.demdex.net/ Frame 3F0D Redirect Chain https://ps.eyeota.net/match?bid=6j5b2cv&uid=47184707640258246103906800018426211135&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D	42 B 963 B	34ms 33ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=30064&dpuuid=%7BUUID_6j5b2cv%7D Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-0f000680c.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-Error 303,104 X-TID zg3NUJHzQw0= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=30064&dpuuid={UUID_6j5b2cv} Date Tue, 01 Feb 2022 20:53:58 GMT Content-Length 0 P3P CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
GET H/1.1	200 OK	ibs:dpid=30646 dpm.demdex.net/ Frame 3F0D Redirect Chain https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=47184707640258246103906800018426211135&gdpr=0&gdpr_consent= https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-DisL84NE2pEtGDZHnIdECzvJotfau4xek4I-~A	42 B 945 B	34ms 34ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-DisL84NE2pEtGDZHnIdECzvJotfau4xek4I-~A Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-0f5471d2c.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID I7RoHob/S6k= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers date Tue, 01 Feb 2022 20:53:58 GMT referrer-policy strict-origin-when-cross-origin server ATS age 0 expect-ct max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" x-frame-options DENY content-type text/html;charset=utf-8 location https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-DisL84NE2pEtGDZHnIdECzvJotfau4xek4I-~A x-xss-protection 1; mode=block strict-transport-security max-age=31536000 content-length 0 x-content-type-options nosniff
GET H2	200	.jsonp Show response lptag.liveperson.net/lptag/api/account/24461917/configuration/applications/taglets/	247 KB 89 KB	175ms 175ms	Script application/x-javascript	199.187.116.153 LIVEPERSON
General Check archive.org Show headers Download Go to Full URL https://lptag.liveperson.net/lptag/api/account/24461917/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.187.116.153 , United States, ASN11054 (LIVEPERSON, US), Reverse DNS Software ws / Resource Hash b68394f6d214b8314ac476052cdf3c0aff1331fb549e5e002c0bd5745181a8ed Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:59 GMT content-encoding gzip server ws x-cache-status HIT access-control-allow-methods GET, POST, PATCH content-type application/x-javascript access-control-expose-headers X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options cache-control public, max-age=630 access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
GET H/1.1	200 OK	noop px.owneriq.net/ Frame 3F0D Redirect Chain https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID) https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ6970352391838275343&uid=Q6970352391838275343&ref=%2Feucm%2Fp%2Fadpq https://px.owneriq.net/noop?ct=image%2Fgif	0 287 B	55ms 54ms	Image image/gif	104.86.40.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://px.owneriq.net/noop?ct=image%2Fgif Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 104.86.40.114 Berlin, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-86-40-114.deploy.static.akamaitechnologies.com Software Apache/2.2.15 (CentOS) / PHP/5.3.3 Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 01 Feb 2022 20:53:59 GMT Server Apache/2.2.15 (CentOS) Connection keep-alive P3P policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" X-Powered-By PHP/5.3.3 Content-Length 0 Content-Type image/gif Redirect headers Location https://px.owneriq.net/noop?ct=image%2Fgif Date Tue, 01 Feb 2022 20:53:59 GMT Server AkamaiGHost Connection keep-alive Content-Length 0
GET H2	404	usersync usersync.videoamp.com/ Frame 3F0D	0 79 B	413ms 113ms	Image text/plain	52.0.102.204 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://usersync.videoamp.com/usersync?partner_id=6667929&partner_user_id=47184707640258246103906800018426211135&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D70962%26dpuuid%3D%7Bvamp_user_id%7D Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.0.102.204 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-0-102-204.compute-1.amazonaws.com Software istio-envoy / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:59 GMT x-envoy-upstream-service-time 0 server istio-envoy content-length 0
