r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7015
Expires: Fri, 27 Jan 2023 21:11:23 GMT
Date: Fri, 27 Jan 2023 19:14:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 58ffdcb539c3b250fdf31ed761627fc1
5b55b1522ef84c39b5c42f9bbfbc62b806c1269f
eb783cfa8c8544b0574b345abc0bf3c150979d4efce1a013f17b6cd48076fc63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2187
Expires: Fri, 27 Jan 2023 19:50:55 GMT
Date: Fri, 27 Jan 2023 19:14:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 18:42:59 GMT
content-type: application/json
age: 1889
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14643
Expires: Fri, 27 Jan 2023 23:18:31 GMT
Date: Fri, 27 Jan 2023 19:14:28 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: p7AkG56rHJCZXgLAf+/RkjrmX+bQauV1oTD5mpjGTV8Ma/djSJiGIIkbR5L6nF/m9KEAGCSuuiA=
x-amz-request-id: T7NK15KG78PKQGA6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 18:49:31 GMT
age: 1497
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 27 Jan 2023 19:14:28 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.buenavistapalace.com/
162.159.135.42301 Moved Permanently 0 B URL HTTP/1.1 www.buenavistapalace.com/
IP 162.159.135.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.buenavistapalace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 27 Jan 2023 19:14:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://buenavistapalace.com/
CF-Ray: 7903cfc10f21b4f3-OSL
Cache-Control: max-age=3600
Expires: Fri, 27 Jan 2023 19:57:33 GMT
CF-Cache-Status: DYNAMIC
ki-cache-type: None
Ki-CF-Cache-Status: BYPASS
ki-edge: v=17.16
X-Content-Type-Options: nosniff
X-Edge-Location-Klb: 1
X-Kinsta-Cache: HIT
X-Pingback: http://buenavistapalace.com/xmlrpc.php
X-Redirect-By: WordPress
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2fzOHgBgd11%2BQ5OaV9VGhxkJVkqNFGxB9YmxMqb0nyunijpN8k9NUY1mNGG7bV4%2FAVpr3gfBvVUD1bhePWV%2FzkJr4SOUZPXPBGwVLxo%2FJJ2k%2FxIKHk9qN%2FZCB08gOelzLlWGYMtoaCcRFw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 18:49:03 GMT
age: 1526
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20503
Expires: Sat, 28 Jan 2023 00:56:12 GMT
Date: Fri, 27 Jan 2023 19:14:29 GMT
Connection: keep-alive
push.services.mozilla.com/
35.161.132.177101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.132.177:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VffhkOBr6S6RvJPasytqFA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8tZ8ZNdi+CB/bKOF9QeOlPuzvbg=
d1azc1qln24ryf.cloudfront.net/67203/OrlandoBuenaVista/style-cf.css?jta0b6&ver=6.0.3
54.230.245.119200 OK 611 B URL HTTP/2 d1azc1qln24ryf.cloudfront.net/67203/OrlandoBuenaVista/style-cf.css?jta0b6&ver=6.0.3
IP 54.230.245.119:0
Hash 1a15eadf472c59e7e530c71dbc1d3cee
6f889e3117aadd501fea4d77be1106466f8daf4d
92b39aed314a652e12c1523be96a7d9bf0a297d272abb267f71cd97d8146de01
GET /67203/OrlandoBuenaVista/style-cf.css?jta0b6&ver=6.0.3 HTTP/1.1
Host: d1azc1qln24ryf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
content-length: 611
date: Sun, 08 Jan 2023 19:49:40 GMT
last-modified: Mon, 04 Jul 2022 13:54:43 GMT
etag: "1a15eadf472c59e7e530c71dbc1d3cee"
cache-control: max-age=31000000
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0t2FMyw9KXKz2L3Wko8Al47sRkH8AdZCUL--YGxfaz1gymO7PklBlQ==
age: 1639490
X-Firefox-Spdy: h2
assets.adobedtm.com/launch-EN02272261e0b845508227acf3ca0c37de.min.js
2.18.172.233200 OK 122 kB URL HTTP/2 assets.adobedtm.com/launch-EN02272261e0b845508227acf3ca0c37de.min.js
IP 2.18.172.233:0
File type ASCII text, with very long lines (32721)
Size 122 kB (122485 bytes)
Hash eedaa5df8121366de6d39a880135c6fc
82ae255f31d5486364f100d5f8f0f81954bab533
8ff30fe320b5b245f0d54752700a4b63a6a6551a3988492fb0a8bb167c876f3b
GET /launch-EN02272261e0b845508227acf3ca0c37de.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "54f2b9be201a96aaccf86a7e6e036793:1674168970.402456"
last-modified: Thu, 19 Jan 2023 22:56:10 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Fri, 27 Jan 2023 20:14:29 GMT
date: Fri, 27 Jan 2023 19:14:29 GMT
content-length: 122485
access-control-allow-origin: https://buenavistapalace.com
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 48f87f021aa43dc85cabc3b624264811
6dcc2e3610ec6ef91768905aae267c984227f54a
0e77dc8ff90169c7db1343058490de4942217f3846ca0586bebd33d32513b305
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9a156f9e1eec43fbfc3ea11e27aa3091
280292e0c5a0896c45598aa00e3fb607edf0b3a7
419b77a2c7ed19e8d086c82e3c9096d6ed2ab3032bba31afce0499ee83bc233a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6LfgdYoUAAAAAGurnWAetmi4fp-kvS22h2kWfg-A&ver=3.0
142.250.74.164200 OK 585 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LfgdYoUAAAAAGurnWAetmi4fp-kvS22h2kWfg-A&ver=3.0
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash e78b5934cdf161cef9b9d163c18e619a
2133215e3a2e1518ff61ca260921a890eae63a93
127d4afb2f99855e56467428a32917912b3cce0fcd152666204352cd9d4ccb18
GET /recaptcha/api.js?render=6LfgdYoUAAAAAGurnWAetmi4fp-kvS22h2kWfg-A&ver=3.0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 27 Jan 2023 19:14:29 GMT
date: Fri, 27 Jan 2023 19:14:29 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 585
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 48f87f021aa43dc85cabc3b624264811
6dcc2e3610ec6ef91768905aae267c984227f54a
0e77dc8ff90169c7db1343058490de4942217f3846ca0586bebd33d32513b305
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
use.typekit.net/xqy1jre.css?ver=6.0.3
95.101.11.120200 OK 852 B URL HTTP/2 use.typekit.net/xqy1jre.css?ver=6.0.3
IP 95.101.11.120:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (516)
Hash 4c117e14ed75a7519869685801b7c364
02fea4520c287c414c3ebc7f3eef9cefac8f5113
03c45bf38ce6af4a8d31fe2fc2e890c30193424140792b51d372940e4c4fde5c
GET /xqy1jre.css?ver=6.0.3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/css;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 852
date: Fri, 27 Jan 2023 19:14:29 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
buenavistapalace.com/
162.159.135.42200 OK 37 kB IP 162.159.135.42:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Hash 763af59e1e16160eb9fb124afb435898
ec822336c468e8442537e868c9ef8fd5e5aee44a
4fc14468262845a68aabf71e76497bb4c0b2bf541791e925c294b39ccca69a00
GET / HTTP/1.1
Host: buenavistapalace.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:14:29 GMT
content-type: text/html; charset=UTF-8
cf-ray: 7903cfc42ab7b4fa-OSL
link: <https://buenavistapalace.com/wp-json/>; rel="https://api.w.org/", <https://buenavistapalace.com/wp-json/wp/v2/pages/2>; rel="alternate"; type="application/json", <https://buenavistapalace.com/>; rel=shortlink
vary: Accept-Encoding
cf-cache-status: DYNAMIC
ki-cache-type: None
ki-cf-cache-status: BYPASS
ki-edge: v=17.16
x-content-type-options: nosniff
x-edge-location-klb: 1
x-kinsta-cache: HIT
x-pingback: https://buenavistapalace.com/xmlrpc.php
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sN5eAoU4McePCHxOij%2BGzka4ru6SfpT6Vx9eK9cTSgo2Ylr7YEx6oto1RUqCbi7Ttm9tIOnLQrk8d503v69hk6D2X1wkXD0mIYRxnJvH%2FwoOeO6sCA7zwajUxyOto%2BWFsH4Q9kqg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
p.typekit.net/p.css?s=1&k=xqy1jre&ht=tk&f=139.173.175.5474.159.162.164&a=428416&app=typekit&e=css
95.101.11.112200 OK 5 B URL HTTP/2 p.typekit.net/p.css?s=1&k=xqy1jre&ht=tk&f=139.173.175.5474.159.162.164&a=428416&app=typekit&e=css
IP 95.101.11.112:0
ASN #20940 Akamai International B.V.
Hash 83d24d4b43cc7eef2b61e66c95f3d158
f0cafc285ee23bb6c28c5166f305493c4331c84d
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
GET /p.css?s=1&k=xqy1jre&ht=tk&f=139.173.175.5474.159.162.164&a=428416&app=typekit&e=css HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
content-type: text/css
content-length: 5
last-modified: Thu, 28 Jul 2022 22:24:50 GMT
etag: "62e30cb2-5"
cache-control: public, max-age=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
date: Fri, 27 Jan 2023 19:14:30 GMT
X-Firefox-Spdy: h2
use.typekit.net/af/71f83c/00000000000000003b9b093b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
95.101.11.120200 OK 34 kB URL HTTP/2 use.typekit.net/af/71f83c/00000000000000003b9b093b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
IP 95.101.11.120:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 33660, version 1.0\012- data
Hash e21953c87f09ca307fea4132455a059a
08b07c629dc5407c6f9dfa375279d53af4bf2727
a2b997da567762896061490c3c08e506b2e5b936978560fc12251dd245140b32
GET /af/71f83c/00000000000000003b9b093b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 33660
etag: "a0f35f91fdc2ca0a90c8288c08c20681c1aecfcf"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Fri, 27 Jan 2023 19:14:30 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 2.6 kB IP 142.250.74.131:0
Hash e9a28fc2aa1cb11f35e0fda0585d8b3c
758e76a2825606d811a2f42cd7423852e15cf7f2
aace35adb2f94aa42fae378200c1931e4019f76aac7e027959195a2d0946c39d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
use.typekit.net/af/4838bd/00000000000000003b9b0934/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
95.101.11.120200 OK 33 kB URL HTTP/2 use.typekit.net/af/4838bd/00000000000000003b9b0934/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
IP 95.101.11.120:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 32688, version 1.0\012- data
Hash c654f50b24ad0685a12a2c387542e700
b2cfcca0589023f4371e4a673ec305f8ecace38e
9b99ce50d05750058143cb93936075ad5107f9a3e5b03f2d4872c0ebe753a9f7
GET /af/4838bd/00000000000000003b9b0934/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 32688
etag: "852dacc5cd2685c187708b882b28635465e17bd0"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Fri, 27 Jan 2023 19:14:30 GMT
X-Firefox-Spdy: h2
d1azc1qln24ryf.cloudfront.net/67203/OrlandoBuenaVista/icomoon.woff2?jta0b6
54.230.245.119200 OK 4.6 kB URL HTTP/2 d1azc1qln24ryf.cloudfront.net/67203/OrlandoBuenaVista/icomoon.woff2?jta0b6
IP 54.230.245.119:0
File type Web Open Font Format (Version 2), TrueType, length 4580, version 0.0\012- data
Hash 5046216e3324e4a929ffbfec11d8ff33
8bf22d0da466ddcf68871a93ef53b0a620f506b9
83d86bea524944a0e42a4bf13337fd7ccd3d5e821f9cb954edfc355a40ae3f1b
GET /67203/OrlandoBuenaVista/icomoon.woff2?jta0b6 HTTP/1.1
Host: d1azc1qln24ryf.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://d1azc1qln24ryf.cloudfront.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 4580
date: Fri, 27 Jan 2023 16:35:57 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
last-modified: Mon, 04 Jul 2022 13:54:43 GMT
etag: "5046216e3324e4a929ffbfec11d8ff33"
cache-control: max-age=31000000
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: whHykmjc2gGmEWyGdBUv7HJgScb6p7z8ESYxAvHyi110iy-v2Y2vNQ==
age: 9514
X-Firefox-Spdy: h2
use.typekit.net/af/6765ab/00000000000000003b9b0953/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
95.101.11.120200 OK 32 kB URL HTTP/2 use.typekit.net/af/6765ab/00000000000000003b9b0953/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
IP 95.101.11.120:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 31808, version 1.0\012- data
Hash 0559bcdbd9c62f7d26ec00ffee6ad534
1bc13ed6d0b0ecaa5aedc991c5effef9e7dc109f
15ab4ea326e957b375df8b33bc69210dd2799833b8ec3a4768037537ae9b3fc8
GET /af/6765ab/00000000000000003b9b0953/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 31808
etag: "702ae12922503ae1bb67f672c62b0c4af77721c5"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Fri, 27 Jan 2023 19:14:30 GMT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/satisfy/v17/rP2Hp2yn6lkG50LoCZOIHQ.woff2
142.250.74.35200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/satisfy/v17/rP2Hp2yn6lkG50LoCZOIHQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 22652, version 1.0\012- data
Hash 496a19db9637d6acd0fc59a04635e888
12cf6f5138219b1571119de3249bf9fb43efb54c
a02009d2f95d79b62b95c6de12d6614bdb36bffa6d4e756db81ec1c51c5acc34
GET /s/satisfy/v17/rP2Hp2yn6lkG50LoCZOIHQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22652
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 18:19:10 GMT
expires: Sat, 27 Jan 2024 18:19:10 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 19:12:57 GMT
content-type: font/woff2
age: 3320
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
use.typekit.net/af/07eada/00000000000000003b9b0959/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
95.101.11.120200 OK 33 kB URL HTTP/2 use.typekit.net/af/07eada/00000000000000003b9b0959/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
IP 95.101.11.120:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 32588, version 1.0\012- data
Hash b167e3c2c7eeeffeb8b1a623d12c81d1
b1d0b31892bbc2f45051731f49aee378deca6cdc
67451a7d267cc8c4389bca99d2eb38e4b9dc40520f4bb78c0f7bad745b1e067e
GET /af/07eada/00000000000000003b9b0959/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 32588
etag: "a090e406ba11bd636340635487c585a62cd6ceee"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Fri, 27 Jan 2023 19:14:30 GMT
X-Firefox-Spdy: h2
use.typekit.net/af/437c3d/00000000000000003b9b0932/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
95.101.11.120200 OK 32 kB URL HTTP/2 use.typekit.net/af/437c3d/00000000000000003b9b0932/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
IP 95.101.11.120:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 32384, version 1.0\012- data
Hash 8aba0d65966ae522c79c6cd9d5fabd29
b1d04e4c4487e562fe96604efe78a5c891c75961
582f1b5d33e54e95557255c97d79a90d3fda73d7b2b105695446fe643eb737cc
GET /af/437c3d/00000000000000003b9b0932/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 32384
etag: "474f8294a654ddd4e855cc66b1bb647cd40bfa9b"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Fri, 27 Jan 2023 19:14:30 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c6c64fc014f993e296f124e4b2f0f175
68d3e62fcd25c05d19894a28f4490cf1d04a44c1
7cee6b4b9234d595e6abd78d1bc14febaf314cdab54cc18e07f92e0b24fe1e79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5d26c41823a6e8c5fdcf3c28efbfdd01
2415b281bb7ee36d62aec11e477e4797e8bbc10c
e7c952964c5abd9aa20b354673bedf66a9ddb64c8c9ce0075a6601fe5d28cabe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_AudienceManagement.min.js
2.18.172.233200 OK 9.3 kB URL HTTP/2 assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_AudienceManagement.min.js
IP 2.18.172.233:0
Hash fe7b188f4ecdd23f8edc76092fd3d729
6ce04e83eb77c69cced0bb16f16cb3217e893635
f9140936cd574f5441e6c2b661e4bbb1cafd7336c988062b81bd073f4d688d67
GET /extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_AudienceManagement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d220d501715e0484d0dddeac614f902c:1663863410.217006"
last-modified: Thu, 22 Sep 2022 16:16:50 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 8755
expires: Fri, 27 Jan 2023 20:14:30 GMT
date: Fri, 27 Jan 2023 19:14:30 GMT
cache-control: no-cache
access-control-allow-origin: https://buenavistapalace.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/5e68f1ab8856/6f5249f15557/000ff25a67a5/EX9d85f19b2bb9438d88e8200a247afa89-libraryCode_source.min.js
2.18.172.233200 OK 14 kB URL HTTP/2 assets.adobedtm.com/5e68f1ab8856/6f5249f15557/000ff25a67a5/EX9d85f19b2bb9438d88e8200a247afa89-libraryCode_source.min.js
IP 2.18.172.233:0
File type ASCII text, with very long lines (32747)
Hash 4f8958f27327b8441e17666376e63edb
846745ec17359f9e8c859d013397fda166a606e5
3803d247dc18741584676feb73add914e3fe034a9b82bb03bc245ed7216f5d46
GET /5e68f1ab8856/6f5249f15557/000ff25a67a5/EX9d85f19b2bb9438d88e8200a247afa89-libraryCode_source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "27b5941ea36dee80992801b7d8b8efaf:1674168971.208224"
last-modified: Thu, 19 Jan 2023 22:56:11 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Fri, 27 Jan 2023 20:14:30 GMT
date: Fri, 27 Jan 2023 19:14:30 GMT
content-length: 14051
access-control-allow-origin: https://buenavistapalace.com
timing-allow-origin: *
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-TFJ4NJ3
142.250.74.168200 OK 51 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-TFJ4NJ3
IP 142.250.74.168:0
File type ASCII text, with very long lines (7305)
Hash 230ffa6bc66ccfdb948df84c04aad297
95c48aa19984a047840555d8e535bb91d4e1d0c2
434754bae00985c977cd4fe108e93885ac3dd4c163e501f2e6f6fddb058e92fe