GET H/1.1	200 OK	ibs:dpid=73426&dpuuid=47184707640258246103906800018426211135 dpm.demdex.net/ Frame 3F0D Redirect Chain https://ads.scorecardresearch.com/p?c1=9&c2=6034944&c3=2&cs_xi=47184707640258246103906800018426211135&rn=1643748837491&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D471847076402582... https://ads.scorecardresearch.com/p2?c1=9&c2=6034944&c3=2&cs_xi=47184707640258246103906800018426211135&rn=1643748837491&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D73426%26dpuuid%3D47184707640258... https://dpm.demdex.net/ibs:dpid=73426&dpuuid=47184707640258246103906800018426211135	42 B 945 B	58ms 57ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=73426&dpuuid=47184707640258246103906800018426211135 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-1-v027-0f67ff371.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID 3onJt96QT50= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers date Tue, 01 Feb 2022 20:53:59 GMT via 1.1 6fd3ab2be93b19c970fb371964d46d94.cloudfront.net (CloudFront) x-amz-cf-pop FRA60-P1 vary Accept x-cache Miss from cloudfront content-type text/plain; charset=utf-8 location https://dpm.demdex.net/ibs:dpid=73426&dpuuid=47184707640258246103906800018426211135 content-length 105 x-amz-cf-id GoauCDCYUwM66cgfLSR15eXRqwbL0lIX2QRe7-sGBm-mWR-eQ7HyPA==
GET H/1.1	200 OK	ibs:dpid=121998&dpuuid=62843101490b7c1708beb83337f6c4a dpm.demdex.net/ Frame 3F0D Redirect Chain https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=47184707640258246103906800018426211135?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/tpid=47184707640258246103906800018426211135?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} https://dpm.demdex.net/ibs:dpid=121998&dpuuid=62843101490b7c1708beb83337f6c4a	42 B 945 B	37ms 37ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=121998&dpuuid=62843101490b7c1708beb83337f6c4a Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-1-v027-04d2b909f.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID jMXMYoRRR4w= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers pragma no-cache date Tue, 01 Feb 2022 20:53:59 GMT server Jetty(9.4.38.v20210224) p3p CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV location https://dpm.demdex.net/ibs:dpid=121998&dpuuid=62843101490b7c1708beb83337f6c4a cache-control no-cache x-server 10.45.12.61 content-length 0 expires 0
GET H2	200	pixel cm.g.doubleclick.net/ Frame 3F0D Redirect Chain https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_... https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWZtZDVRQUFBS3Y2a2dQMA==	170 B 502 B	52ms 26ms	Image image/png	142.250.186.98 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWZtZDVRQUFBS3Y2a2dQMA== Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 142.250.186.98 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s06-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:59 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Tue, 01 Feb 2022 20:53:59 GMT via 1.1 varnish server Varnish x-timer S1643748840.558771,VS0,VE0 x-served-by cache-hhn4078-HHN x-cache HIT location https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWZtZDVRQUFBS3Y2a2dQMA== cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H/1.1	204 No Content	tap.php pixel.rubiconproject.com/ Frame 3F0D Redirect Chain https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yfmd5QAAAKv6kgP0&expires=90	0 239 B	647ms 161ms	Image image/gif	8.39.36.141 RUBICONPROJECT
General Check archive.org Show headers Download Go to Show image Full URL https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yfmd5QAAAKv6kgP0&expires=90 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 8.39.36.141 Los Angeles, United States, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Expires 0 Cache-Control no-cache,no-store,must-revalidate P3P CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" X-RPHost 5daa34953a867809056448757b76591b Content-Type image/gif Redirect headers pragma no-cache date Tue, 01 Feb 2022 20:53:59 GMT via 1.1 varnish server Varnish x-timer S1643748840.592291,VS0,VE0 x-served-by cache-hhn4078-HHN x-cache HIT location https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yfmd5QAAAKv6kgP0&expires=90 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H2	200	/ Show response accdn.lpsnmedia.net/api/account/24461917/configuration/setting/accountproperties/	6 KB 2 KB	783ms 304ms	Script application/javascript	199.187.116.91 LIVEPERSON
General Check archive.org Show headers Download Go to Full URL https://accdn.lpsnmedia.net/api/account/24461917/configuration/setting/accountproperties/?cb=lpCb11003x49569 Requested by Host: lptag.liveperson.net URL: https://lptag.liveperson.net/lptag/api/account/24461917/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.187.116.91 , United States, ASN11054 (LIVEPERSON, US), Reverse DNS ca-accdn.lpsnmedia.net Software ws / Resource Hash fbc119daedd562a8fb6d49eb737227b4db1b982f8ce44e425488140d315fcf87 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:54:00 GMT content-encoding gzip server ws x-cache-status EXPIRED vary Accept content-type application/javascript x-envoy-upstream-service-time 1 expires Tue, 01 Feb 2022 20:55:00 GMT