GET /gtm.js?id=GTM-TFJ4NJ3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 27 Jan 2023 19:14:30 GMT
expires: Fri, 27 Jan 2023 19:14:30 GMT
cache-control: private, max-age=900
last-modified: Fri, 27 Jan 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
consent.trustarc.com/notice?domain=hiltongdpr.com&c=teconsent>m=1&text=true&pcookie&js=nj¬iceType=bb&oc=1
54.230.111.101200 OK 4.2 kB URL HTTP/2 consent.trustarc.com/notice?domain=hiltongdpr.com&c=teconsent>m=1&text=true&pcookie&js=nj¬iceType=bb&oc=1
IP 54.230.111.101:0
File type ASCII text, with very long lines (2892)
Hash 77ef05883ae47b13c8cb628c05ea0239
be5945c4c0287aa5bf5c210e8ab41c410a9d7f67
3f4f0a0784b9b65676e79740931812193a6708e6894825284358a2b7f1b1ed14
GET /notice?domain=hiltongdpr.com&c=teconsent>m=1&text=true&pcookie&js=nj¬iceType=bb&oc=1 HTTP/1.1
Host: consent.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
content-length: 4164
date: Fri, 27 Jan 2023 19:14:30 GMT
content-encoding: gzip
expires: Fri, 27 Jan 2023 20:14:30 GMT
cache-control: max-age=3600
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
cloudfront-viewer-country: NO
timing-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VhbVxdwxu6U5l3ueCRbJydCJ4Nv3f6ABDWJYKcf6fACGzIjX4bKyUg==
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
assets.adobedtm.com/5e68f1ab8856/6f5249f15557/000ff25a67a5/RCe267924711084c2ea517049a0a0b2543-source.min.js
2.18.172.233200 OK 787 B URL HTTP/2 assets.adobedtm.com/5e68f1ab8856/6f5249f15557/000ff25a67a5/RCe267924711084c2ea517049a0a0b2543-source.min.js
IP 2.18.172.233:0
File type ASCII text, with very long lines (1191)
Hash 7b1e7179f2af29ef28ec111675a45082
f030dcee2703fbcbeca5717f5491a76edd385d7c
690f6632691bda326958dd810af10ccd2f765ef6a1e00250dff773cb4f21e83f
GET /5e68f1ab8856/6f5249f15557/000ff25a67a5/RCe267924711084c2ea517049a0a0b2543-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "27b5941ea36dee80992801b7d8b8efaf:1674168971.208224"
last-modified: Thu, 19 Jan 2023 22:56:11 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Fri, 27 Jan 2023 20:14:30 GMT
date: Fri, 27 Jan 2023 19:14:30 GMT
content-length: 787
access-control-allow-origin: https://buenavistapalace.com
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5d26c41823a6e8c5fdcf3c28efbfdd01
2415b281bb7ee36d62aec11e477e4797e8bbc10c
e7c952964c5abd9aa20b354673bedf66a9ddb64c8c9ce0075a6601fe5d28cabe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 70fea2303b4b3f329b899e8f1a1d2882
caf56910549d074d52149689d502695f9d28c749
5c97af584de9715f90bef870308b4754d3846854a9ebc2a1417b7e8d63041f8e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3309
Cache-Control: max-age=128853
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:30 GMT
Etag: "63d369fe-1d7"
Expires: Sun, 29 Jan 2023 07:02:03 GMT
Last-Modified: Fri, 27 Jan 2023 06:06:54 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
consent.trustarc.com/log?domain=hiltongdpr.com&country=no&state=&behavior=expressed&c=bfeb
54.230.111.101200 OK 43 B URL HTTP/2 consent.trustarc.com/log?domain=hiltongdpr.com&country=no&state=&behavior=expressed&c=bfeb
IP 54.230.111.101:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash db04c7b378cb2db912c3ba8a5a774ee3
dee34bd86c3484d31002182aa2b7caa4699126b8
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
GET /log?domain=hiltongdpr.com&country=no&state=&behavior=expressed&c=bfeb HTTP/1.1
Host: consent.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 43
date: Fri, 27 Jan 2023 19:14:30 GMT
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uxDUDi8luopfteCEcbIJRviBMNJx-kQbQu8l5YxBWvD88ZB8VYbZfw==
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
X-Firefox-Spdy: h2
consent.trustarc.com/asset/notice.js/v/v1.7-10255
54.230.111.101200 OK 26 kB URL HTTP/2 consent.trustarc.com/asset/notice.js/v/v1.7-10255
IP 54.230.111.101:0
Hash 8bcb0ea83f68dcf1e8a1dd0f08478652
f5e346f65763225b3c40b5e43d5e45b3e6bb17db
e2a2bd6147857fc871494f32a96f220268ad3e090fe46694003f82dd5f404e71
GET /asset/notice.js/v/v1.7-10255 HTTP/1.1
Host: consent.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript
last-modified: Wed, 18 Jan 2023 04:54:48 GMT
pragma: public
timing-allow-origin: *
content-encoding: gzip
date: Fri, 27 Jan 2023 18:48:36 GMT
expires: Sun, 26 Feb 2023 18:48:36 GMT
cache-control: max-age=2592000
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ys50UYabIph0GVJxIijcW2rMD_b5e6AOe87n193817N1gR20SqO0oA==
age: 1553
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
4dc2aa82bc5e.cdn4.forter.com/sn/4dc2aa82bc5e/script.js
54.230.111.69200 OK 139 kB URL HTTP/2 4dc2aa82bc5e.cdn4.forter.com/sn/4dc2aa82bc5e/script.js
IP 54.230.111.69:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 139 kB (138728 bytes)
Hash 814643c038286bed474bef6ef171e589
eb40b0bd209899c1e531bc47deaf4c72a00569b4
51515af76cc5dbcda67651cbd54356461255e7c6f27a392580504a97e3fdcab5
GET /sn/4dc2aa82bc5e/script.js HTTP/1.1
Host: 4dc2aa82bc5e.cdn4.forter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 25 Jan 2023 17:26:51 GMT
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-origin: *
timing-allow-origin: *
last-modified: Wed, 25 Jan 2023 17:26:50 GMT
expires: Wed, 25 Jan 2023 17:31:50 GMT
cache-control: private, max-age=300
x-sourcemap: https://cdn4.forter.com/map/suid/4dc2aa82bc5e/56016159838
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: adPz5YFmqLLlx78bS4A5Y8ZmboIesnYxLmx9r3xpXMZFJcMOVxAQJQ==
age: 179259
X-Firefox-Spdy: h2
consent.trustarc.com/noticemsg?action=consent&domain=hiltongdpr.com&behavior=expressed&country=no&language=en&rand=0.7054481876308231
54.230.111.101200 OK 43 B URL HTTP/2 consent.trustarc.com/noticemsg?action=consent&domain=hiltongdpr.com&behavior=expressed&country=no&language=en&rand=0.7054481876308231
IP 54.230.111.101:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash db04c7b378cb2db912c3ba8a5a774ee3
dee34bd86c3484d31002182aa2b7caa4699126b8
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
GET /noticemsg?action=consent&domain=hiltongdpr.com&behavior=expressed&country=no&language=en&rand=0.7054481876308231 HTTP/1.1
Host: consent.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 43
date: Fri, 27 Jan 2023 19:14:30 GMT
cache-control: max-age=3600
pragma: no-cache
expires: Fri, 27 Jan 2023 20:14:30 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
cloudfront-viewer-country: NO
timing-allow-origin: *
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 34oUOpV7rg8PTekulbAy_ak55HMY9xOYZQCoSOSEkejCz3bHxJM8nQ==
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
X-Firefox-Spdy: h2
cdn.branch.io/branch-latest.min.js
54.230.111.26200 OK 22 kB URL HTTP/2 cdn.branch.io/branch-latest.min.js
IP 54.230.111.26:0
File type ASCII text, with very long lines (2646)
Hash 2a6320386437cc44ae1713f25f6ea30b
cf60f8578b16e8beddb82eb43d9b1f9db5491650
75622ee3451d62f121868396395909cd979874287141da4de39562ccf1f8f799
GET /branch-latest.min.js HTTP/1.1
Host: cdn.branch.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 22048
content-encoding: gzip
last-modified: Thu, 17 Nov 2022 20:07:47 GMT
x-amz-version-id: LzwY9oP1_KD6QZAz0SCDQRP53VCVCZV0
server: AmazonS3
date: Fri, 27 Jan 2023 19:09:47 GMT
cache-control: max-age=300
etag: "2a6320386437cc44ae1713f25f6ea30b"
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: b-F89-6l1cL0pHfWVGUEUDTDFv27PfOTOhp3Rvn6VL2rQaievaQJ6A==
age: 285
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 27 Jan 2023 17:46:59 GMT
expires: Fri, 27 Jan 2023 19:46:59 GMT
cache-control: public, max-age=7200
age: 5251
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
216.58.211.3200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
IP 216.58.211.3:0
File type ASCII text, with very long lines (771)
Size 164 kB (163774 bytes)
Hash 57c909ab73fc27ec24f737bbf1cb1de8
89b2c02e9e7a9a764518fca545d3eec2044fd6d9
7e407e2b00bb7c238c71d96472f7ab030de4e610b1048f0f77b25cb85c2d166b
GET /recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 17:09:34 GMT
expires: Tue, 23 Jan 2024 17:09:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
content-type: text/javascript
age: 353096
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
consent-pref.trustarc.com/defaultpreferencemanager/truste
54.230.111.104200 OK 468 B URL HTTP/2 consent-pref.trustarc.com/defaultpreferencemanager/truste
IP 54.230.111.104:0
File type ASCII text, with very long lines (969), with no line terminators
Hash 90ec7caed9f29bf80e3e8c888b5033f9
9c0a57eaf389995244ab2bbf7ef32a15534c236c
380fd331bd2d088cba9d3c85889f7d41994297fcdd997249edf34e6ceaed2260
POST /defaultpreferencemanager/truste HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
Content-Type: text/x-gwt-rpc; charset=utf-8
X-GWT-Permutation: 9F5DDAD4256889D2A2BB0A3140E8B74B
X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
Content-Length: 181
Origin: https://consent-pref.trustarc.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json;charset=utf-8