GET H2	200	zones Show response accdn.lpsnmedia.net/api/account/24461917/configuration/le-campaigns/	2 KB 499 B	781ms 305ms	Script application/javascript	199.187.116.91 LIVEPERSON
General Check archive.org Show headers Download Go to Full URL https://accdn.lpsnmedia.net/api/account/24461917/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB Requested by Host: lptag.liveperson.net URL: https://lptag.liveperson.net/lptag/api/account/24461917/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.187.116.91 , United States, ASN11054 (LIVEPERSON, US), Reverse DNS ca-accdn.lpsnmedia.net Software ws / Resource Hash 088dac72da72fd637048a8555e2e907aae847940c17a8b080dba1ec8bd313a6f Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:54:00 GMT content-encoding gzip server ws x-cache-status EXPIRED vary Accept content-type application/javascript x-envoy-upstream-service-time 1 expires Tue, 01 Feb 2022 20:55:00 GMT
GET H2	200	24461917 Show response va.v.liveperson.net/api/js/	234 B 1 KB	483ms 189ms	Script application/javascript	208.89.12.87 LIVEPERSON
General Check archive.org Show headers Download Go to Full URL https://va.v.liveperson.net/api/js/24461917?&cb=lpCb61931x24827&t=sp&ts=1643748839650&pid=1621788948&tid=5671046901&pt=Travel%20Packages%20%26%20Discounts&u=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&df=0&os=0 Requested by Host: lptag.liveperson.net URL: https://lptag.liveperson.net/lptag/api/account/24461917/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US), Reverse DNS va.v.liveperson.net Software ws / Resource Hash 1ba280eac1c16a8f5ace587a108ce6e8db8948f54ce4d8207d3078b86fc25f9e Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:59 GMT content-encoding gzip server ws access-control-allow-methods GET, POST, PATCH content-type application/javascript access-control-expose-headers X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options cache-control no-store access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
GET H/1.1	200 OK	rum dsum-sec.casalemedia.com/ Frame 3F0D Redirect Chain https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yfmd5QAAAKv6kgP0 https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yfmd5QAAAKv6kgP0&C=1	43 B 1003 B	137ms 137ms	Image image/gif	2.20.157.55 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yfmd5QAAAKv6kgP0&C=1 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 2.20.157.55 Milan, Italy, ASN16625 (AKAMAI-AS, US), Reverse DNS a2-20-157-55.deploy.static.akamaitechnologies.com Software Apache / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 01 Feb 2022 20:54:00 GMT Server Apache Vary Is-Traffic-Usersync P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type image/gif Content-Length 43 Expires Tue, 01 Feb 2022 20:54:00 GMT Redirect headers Pragma no-cache Date Tue, 01 Feb 2022 20:54:00 GMT Server Apache P3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" Location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yfmd5QAAAKv6kgP0&C=1 Cache-Control max-age=0, no-cache, no-store Connection keep-alive Content-Type text/html; charset=iso-8859-1 Content-Length 279 Expires Tue, 01 Feb 2022 20:54:00 GMT
GET H/1.1	200 OK	bounce ib.adnxs.com/ Frame 3F0D Redirect Chain https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D https://ib.adnxs.com/setuid?entity=158&code=Yfmd5QAAAKv6kgP0 https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYfmd5QAAAKv6kgP0	43 B 1 KB	8ms 8ms	Image image/gif	37.252.172.45 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYfmd5QAAAKv6kgP0 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.17.9 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Pragma no-cache Date Tue, 01 Feb 2022 20:53:59 GMT X-Proxy-Origin 193.27.14.10; 193.27.14.10; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com AN-X-Request-Uuid 9fb9a7dc-8ff6-49c7-ac2f-fad872fc8f6e Server nginx/1.17.9 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin * Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive Content-Type image/gif Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers Pragma no-cache Date Tue, 01 Feb 2022 20:53:59 GMT X-Proxy-Origin 193.27.14.10; 193.27.14.10; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com AN-X-Request-Uuid b58e15af-5a6b-4675-a33e-a0811a642089 Server nginx/1.17.9 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYfmd5QAAAKv6kgP0 Cache-Control no-store, no-cache, private Connection keep-alive