content-length: 468
date: Fri, 27 Jan 2023 19:14:30 GMT
server: nginx
content-encoding: gzip
content-disposition: attachment
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SFHl-HX27LrL571y72NaBvjjRced3dyiipTP5mm2oaSCNKJqitsBbQ==
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
consent-pref.trustarc.com/defaultpreferencemanager/truste
54.230.111.104200 OK 48 B URL HTTP/2 consent-pref.trustarc.com/defaultpreferencemanager/truste
IP 54.230.111.104:0
File type ASCII text, with no line terminators
Hash fabfc35cace4b9d6ba733ab3325d27d9
be75f16e1ab841b719d1143084262f1bc30a2eff
d69f037ce82e1a0a69774b95449bc9d7a9d39db019bf758057894079774047ff
POST /defaultpreferencemanager/truste HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
Content-Type: text/x-gwt-rpc; charset=utf-8
X-GWT-Permutation: 9F5DDAD4256889D2A2BB0A3140E8B74B
X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
Content-Length: 180
Origin: https://consent-pref.trustarc.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json;charset=utf-8
content-length: 48
date: Fri, 27 Jan 2023 19:14:30 GMT
server: nginx
content-disposition: attachment
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: r9RMXV67aSaH5UNwmSHnALy148QtFnOR2BVuU-mRgPOYaG2WmewB_w==
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16232
Expires: Fri, 27 Jan 2023 23:45:03 GMT
Date: Fri, 27 Jan 2023 19:14:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16232
Expires: Fri, 27 Jan 2023 23:45:03 GMT
Date: Fri, 27 Jan 2023 19:14:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16232
Expires: Fri, 27 Jan 2023 23:45:03 GMT
Date: Fri, 27 Jan 2023 19:14:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16232
Expires: Fri, 27 Jan 2023 23:45:03 GMT
Date: Fri, 27 Jan 2023 19:14:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16232
Expires: Fri, 27 Jan 2023 23:45:03 GMT
Date: Fri, 27 Jan 2023 19:14:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 18:36:01 GMT
age: 2310
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KY05WKpINERD5g9o2QLYdsNMSuuy_YKn2Tl7Qkn7YaAOaPTDfLteeA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:49:48 GMT
age: 77083
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f62e9b7bdca82d18c945851912d8fea8
a7ca44d337c43bc5c6145b26778661c71cc50484
5da02cc405c1cada55813ffe376844375f1d6ad222cbb63405348b1f5132a0b1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a8a63ec-e0a4-4297-b143-649ad3968ae8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9595
x-amzn-requestid: c257bfbe-1bd7-4540-bbfa-e4c49a2624a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXwfGigoAMFvBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a002-226c08656eeefbfa3c2dddb6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k9njnQmggD7UkVJzZqSzo90HJJjTjGK0QIoPU0HWYKrSstjM6s1rOw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:49:48 GMT
age: 77083
etag: "a7ca44d337c43bc5c6145b26778661c71cc50484"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 869cdfba2637cc932ce387317a3c485e
51d87a5223d87c959bf27b2a825dce0a28f52ada
6dc4247dd3110836195f9962463bd8265be89633e9e589bf19955991751c26fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cc9d867-fc35-4a62-9934-4cb307d6146d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5669
x-amzn-requestid: 17f6235c-d495-4813-9453-407331e0dcad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fR1ZSH4fIAMFxeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d09c3b-67ff5c7f416727670e7c3b21;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 03:04:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KGNpzuI2ny_1LH90atWa09SPYG7Ovolbv_KvL8nC6fUk59z-6TFsMQ==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 03:05:08 GMT
age: 58163
etag: "51d87a5223d87c959bf27b2a825dce0a28f52ada"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e7158416f60576804ccff03307319fe
a342f94625e913fa6b8d862a59979f1e3ad80dd1
5c525df7d169cc7e033d920c11f4a0163a781c025a22b70530882b56964a9a52
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5737
x-amzn-requestid: cc977ea9-c418-4a5a-a13b-c86e16bbe6ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRGPFGL5oAMFiSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d050c6-2d540cac5ca7d4e64cfdb8bc;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 21:42:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uZnA5gkRlZyqamh_n3992G9PlMJa4gJ-mjSOQEysII73dDKLXmeXsg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 16:31:38 GMT
age: 9773
etag: "a342f94625e913fa6b8d862a59979f1e3ad80dd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dc869235086902c4acc379733b6bfdb8
0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae
e614e29b14e69209fd4b82a688290f7a3f541909833a6558cf480aca899bab6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52fbb3f0-e394-4245-a542-f5d9aa7b93cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9056
x-amzn-requestid: 81cf473d-8dc6-49e7-b012-d0b7dfaec7f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fB4COHTlIAMFtRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca3a0e-0848461c054db5c66fde9107;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 06:51:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MApUIVJ9KiOB34nLWUtMNmA8deQVoQ9xyNqSUYXlzdLlGoP9n78C5A==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 06:24:42 GMT
age: 46189
etag: "0170f6aa6bd83ddeb60cf1cb65e9f0443d8d4bae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
app.link/_r?sdk=web2.71.0&branch_key=key_live_glXPM2Kabtb7o8tG8hg7fhohwraYrfE7&callback=branch_callback__0
54.230.111.23200 OK 91 B URL HTTP/2 app.link/_r?sdk=web2.71.0&branch_key=key_live_glXPM2Kabtb7o8tG8hg7fhohwraYrfE7&callback=branch_callback__0
IP 54.230.111.23:0
File type ASCII text, with no line terminators
Hash 32733a163c0e04fb079380315f56fb3c
73ac876a37e3b1dd1aff5ca115f61d3e05936ff7
007d6811441343c691d55906520fa92322758733d3f00e34c776a453627702ff
GET /_r?sdk=web2.71.0&branch_key=key_live_glXPM2Kabtb7o8tG8hg7fhohwraYrfE7&callback=branch_callback__0 HTTP/1.1
Host: app.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-length: 91
server: openresty
date: Fri, 27 Jan 2023 19:14:31 GMT
set-cookie: _s=b8gcAIKbgO%2BNF52gBZULVqQIWtiomjnHlW8X5WWC2oWf7xATjHaHq%2BQOF5gvDWAD; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Sat, 27 Jan 2024 19:14:31 GMT; Secure
x-content-type-options: nosniff
etag: W/"5b-c6yHajfjsd0a/1yhFfYdPgWTb/c"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pmtbm3pI9XLx_KPwaC5uJwlX4eOLnBHyvpkYvTSOcGMEEW9y1i2B4A==
X-Firefox-Spdy: h2
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/9F5DDAD4256889D2A2BB0A3140E8B74B/1.cache.js
54.230.111.104200 OK 23 kB URL HTTP/2 consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/9F5DDAD4256889D2A2BB0A3140E8B74B/1.cache.js
IP 54.230.111.104:0
Hash 4653b1f430d171807984c282d4bcbd9a
bd9d04de09d56c689160b53efc0a49da0810012e
4808bf66ebce0686f6b492889b168be5c17dca4ec4c200f8140b412c20d4fb3b
GET /defaultpreferencemanager/deferredjs/9F5DDAD4256889D2A2BB0A3140E8B74B/1.cache.js HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Wed, 18 Jan 2023 05:03:11 GMT
server: nginx
etag: W/"19787-1672992016000"
last-modified: Fri, 06 Jan 2023 08:00:16 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4zoVgNDKBmbkXG2LXTAgINEErqnF0pHs1qN8rmu8sQGUs6J7a5qufQ==
age: 828680
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 16:40:43 GMT
expires: Fri, 26 Jan 2024 16:40:43 GMT
cache-control: public, max-age=31536000
age: 95628
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
consent-pref.trustarc.com/EuPreferenceManager.css
54.230.111.104200 OK 9.0 kB URL HTTP/2 consent-pref.trustarc.com/EuPreferenceManager.css
IP 54.230.111.104:0
Hash 3023a51b65c7ce972bcd590597cc32af
d1f8bdc08d43386d281bffcb2ebb79cdbb1b2fa9
274eae8d451d1b8a4b6476c0eb2f72bb94903fab625598f0f45089a2f92a83c2
GET /EuPreferenceManager.css HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Fri, 06 Jan 2023 07:59:58 GMT
content-encoding: gzip
date: Fri, 27 Jan 2023 19:14:31 GMT
expires: Fri, 27 Jan 2023 19:14:30 GMT
cache-control: no-cache
etag: W/"29043-1672991998000"
x-cache: RefreshHit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: t4BoHZMYJF61y1SnX3_h3tsCFb5IjJCu2B5h7719_6pvn_9d6SAgJA==
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-33439016-1&cid=1400172422.1674846871&jid=204326874&gjid=1499704348&_gid=569000742.1674846871&_u=YEBAAAAAAAAAAC~&z=1079515312
173.194.221.157200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-33439016-1&cid=1400172422.1674846871&jid=204326874&gjid=1499704348&_gid=569000742.1674846871&_u=YEBAAAAAAAAAAC~&z=1079515312
IP 173.194.221.157:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-33439016-1&cid=1400172422.1674846871&jid=204326874&gjid=1499704348&_gid=569000742.1674846871&_u=YEBAAAAAAAAAAC~&z=1079515312 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://buenavistapalace.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 27 Jan 2023 19:14:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 91af3d33f3ad416492120d95f91e95f9