Content-Type text/html; charset=utf-8 Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	sd us-u.openx.net/w/1.0/ Frame 3F0D Redirect Chain https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yfmd5QAAAKv6kgP0	43 B 274 B	39ms 16ms	Image image/gif	34.98.64.218 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yfmd5QAAAKv6kgP0 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 218.64.98.34.bc.googleusercontent.com Software OXGW/17.1.0 / Resource Hash 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49 Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers pragma no-cache date Tue, 01 Feb 2022 20:53:59 GMT via 1.1 google server OXGW/17.1.0 vary Accept p3p CP="CUR ADM OUR NOR STA NID" cache-control private, max-age=0, no-cache content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 43 expires Mon, 26 Jul 1997 05:00:00 GMT Redirect headers pragma no-cache date Tue, 01 Feb 2022 20:53:59 GMT via 1.1 varnish server Varnish x-timer S1643748840.895439,VS0,VE0 x-served-by cache-hhn4078-HHN x-cache HIT location https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yfmd5QAAAKv6kgP0 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H3	200	/ www.facebook.com/tr/	44 B 91 B	17ms 7ms	Image image/gif	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=136696297006053&ev=Microdata&dl=https%3A%2F%2Ftravel.oregon.aaa.com%2Fpromos%2Fromantic-retreats%3Fcmpid%3Dint_eml_out_txx-0222-nwslttr&rl=&if=false&ts=1643748839895&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Travel%20Packages%20%26%20Discounts%22%2C%22meta%3Adescription%22%3A%22Want%20to%20vacation%20in%20the%20sun%20and%20sand%20this%20Summer%3F%20Hit%20the%20beach%20with%20these%20Travel%20packages%20and%20get%20exclusive%20member%20discounts.%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.52&r=stable&ec=1&o=30&fbp=fb.1.1643748838334.1144422850&it=1643748838189&coo=false&es=automatic&tm=3&rqm=GET Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:53:59 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin content-length 44 alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 priority u=3,i expires Tue, 01 Feb 2022 20:53:59 GMT
GET H2	200	Pug image2.pubmatic.com/AdServer/ Frame 3F0D Redirect Chain https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER... https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yfmd5QAAAKv6kgP0	1 B 546 B	469ms 155ms	Image text/html	104.36.113.17 AS-PUBMATIC
General Check archive.org Show headers Download Go to Show image Full URL https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yfmd5QAAAKv6kgP0 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H2 Server 104.36.113.17 , United States, ASN62713 (AS-PUBMATIC, US), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 16:31:45 GMT cache-control no-store, no-cache, private x-lat sfopug025:0:365 server nginx content-type text/html; charset=utf-8 content-length 1 p3p CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" Redirect headers pragma no-cache date Tue, 01 Feb 2022 20:53:59 GMT via 1.1 varnish server Varnish x-timer S1643748840.997098,VS0,VE0 x-served-by cache-hhn4078-HHN x-cache HIT location https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yfmd5QAAAKv6kgP0 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H/1.1	200	partner sync.search.spotxchange.com/ Frame 3F0D Redirect Chain https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yfmd5QAAAKv6kgP0&img=1 https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yfmd5QAAAKv6kgP0&img=1&__user_check__=1&sync_id=14d6d8c7-83a1-11ec-8a09-1bce7de30306	43 B 548 B	21ms 21ms	Image image/gif	185.94.180.125 SPOTX-AMS
General Check archive.org Show headers Download Go to Show image Full URL https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yfmd5QAAAKv6kgP0&img=1&__user_check__=1&sync_id=14d6d8c7-83a1-11ec-8a09-1bce7de30306 Protocol HTTP/1.1 Server 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US), Reverse DNS Software nginx / Resource Hash e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Tue, 01 Feb 2022 20:54:00 GMT Server nginx Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type image/gif Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Access-Control-Allow-Credentials false X-fe 39 Connection keep-alive Content-Length 43 Redirect headers Date Tue, 01 Feb 2022 20:54:00 GMT Server nginx Location /partner?adv_id=6409&uid=Yfmd5QAAAKv6kgP0&img=1&__user_check__=1&sync_id=14d6d8c7-83a1-11ec-8a09-1bce7de30306 Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type text/plain Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Access-Control-Allow-Credentials false X-fe 95 Connection keep-alive Content-Length 0