9930b6b7ef7dc7912fbb79dc9dcabd3568169757
d8dbdfafce685bc7e03f48afc6dcb3b28f4d8c757e86411706fbf87b729c4fe7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=166231
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:31 GMT
Etag: "63d408ee-1d7"
Expires: Sun, 29 Jan 2023 17:25:02 GMT
Last-Modified: Fri, 27 Jan 2023 17:25:02 GMT
Server: nginx
Content-Length: 471
smetric.hilton.com/id?d_visid_ver=5.5.0&d_fieldgroup=MC&mcorgid=F0C120B3534685700A490D45%40AdobeOrg&ts=1674846870768
13.37.25.97200 OK 48 B URL HTTP/2 smetric.hilton.com/id?d_visid_ver=5.5.0&d_fieldgroup=MC&mcorgid=F0C120B3534685700A490D45%40AdobeOrg&ts=1674846870768
IP 13.37.25.97:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d398bf9a5148b1dbd19e4da82f53b61b
8a51171671048dea35ebdda82f33fc28370db8a7
51279c2d21d1cb87cb369485abb3af02256bf3443fb392441340c52fbaadeb32
GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&mcorgid=F0C120B3534685700A490D45%40AdobeOrg&ts=1674846870768 HTTP/1.1
Host: smetric.hilton.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://buenavistapalace.com
access-control-allow-credentials: true
date: Fri, 27 Jan 2023 19:14:31 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: AMCV_F0C120B3534685700A490D45%40AdobeOrg=0%7CMCMID%7C57376123284089931130964044178204402330; Path=/; Domain=hilton.com; Max-Age=63072000; Expires=Sun, 26 Jan 2025 19:14:14 GMT; SameSite=None; Secure
s_ecid=MCMID%7C57376123284089931130964044178204402330; Path=/; Domain=hilton.com; Max-Age=63072000; Expires=Sun, 26 Jan 2025 19:14:14 GMT; SameSite=None; Secure
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1f4c8e17a668764556ab61c7c31e53c7
ada5ee5917ab9faf3d55a6da1d5bfc3077e42de2
8ac89ed8b6650ea140c2eac1b1dd61f8498e97e278e6bd6debfd803a588e2468
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api2.branch.io/v1/open
54.230.111.31200 OK 272 B IP 54.230.111.31:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 54b40b5ada0f6b8a38d464f91ff2a27d
b94834c0f43a5c83c82af8bbe02a995ad201c728
3fd05c331faa8aea9cee2d40f8b67c3a0d221f2a11b4f6bbb2dfe03202120455
POST /v1/open HTTP/1.1
Host: api2.branch.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 211
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 272
access-control-allow-origin: *
cache-control: no-cache
date: Fri, 27 Jan 2023 19:14:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-branch-request-id: 8d3a9e1abc5c4b6b96a82225274b1856-2023012719
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4--WRFqCr_WMzzZOddj4MfYtkNQYBWakHY5msCLYdtz-cxysKWUCXw==
X-Firefox-Spdy: h2
consent-pref.trustarc.com/defaultpreferencemanager/truste
54.230.111.104200 OK 398 B URL HTTP/2 consent-pref.trustarc.com/defaultpreferencemanager/truste
IP 54.230.111.104:0
File type ASCII text, with very long lines (910), with no line terminators
Hash 92aa447af9ce924e41b5a6c94d6d3c28
1e11097fdbe90ee9ec08d36ea2ee346f1b53decb
c225af078d467139e8e84986ef37ed7109b4379cc65881cd967abb61e1cc433f
POST /defaultpreferencemanager/truste HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
Content-Type: text/x-gwt-rpc; charset=utf-8
X-GWT-Permutation: 9F5DDAD4256889D2A2BB0A3140E8B74B
X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
Content-Length: 246
Origin: https://consent-pref.trustarc.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json;charset=utf-8
content-length: 398
date: Fri, 27 Jan 2023 19:14:31 GMT
server: nginx
content-encoding: gzip
content-disposition: attachment
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6rxIlauCLIAomQql7b442S1a4VvIfNKNIS44Lf-QJzovsdaTlqrESQ==
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
cdn9.forter.com/vchk2
54.230.111.53301 Moved Permanently 1.7 kB IP 54.230.111.53:0
File type gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Hash e7e61d6aada0a5e5a40500303723552c
56ab7f82e7d165ea19ddf3d54ab6c32c98fcc06a
4d2aaa247ffd4e909ebf44322141d643799ee89584376f714e4600b5dbdf8e0e
GET /vchk2 HTTP/1.1
Host: cdn9.forter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: eyJyIjowLjI4MzgwNDMwODczMzI1OTcsInUiOiJmMjBiYTQ5ZWM2ZDc0NWUyODNlOGQ1NmMwYTE2ZGVkNiIsInMiOiI0ZGMyYWE4MmJjNWUifQ==
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
location: https://cdn9.forter.com/vchk2/v1/28bd5ac96d4e252e6e22e61d18ab53bdf8b0cb037a8d4036b8b76059eb919612ac7f4bc9671f53e1d1f748d7a471
date: Fri, 27 Jan 2023 19:14:31 GMT
access-control-allow-origin: *
timing-allow-origin: *
cache-control: private, s-maxage=0, proxy-revalidate
strict-transport-security: max-age=86400; includeSubDomains
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: A62lDSuMgctkSW4wEhqReius6BFgNv9fHvITPb5P3tPdnuymJiBtQQ==
X-Firefox-Spdy: h2
smetric.hilton.com/b/ss/hiltonglobalprod/10/JS-2.21.0-LCXS/s8879537350239?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=27%2F0%2F2023%2019%3A14%3A31%205%200&d.&nsid=0&jsonv=1&.d&mid=57376123284089931130964044178204402330&aamlh=6&ce=UTF-8&pageName=buena-vista-palace-orlando%3Ahomepage&g=https%3A%2F%2Fbuenavistapalace.com%2F&c.&getQueryParam=4.0&getPreviousValue=3.0&.c&cc=USD&ch=homepage&products=%3BMCOBUHH&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=MCOBUHH&c2=D%3Dv59&c3=D%3Dv24&c4=Logged-out&c6=images%2Ctext&c8=buena-vista-palace-orlando&c9=D%3Dv46&v10=%2B1&c11=D%3Dv40&c12=D%3Dv63&c13=D%3Dv150&c14=Hilton%20Orlando%20Buena%20Vista%20Palace%20-%20Disney%20Springs%C2%AE%20%7C%20Walt%20Disney%20World%C2%AEHotel&c15=D&c16=D%3Dv49&v17=D%3Dv18&c24=buenavistapalace.com&v24=en&v25=Logged-out&v27=buena-vista-palace-orlando%3Ahomepage&c28=D%3Dv9&c35=D%3Dv135&c37=D%3Dv24&c38=D%3Dv59&c39=D%3Dv46&v43=D%3Dc8&v46=homepage&v47=D%3Dc15&v49=L&c52=core.page-bottom%7CroomView%7Cundefined%7CGW%20-%20Global%20Standard%20%28AT%29&c53=2023-1-27%2019%3A14%3A31&v59=hi&v111=Control%20Group&v135=old%20hilton&v150=https%3A%2F%2Fbuenavistapalace.com%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F0C120B3534685700A490D45%40AdobeOrg&AQE=1
13.37.25.97200 OK 5.9 kB URL HTTP/2 smetric.hilton.com/b/ss/hiltonglobalprod/10/JS-2.21.0-LCXS/s8879537350239?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=27%2F0%2F2023%2019%3A14%3A31%205%200&d.&nsid=0&jsonv=1&.d&mid=57376123284089931130964044178204402330&aamlh=6&ce=UTF-8&pageName=buena-vista-palace-orlando%3Ahomepage&g=https%3A%2F%2Fbuenavistapalace.com%2F&c.&getQueryParam=4.0&getPreviousValue=3.0&.c&cc=USD&ch=homepage&products=%3BMCOBUHH&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=MCOBUHH&c2=D%3Dv59&c3=D%3Dv24&c4=Logged-out&c6=images%2Ctext&c8=buena-vista-palace-orlando&c9=D%3Dv46&v10=%2B1&c11=D%3Dv40&c12=D%3Dv63&c13=D%3Dv150&c14=Hilton%20Orlando%20Buena%20Vista%20Palace%20-%20Disney%20Springs%C2%AE%20%7C%20Walt%20Disney%20World%C2%AEHotel&c15=D&c16=D%3Dv49&v17=D%3Dv18&c24=buenavistapalace.com&v24=en&v25=Logged-out&v27=buena-vista-palace-orlando%3Ahomepage&c28=D%3Dv9&c35=D%3Dv135&c37=D%3Dv24&c38=D%3Dv59&c39=D%3Dv46&v43=D%3Dc8&v46=homepage&v47=D%3Dc15&v49=L&c52=core.page-bottom%7CroomView%7Cundefined%7CGW%20-%20Global%20Standard%20%28AT%29&c53=2023-1-27%2019%3A14%3A31&v59=hi&v111=Control%20Group&v135=old%20hilton&v150=https%3A%2F%2Fbuenavistapalace.com%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F0C120B3534685700A490D45%40AdobeOrg&AQE=1
IP 13.37.25.97:0
File type ASCII text, with very long lines (5887)
Hash eb5d320e857af9b112100cd82c3af872
514cca7d7077b01e726f6e906129658e19d1d51f
47d39c9c8424280d98b05d87dec3e97c53cd1e3970332618618440856c3bd3bb
GET /b/ss/hiltonglobalprod/10/JS-2.21.0-LCXS/s8879537350239?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=27%2F0%2F2023%2019%3A14%3A31%205%200&d.&nsid=0&jsonv=1&.d&mid=57376123284089931130964044178204402330&aamlh=6&ce=UTF-8&pageName=buena-vista-palace-orlando%3Ahomepage&g=https%3A%2F%2Fbuenavistapalace.com%2F&c.&getQueryParam=4.0&getPreviousValue=3.0&.c&cc=USD&ch=homepage&products=%3BMCOBUHH&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=MCOBUHH&c2=D%3Dv59&c3=D%3Dv24&c4=Logged-out&c6=images%2Ctext&c8=buena-vista-palace-orlando&c9=D%3Dv46&v10=%2B1&c11=D%3Dv40&c12=D%3Dv63&c13=D%3Dv150&c14=Hilton%20Orlando%20Buena%20Vista%20Palace%20-%20Disney%20Springs%C2%AE%20%7C%20Walt%20Disney%20World%C2%AEHotel&c15=D&c16=D%3Dv49&v17=D%3Dv18&c24=buenavistapalace.com&v24=en&v25=Logged-out&v27=buena-vista-palace-orlando%3Ahomepage&c28=D%3Dv9&c35=D%3Dv135&c37=D%3Dv24&c38=D%3Dv59&c39=D%3Dv46&v43=D%3Dc8&v46=homepage&v47=D%3Dc15&v49=L&c52=core.page-bottom%7CroomView%7Cundefined%7CGW%20-%20Global%20Standard%20%28AT%29&c53=2023-1-27%2019%3A14%3A31&v59=hi&v111=Control%20Group&v135=old%20hilton&v150=https%3A%2F%2Fbuenavistapalace.com%2F&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F0C120B3534685700A490D45%40AdobeOrg&AQE=1 HTTP/1.1
Host: smetric.hilton.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Cookie: AMCV_F0C120B3534685700A490D45%40AdobeOrg=0%7CMCMID%7C57376123284089931130964044178204402330; s_ecid=MCMID%7C57376123284089931130964044178204402330
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Fri, 27 Jan 2023 19:14:31 GMT
expires: Thu, 26 Jan 2023 19:14:31 GMT
last-modified: Sat, 28 Jan 2023 19:14:31 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C57376123284089931130964044178204402330; Path=/; Domain=hilton.com; Max-Age=63072000; Expires=Sun, 26 Jan 2025 19:14:14 GMT; SameSite=None; Secure
etag: 3596706268726558720-4619622025353916656
vary: *
dcs: dcs-prod-irl1-2-v045-0b398da67.edge-irl1.demdex.com 6 ms
x-aam-tid: GWICFQtLQ+k=
content-type: application/x-javascript;charset=utf-8
content-length: 5888
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
api2.branch.io/v1/pageview
54.230.111.31200 OK 29 B URL HTTP/2 api2.branch.io/v1/pageview
IP 54.230.111.31:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 18a4bc16dccf570435a215e0ce99f30e
d19d45e74721249a72e6cac4d07be5398a2c4b3c
c3dd5a6fff633c6393dca21ce74cd6dc95265943575b43d2d9616f020eea68fa
POST /v1/pageview HTTP/1.1
Host: api2.branch.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1392
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 29
access-control-allow-origin: *
date: Fri, 27 Jan 2023 19:14:31 GMT
etag: W/"1d-0Z1F50chJJpy5srE0HvlOYosSzw"
strict-transport-security: max-age=31536000; includeSubDomains
x-branch-request-id: bd8fde5695894fc19386c99fa4b55fc2-2023012719
x-powered-by: Express
x-cache: Miss from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZRbA4zaJPi6Fee6blsaBzDdb_L5mssGDru9ZXOjzpsAvWpjDMNuCxA==
X-Firefox-Spdy: h2
consent-pref.trustarc.com/defaultpreferencemanager/truste
54.230.111.104200 OK 4.2 kB URL HTTP/2 consent-pref.trustarc.com/defaultpreferencemanager/truste
IP 54.230.111.104:0
File type Unicode text, UTF-8 text, with very long lines (14340), with no line terminators
Hash 1deb666082635f0fb442a7a5cffb8339
74619d472d1660e0e88435bc88b78286e26cae45
a6d979849655dc494eaf6b27f6cf6bb14e6fa3c02b2039938c69f4931f1c4108
POST /defaultpreferencemanager/truste HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
Content-Type: text/x-gwt-rpc; charset=utf-8
X-GWT-Permutation: 9F5DDAD4256889D2A2BB0A3140E8B74B
X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
Content-Length: 240
Origin: https://consent-pref.trustarc.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json;charset=utf-8
content-length: 4172
date: Fri, 27 Jan 2023 19:14:31 GMT
server: nginx
content-encoding: gzip
content-disposition: attachment
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ksXYt1a39s0mDTuKmOukj1g5Ci4t9jr3r46Sg7eaKDMP-NqqWy6hmQ==
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
consent-pref.trustarc.com/images/trustarc-logo-small.png
54.230.111.104200 OK 4.2 kB URL HTTP/2 consent-pref.trustarc.com/images/trustarc-logo-small.png
IP 54.230.111.104:0
File type PNG image data, 198 x 34, 8-bit/color RGBA, non-interlaced\012- data
Hash 01e1b7108fa9f6b54f403309a1616588
e3328418159b7371b64a6cff199b2812c4d0b9c1
91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004
GET /images/trustarc-logo-small.png HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 4197
server: nginx
accept-ranges: bytes
last-modified: Fri, 06 Jan 2023 07:59:58 GMT
date: Thu, 26 Jan 2023 23:30:57 GMT
etag: W/"4197-1672991998000"
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: T4gVkLMuwsWvsSW4QUoV5tyQSgqXuFpcaFM5aiGGscKihAl8Leuvyw==
age: 71019
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
vary: Origin
X-Firefox-Spdy: h2
hilton.demdex.net/dest5.html?d_nsid=0
54.72.143.161200 OK 2.8 kB URL HTTP/1.1 hilton.demdex.net/dest5.html?d_nsid=0
IP 54.72.143.161:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: hilton.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Fri, 27 Jan 2023 19:14:31 GMT
DCS: dcs-prod-irl1-2-v045-0a4852727.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:22:24 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: mhD6uDT7Tjw=
Content-Length: 2791
Connection: keep-alive
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bf845e156d42101d4adc9b4a56f3601e
148dc2ba194a61e73626375fb37c0fda12df8799
5a4291d85508850b72d9486ac90d45ddb988eabc9d693ddbd61c79f1969b95b3
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6449
Cache-Control: max-age=94902
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:31 GMT
Etag: "63d2d91d-1d7"
Expires: Sat, 28 Jan 2023 21:36:13 GMT
Last-Modified: Thu, 26 Jan 2023 19:48:45 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 1dc05c88799ee988b2cdc246d5926984
38db2c3f9579bc366f39e64a554b45863548a652
cbeca4448d2d91f72b4a2c33a800f93adfc4d60c9d749b5b079cd8bf11bb1d83
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=86370
Date: Fri, 27 Jan 2023 19:14:31 GMT
Etag: "63d2ba29-1d7"
Expires: Sat, 28 Jan 2023 19:14:01 GMT
Last-Modified: Thu, 26 Jan 2023 17:36:41 GMT
Server: ECS (nyb/1D25)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1WoIUSwfcwXtH6rsPqGFrVMxeDx9YhuvSkg5iuYLidlSAs1iKQ440w==
Age: 5840
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 630c7f1741d02a01645fa5e9cd97b620
72e85cc57fb93a96fac54104413728255130b295
7e55fc10e02b7711652d653e9a8f226052db3edce2f8cefc4e63e5f691919280
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=157132
Date: Fri, 27 Jan 2023 19:14:31 GMT
Etag: "63d3d91d-1d7"
Expires: Sun, 29 Jan 2023 14:53:23 GMT
Last-Modified: Fri, 27 Jan 2023 14:01:01 GMT
Server: ECS (nyb/1D2F)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: O0JmJ7v48BjlVTsEld2mVI72wEpNLIdVqT-Bn4Az93i01T07cSN0ZA==
Age: 3142
cm.everesttech.net/cm/dd?d_uuid=57400485834759690460966126400727798741
18.203.152.154302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=57400485834759690460966126400727798741
IP 18.203.152.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=57400485834759690460966126400727798741 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Fri, 27 Jan 2023 19:14:32 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y9QimAAAAExgOwOV; Domain=.everesttech.net; Expires=Sat, 27-Jan-2024 19:14:32 GMT; Path=/
everest_session_v2=Y9QimAAAAExgPAOV; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y9QimAAAAExgOwOV
Server: AMO-cookiemap/1.1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b10c572a58f34d8fb28433f25bb9c885
8bc11baa4e367bfcf8738f28000a3befc9866cc8
678014c585151112a3bd14158afd8509eeec3d4bad3117d6ccd9ecaa109107bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1373
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:32 GMT
Last-Modified: Fri, 27 Jan 2023 18:51:40 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
www.facebook.com/tr/?id=967617709996912&ev=Adobe-Audience-Manager-Segment&cd[segID]=15300019,22365141&noscript=1
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=967617709996912&ev=Adobe-Audience-Manager-Segment&cd[segID]=15300019,22365141&noscript=1
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=967617709996912&ev=Adobe-Audience-Manager-Segment&cd[segID]=15300019,22365141&noscript=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hilton.demdex.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 27 Jan 2023 19:14:32 GMT
X-Firefox-Spdy: h2
dpm.demdex.net/ibs:dpid=411&dpuuid=Y9QimAAAAExgOwOV
34.251.47.116302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y9QimAAAAExgOwOV
IP 34.251.47.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y9QimAAAAExgOwOV HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://buenavistapalace.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0650109c9.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9QimAAAAExgOwOV
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=00619346872676050914571001957314746538; Max-Age=15552000; Expires=Wed, 26 Jul 2023 19:14:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: /iM2K20ITVw=
Content-Length: 0
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b10c572a58f34d8fb28433f25bb9c885
8bc11baa4e367bfcf8738f28000a3befc9866cc8
678014c585151112a3bd14158afd8509eeec3d4bad3117d6ccd9ecaa109107bc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1373
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:32 GMT
Last-Modified: Fri, 27 Jan 2023 18:51:40 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/viewthroughconversion/1005930085/?value=0&guid=ON&script=0&data=23583573
142.250.74.130302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1005930085/?value=0&guid=ON&script=0&data=23583573
IP 142.250.74.130:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/1005930085/?value=0&guid=ON&script=0&data=23583573 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hilton.demdex.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 19:14:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/1005930085/?value=0&guid=ON&script=0&data=23583573&is_vtc=1&random=255347372