GET H2	200	24461917 Show response va.v.liveperson.net/api/js/	110 B 853 B	95ms 94ms	Script application/javascript	208.89.12.87 LIVEPERSON
General Check archive.org Show headers Download Go to Full URL https://va.v.liveperson.net/api/js/24461917?sid=8__jk8DoS_Sd2Px0apgP5g&cb=lpCb65716x7119&t=pl&ts=1643748839651&pid=1621788948&tid=5671046901&vid=Y5ZWE5NGQyNjY5NzJhMmRm Requested by Host: lptag.liveperson.net URL: https://lptag.liveperson.net/lptag/api/account/24461917/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US), Reverse DNS va.v.liveperson.net Software ws / Resource Hash 6ace6b2dc1ada649c6262abfa12e425069f24d62b939f1829b04a56ddbf5d488 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:54:00 GMT content-encoding gzip server ws access-control-allow-methods GET, POST, PATCH content-type application/javascript access-control-expose-headers X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options cache-control no-store access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
GET H3	200	b.php www.facebook.com/fr/ Frame 3F0D Redirect Chain https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yfmd5QAAAKv6kgP0&t=2592000&o=0	43 B 71 B	112ms 112ms	Image image/gif	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yfmd5QAAAKv6kgP0&t=2592000&o=0 Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H3 Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 12:54:00 PST content-encoding br x-content-type-options nosniff document-policy force-load-at-top content-security-policy-report-only default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0; alt-svc h3=":443"; ma=3600, h3-29=":443"; ma=3600 x-fb-rlafr 0 pragma public x-fb-debug 9zSws/I5T4WegF7zWVzzxCCmLmm9ah7e8zIJi83bfXAhzWc/2beoH90zIfDhR/paF1GihXpP61SuWpf2ginYBw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups strict-transport-security max-age=15552000; preload report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type image/gif vary Accept-Encoding cache-control public, max-age=0 priority u=3,i expires Tue, 01 Feb 2022 12:54:00 PST Redirect headers pragma no-cache date Tue, 01 Feb 2022 20:54:00 GMT via 1.1 varnish server Varnish x-timer S1643748840.197389,VS0,VE0 x-served-by cache-hhn4078-HHN x-cache HIT location https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yfmd5QAAAKv6kgP0&t=2592000&o=0 cache-control no-cache accept-ranges bytes content-length 0 retry-after 0 x-cache-hits 0
GET H/1.1	200 OK	ibs:dpid=143525&dpuuid=e_ecaa9343-ae00-4df0-8b47-7d602c28b98c dpm.demdex.net/ Frame 3F0D Redirect Chain https://g2.gumgum.com/adobe/s2s https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_ecaa9343-ae00-4df0-8b47-7d602c28b98c	42 B 945 B	34ms 34ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_ecaa9343-ae00-4df0-8b47-7d602c28b98c Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-1-v027-04f3a669a.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID 7H8uwizpRYI= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers location https://dpm.demdex.net/ibs:dpid=143525&dpuuid=e_ecaa9343-ae00-4df0-8b47-7d602c28b98c date Tue, 01 Feb 2022 20:54:00 GMT server nginx timing-allow-origin * content-length 0 content-language de-DE
GET H/1.1	200 OK	ibs:dpid=275754&dpuuid=AALw1E7D8zwAAAdlLZj-Hw dpm.demdex.net/ Frame 3F0D Redirect Chain https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent= https://match.prod.bidr.io/cookie-sync/adobe?gdpr=0&gdpr_consent=&_bee_ppp=1 https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AALw1E7D8zwAAAdlLZj-Hw?gdpr=0	42 B 945 B	34ms 34ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AALw1E7D8zwAAAdlLZj-Hw?gdpr=0 Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-08f66671e.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID KjHenkD4TPA= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers location https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AALw1E7D8zwAAAdlLZj-Hw?gdpr=0 Date Tue, 01 Feb 2022 20:54:00 GMT Server nginx Connection keep-alive Content-Length 0 strict-transport-security max-age=2592000; includeSubDomains
GET H3	200	gtm.js Show response www.googletagmanager.com/	367 KB 89 KB	60ms 60ms	Script application/javascript	2a00:1450:4001:813::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-T6BPC96&l=aaa_gtm_prod Requested by Host: travel.oregon.aaa.com URL: https://travel.oregon.aaa.com/promos/romantic-retreats?cmpid=int_eml_out_txx-0222-nwslttr Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 5fe4fd4dafa02f4cee9c0b7c020b2b55e0b7cfa189de51cac87a336b7fe81d9e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:54:00 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 90714 x-xss-protection 0 last-modified Tue, 01 Feb 2022 18:57:08 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Tue, 01 Feb 2022 20:54:00 GMT