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 27-Jan-2023 19:29:32 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9QimAAAAExgOwOV
34.251.47.116200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9QimAAAAExgOwOV
IP 34.251.47.116:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9QimAAAAExgOwOV HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://buenavistapalace.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-027dff91d.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: gO+nho5iQhs=
Content-Length: 59
Connection: keep-alive
f20ba49ec6d745e283e8d56c0a16ded6-4dc2aa82bc5e.cdn.forter.com/prop.json
54.158.164.13200 OK 2 B URL HTTP/1.1 f20ba49ec6d745e283e8d56c0a16ded6-4dc2aa82bc5e.cdn.forter.com/prop.json
IP 54.158.164.13:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /prop.json HTTP/1.1
Host: f20ba49ec6d745e283e8d56c0a16ded6-4dc2aa82bc5e.cdn.forter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 27 Jan 2023 19:14:32 GMT
Server: Apache
Last-Modified: Fri, 27 Jan 2023 12:08:42 GMT
ETag: "2-5f33db9f888ae"
Accept-Ranges: bytes
Content-Length: 2
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Access-Control-Allow-Origin: https://buenavistapalace.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Access-Control-Allow-Headers: origin, x-requested-with, content-type, x-csrf-token
Access-Control-Allow-Methods: PUT, GET, POST, DELETE, OPTIONS
Connection: close
Content-Type: application/json
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 61b07ec18bd0517d727603f51ee96cbe
03caefc67f3485fcad58d669cd4e7c8b371acce5
604702d9942ca8804874e6923a37438ce46c913122ed7b700273f46f1029afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/1005930085/?value=0&guid=ON&script=0&data=23583573&is_vtc=1&random=255347372&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/1005930085/?value=0&guid=ON&script=0&data=23583573&is_vtc=1&random=255347372&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1005930085/?value=0&guid=ON&script=0&data=23583573&is_vtc=1&random=255347372&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hilton.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 27 Jan 2023 19:14:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 61b07ec18bd0517d727603f51ee96cbe
03caefc67f3485fcad58d669cd4e7c8b371acce5
604702d9942ca8804874e6923a37438ce46c913122ed7b700273f46f1029afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/9F5DDAD4256889D2A2BB0A3140E8B74B/4.cache.js
54.230.111.104200 OK 15 kB URL HTTP/2 consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/9F5DDAD4256889D2A2BB0A3140E8B74B/4.cache.js
IP 54.230.111.104:0
File type ASCII text, with very long lines (18608)
Hash b6cbdf6d8751079d9d5afc828adfaabd
fda8c4b4a8fb65ccf2f7f73132857974a24ccb4b
403e60ff0d3b7d73f26508781e1eefb5cdb97dfb64e43c8c34abeebfd6d41915
GET /defaultpreferencemanager/deferredjs/9F5DDAD4256889D2A2BB0A3140E8B74B/4.cache.js HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Wed, 18 Jan 2023 05:03:30 GMT
server: nginx
etag: W/"44335-1672992016000"
last-modified: Fri, 06 Jan 2023 08:00:16 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LpB1ysvWR3A1hyx5OMWTN_HjOnqpmReTV9_IfnLF107YU4ZGm6Wavg==
age: 828662
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
consent-pref.trustarc.com/images/loader.gif
54.230.111.104200 OK 1.7 kB URL HTTP/2 consent-pref.trustarc.com/images/loader.gif
IP 54.230.111.104:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash e059607cc5e3ff4a629d51ae66b995ff
8608a5a355aa2906eed6cbc9524686301d2f670f
ee53ada617f2674cbd706e3b24fc6738c7f53f2f7a3a959e71f611aa850dc946
GET /images/loader.gif HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 1737
server: nginx
accept-ranges: bytes
last-modified: Fri, 06 Jan 2023 07:59:58 GMT
date: Thu, 26 Jan 2023 23:06:12 GMT
etag: W/"1737-1672991998000"
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8Rbnh5xn7MdIgeqk8lrjB4VpT5J1P1o8Z9yjrxOEanvVEEugV_9A0g==
age: 72516
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
vary: Origin
X-Firefox-Spdy: h2
consent-pref.trustarc.com/images/switchbg.png
54.230.111.104200 OK 1.1 kB URL HTTP/2 consent-pref.trustarc.com/images/switchbg.png
IP 54.230.111.104:0
File type PNG image data, 2 x 40, 8-bit/color RGB, non-interlaced\012- data
Hash 8270777231f19af8d977d10eeba04bbf
f4c6cb629a1b31a1480191377be81c3b12f3154b
1ffe0083c43292aaba8148fe6d7286bd27381ea13fef76b9e545a22d8bbd8af5
GET /images/switchbg.png HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/EuPreferenceManager.css
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 1068
date: Fri, 27 Jan 2023 08:37:03 GMT
server: nginx
accept-ranges: bytes
etag: W/"1068-1672991998000"
last-modified: Fri, 06 Jan 2023 07:59:58 GMT
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xIPppGdrp-Y2lw6rV5N6H_mzHoqRkfeG3xwLVurMO4xj-DA6_UeouQ==
age: 38249
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
vary: Origin
X-Firefox-Spdy: h2
consent-pref.trustarc.com/defaultpreferencemanager/truste
54.230.111.104200 OK 136 kB URL HTTP/2 consent-pref.trustarc.com/defaultpreferencemanager/truste
IP 54.230.111.104:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 136 kB (136312 bytes)
Hash b8af628604bd45f0512e8fa559f01d89
26b10bb447a45476de56e603cceda260b64b6b38
f3e0eaf7e69e2f4c4d5688717fccf6cfe889637cf20d6c01818df750d6121cd0
POST /defaultpreferencemanager/truste HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
Content-Type: text/x-gwt-rpc; charset=utf-8
X-GWT-Permutation: 9F5DDAD4256889D2A2BB0A3140E8B74B
X-GWT-Module-Base: https://consent-pref.trustarc.com/defaultpreferencemanager/
Content-Length: 379
Origin: https://consent-pref.trustarc.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json;charset=utf-8
content-length: 136312
date: Fri, 27 Jan 2023 19:14:32 GMT
server: nginx
content-encoding: gzip
content-disposition: attachment
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: grwhpwHhjCda8TmHWmo9izvbLyh-DxR6yhGILV6YVQjZcfyOXr18rg==
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
access-control-allow-origin: *
access-control-expose-headers: *
X-Firefox-Spdy: h2
status.geotrust.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 63449923c976fe1f38790bfb70090b1f
e64401f330a6c5f14624a8283bedd90c758756f7
a103dc54fdef731f87613ed50baa604c4536a3a2cd8bf8e2e3d7a38c03be6c81
POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4894
Cache-Control: max-age=159207
Content-Type: application/ocsp-response
Date: Fri, 27 Jan 2023 19:14:32 GMT
Etag: "63d3da61-1d7"
Expires: Sun, 29 Jan 2023 15:27:59 GMT
Last-Modified: Fri, 27 Jan 2023 14:06:25 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
cdn0.forter.com/4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/prop.json?_=1674846872266
54.243.108.33200 OK 20 B URL HTTP/1.1 cdn0.forter.com/4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/prop.json?_=1674846872266
IP 54.243.108.33:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
GET /4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/prop.json?_=1674846872266 HTTP/1.1
Host: cdn0.forter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://buenavistapalace.com
Vary: Origin
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Cache-Control: no-cache
Expires: -1
Pragma: no-cache
Content-Type: application/json
Connection: keep-alive
Date: Fri, 27 Jan 2023 19:14:32 GMT
Transfer-Encoding: chunked
cdn0.forter.com/4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/prop.json?_=1674846872826
54.243.108.33200 OK 20 B URL HTTP/1.1 cdn0.forter.com/4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/prop.json?_=1674846872826
IP 54.243.108.33:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
GET /4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/prop.json?_=1674846872826 HTTP/1.1
Host: cdn0.forter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://buenavistapalace.com
Vary: Origin
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Cache-Control: no-cache
Expires: -1
Pragma: no-cache
Content-Type: application/json
Connection: keep-alive
Date: Fri, 27 Jan 2023 19:14:33 GMT
Transfer-Encoding: chunked
cdn0.forter.com/4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/prop.json?_=1674846873074
54.243.108.33200 OK 20 B URL HTTP/1.1 cdn0.forter.com/4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/prop.json?_=1674846873074
IP 54.243.108.33:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
GET /4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/prop.json?_=1674846873074 HTTP/1.1
Host: cdn0.forter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://buenavistapalace.com
Vary: Origin
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Cache-Control: no-cache
Expires: -1
Pragma: no-cache