GET H2	200	storage.secure.min.html Show response lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/ Frame 7E54	39 KB 16 KB	100ms 21ms	Document text/html	178.249.97.98 LIVEPERSON
General Check archive.org Show headers Download Go to Full URL https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=https%3A%2F%2Ftravel.oregon.aaa.com&site=24461917&env=prod Requested by Host: lptag.liveperson.net URL: https://lptag.liveperson.net/lptag/api/account/24461917/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US), Reverse DNS lo-lpcdn.lpsnmedia.net Software ws / Resource Hash 59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ Response headers date Tue, 01 Feb 2022 20:54:00 GMT content-type text/html last-modified Fri, 05 Nov 2021 13:34:15 GMT content-encoding gzip server ws vary Origin access-control-allow-methods GET, POST, PATCH access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev access-control-expose-headers X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev access-control-allow-credentials true expires Tue, 01 Feb 2022 21:04:00 GMT cache-control max-age=600
GET H/1.1	200 OK	ibs:dpid=390122&dpuuid=8nJ3dp-CQRp08encYQCmQ8EbDgo dpm.demdex.net/ Frame 3F0D Redirect Chain https://sync.srv.stackadapt.com/sync?nid=adobe https://dpm.demdex.net/ibs:dpid=390122&dpuuid=8nJ3dp-CQRp08encYQCmQ8EbDgo	42 B 945 B	35ms 35ms	Image image/gif	34.251.243.172 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://dpm.demdex.net/ibs:dpid=390122&dpuuid=8nJ3dp-CQRp08encYQCmQ8EbDgo Protocol HTTP/1.1 Server 34.251.243.172 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-251-243-172.eu-west-1.compute.amazonaws.com Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://aaanortheast.demdex.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers DCS dcs-prod-irl1-2-v027-0dfb7c719.edge-irl1.demdex.com UNKNOWN Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains content-encoding gzip X-Content-Type-Options nosniff X-TID OG0139odT3U= P3P policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Cache-Control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Connection keep-alive Content-Type image/gif Content-Length 59 Expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers Location https://dpm.demdex.net/ibs:dpid=390122&dpuuid=8nJ3dp-CQRp08encYQCmQ8EbDgo Date Tue, 01 Feb 2022 20:54:00 GMT Connection keep-alive Content-Length 100 Content-Type text/html; charset=utf-8
GET H2	200	storage.secure.min.js Show response lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/	38 KB 15 KB	84ms 84ms	Script application/javascript	178.249.97.98 LIVEPERSON
General Check archive.org Show headers Download Go to Full URL https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=https%3A%2F%2Ftravel.oregon.aaa.com&site=24461917&force=1&env=prod Requested by Host: lptag.liveperson.net URL: https://lptag.liveperson.net/lptag/api/account/24461917/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US), Reverse DNS lo-lpcdn.lpsnmedia.net Software ws / Resource Hash 996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:54:00 GMT content-encoding gzip last-modified Fri, 05 Nov 2021 13:34:15 GMT server ws vary Origin access-control-allow-methods GET, POST, PATCH content-type application/javascript access-control-expose-headers X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev cache-control max-age=600 access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev expires Tue, 01 Feb 2022 21:04:00 GMT
GET H3	200	pdata hn.inspectlet.com/	35 B 295 B	255ms 143ms	Image image/gif	2606:4700:10::6816:39f5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hn.inspectlet.com/pdata?d=mr,549,undefined,undefined,undefined,undefined)s,549,0,0)cinmi,2197,224,b24=)cinmi,2197,437,)cinmi,2197,464,)cinmi,2197,483,)&w=696719950&r=2901916544&sid=621338124&pad=1&dn=dn&fadd=true&oid=99785695&lpt=0&rrtn=1643748844540 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:10::6816:39f5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Request headers Accept-Language de-DE,de;q=0.9 Referer https://travel.oregon.aaa.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Tue, 01 Feb 2022 20:54:04 GMT via 1.1 vegur cf-cache-status DYNAMIC server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" cache-control no-cache cf-ray 6d6e12a77f833055-BOS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 35

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

oregon.aaa.com

URL

https://oregon.aaa.com/etc/clientlibs/aaa-orid-web/remote/footer.js