Content-Type: application/json
Connection: keep-alive
Date: Fri, 27 Jan 2023 19:14:33 GMT
Transfer-Encoding: chunked
cdn0.forter.com/4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/wpt.json
54.243.108.33204 No Content 0 B URL HTTP/1.1 cdn0.forter.com/4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/wpt.json
IP 54.243.108.33:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/wpt.json HTTP/1.1
Host: cdn0.forter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://buenavistapalace.com/
Origin: https://buenavistapalace.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Vary: Access-Control-Request-Headers
Access-Control-Allow-Headers: content-type
Content-Length: 0
Date: Fri, 27 Jan 2023 19:14:33 GMT
Connection: keep-alive
cdn0.forter.com/4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/wpt.json
54.243.108.33200 OK 20 B URL HTTP/1.1 cdn0.forter.com/4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/wpt.json
IP 54.243.108.33:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
POST /4dc2aa82bc5e/f20ba49ec6d745e283e8d56c0a16ded6/wpt.json HTTP/1.1
Host: cdn0.forter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
Content-Length: 29
Origin: https://buenavistapalace.com
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://buenavistapalace.com
Vary: Origin
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Cache-Control: private, no-cache, no-store
Expires: -1
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Content-Length: 20
ETag: W/"14-Y53wuE/mmbSikKcT/WualL1N65U"
Date: Fri, 27 Jan 2023 19:14:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f238e33-a6e3-479a-920f-92a9c7bf1a06.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f238e33-a6e3-479a-920f-92a9c7bf1a06.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a3d856f57bcfd0bb18253cd77dd6541b
9d9680fb1a9232bb2b42b824dc11633666bfa31a
f2a03384e72a4d3350ee6addc49d6a507837eb195647016ea001e846eaccb0e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2f238e33-a6e3-479a-920f-92a9c7bf1a06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6055
x-amzn-requestid: dd44b3ab-6248-419a-995a-f3aaf59dae77
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLRhMFPYIAMF91g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdfc6d-4df410b022dbbb55297e6ac7;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:18:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b0NnMvzF8QzmCB6erAH6gTky4A2vBwI6huYmgX8hLTatYq_NHhQl1A==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 09:15:04 GMT
age: 35973
etag: "9d9680fb1a9232bb2b42b824dc11633666bfa31a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/9F5DDAD4256889D2A2BB0A3140E8B74B/10.cache.js
54.230.111.104200 OK 0 B URL HTTP/2 consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/9F5DDAD4256889D2A2BB0A3140E8B74B/10.cache.js
IP 54.230.111.104:0
GET /defaultpreferencemanager/deferredjs/9F5DDAD4256889D2A2BB0A3140E8B74B/10.cache.js HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Wed, 18 Jan 2023 05:02:59 GMT
server: nginx
etag: W/"259669-1672992016000"
last-modified: Fri, 06 Jan 2023 08:00:16 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aizpMDaqkWJ_qiMm_VvuDdT7MDwrI3zruJ4e0e72-Fv7Wnfke1ig_w==
age: 828692
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
cdn9.forter.com/vchk2/v1/28bd5ac96d4e252e6e22e61d18ab53bdf8b0cb037a8d4036b8b76059eb919612ac7f4bc9671f53e1d1f748d7a471
54.230.111.53200 OK 0 B URL HTTP/2 cdn9.forter.com/vchk2/v1/28bd5ac96d4e252e6e22e61d18ab53bdf8b0cb037a8d4036b8b76059eb919612ac7f4bc9671f53e1d1f748d7a471
IP 54.230.111.53:0
GET /vchk2/v1/28bd5ac96d4e252e6e22e61d18ab53bdf8b0cb037a8d4036b8b76059eb919612ac7f4bc9671f53e1d1f748d7a471 HTTP/1.1
Host: cdn9.forter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: eyJyIjowLjI4MzgwNDMwODczMzI1OTcsInUiOiJmMjBiYTQ5ZWM2ZDc0NWUyODNlOGQ1NmMwYTE2ZGVkNiIsInMiOiI0ZGMyYWE4MmJjNWUifQ==
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://buenavistapalace.com
Referer: https://buenavistapalace.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:14:31 GMT
access-control-allow-origin: *
timing-allow-origin: *
cache-control: private, s-maxage=0, proxy-revalidate
strict-transport-security: max-age=86400; includeSubDomains
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FZzuR6X-8QlOyoDERZXh4EEbZf7DsWkDvGgjjuy5uVcUTNU1ZGeH_A==
X-Firefox-Spdy: h2
consent-pref.trustarc.com/cookie_inneriframe.html
54.230.111.104200 OK 0 B URL HTTP/2 consent-pref.trustarc.com/cookie_inneriframe.html
IP 54.230.111.104:0
GET /cookie_inneriframe.html HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://prefmgr-cookie.truste-svc.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: nginx
last-modified: Fri, 06 Jan 2023 07:59:58 GMT
content-encoding: gzip
date: Thu, 26 Jan 2023 22:51:55 GMT
etag: W/"2008-1672991998000"
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HPsBfAwMSP7p-Wblw1GJmOOlyX4CBwTLG3fTZLtNNjK_avCJHSrjyA==
age: 73369
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
consent.trustarc.com/get?name=HiltonLogo_Black_HR250.png
54.230.111.101200 OK 0 B URL HTTP/2 consent.trustarc.com/get?name=HiltonLogo_Black_HR250.png
IP 54.230.111.101:0
GET /get?name=HiltonLogo_Black_HR250.png HTTP/1.1
Host: consent.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
date: Fri, 27 Jan 2023 18:52:41 GMT
pragma: public
expires: Sun, 26 Feb 2023 18:52:41 GMT
cache-control: max-age=2592000
timing-allow-origin: *
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wJI_Mgbjaz4kABu8zsAL4GDtTVTiqvzkb67xzXRoEQLtWPb6T-QvmQ==
age: 1311
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
X-Firefox-Spdy: h2
consent-st.trustarc.com/get?name=combined_static_cm_minified.js
54.230.111.61200 OK 0 B URL HTTP/2 consent-st.trustarc.com/get?name=combined_static_cm_minified.js
IP 54.230.111.61:0
GET /get?name=combined_static_cm_minified.js HTTP/1.1
Host: consent-st.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/javascript
date: Mon, 16 Jan 2023 07:14:08 GMT
pragma: public
expires: Wed, 15 Feb 2023 07:14:08 GMT
cache-control: max-age=2592000
timing-allow-origin: *
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UEiE31QpqkhUNaKdxrZpHF5D5vMM_W31UIvto4rDOWO8-3OgSc41uA==
age: 993622
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Satisfy&ver=6.0.3
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Satisfy&ver=6.0.3
IP 142.250.74.74:0
GET /css?family=Satisfy&ver=6.0.3 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 27 Jan 2023 19:14:29 GMT
date: Fri, 27 Jan 2023 19:14:29 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
consent-pref.trustarc.com/defaultpreferencemanager/9F5DDAD4256889D2A2BB0A3140E8B74B.cache.html
54.230.111.104200 OK 0 B URL HTTP/2 consent-pref.trustarc.com/defaultpreferencemanager/9F5DDAD4256889D2A2BB0A3140E8B74B.cache.html
IP 54.230.111.104:0
GET /defaultpreferencemanager/9F5DDAD4256889D2A2BB0A3140E8B74B.cache.html HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Wed, 18 Jan 2023 05:03:36 GMT
server: nginx
etag: W/"142492-1672992016000"
last-modified: Fri, 06 Jan 2023 08:00:16 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: I9Q038HTlzJ13aHOIsyWC5WnaCahJsupZZo_uJ3fnvjFsTt1Hs9KQA==
age: 828654
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
54.230.111.104200 OK 0 B URL HTTP/2 consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
IP 54.230.111.104:0
GET /?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/ HTTP/1.1
Host: consent-pref.trustarc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://buenavistapalace.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: nginx
last-modified: Fri, 06 Jan 2023 07:59:58 GMT
content-encoding: gzip
date: Thu, 26 Jan 2023 22:27:57 GMT
etag: W/"5147-1672991998000"
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: j8oImCeGu1qmUcXjRySKwoOHYblUqDYYM9IP6W_2AsoKC8mqaQQFIA==
age: 74793
x-xss-protection: 1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
expect-ct: max-age=86400; enforce;
permissions-policy: midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
54.221.189.17200 OK 0 B URL HTTP/2 prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/
IP 54.221.189.17:0
GET /cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=hiltongdpr&layout=gdpr&site=hiltongdpr.com&action=notice&country=no&locale=en&behavior=expressed>m=1&irm=undefined&from=https://consent.trustarc.com/ HTTP/1.1
Host: prefmgr-cookie.truste-svc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://consent-pref.trustarc.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 27 Jan 2023 19:14:32 GMT
content-type: text/html; charset=UTF-8
server: nginx
vary: Accept-Encoding
etag: W/"5014-1657163800000"
last-modified: Thu, 07 Jul 2022 03:16:40 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: origin
x-content-type-options: nosniff
permissions-policy: geolocation=(), microphone=(), payment=()
expect-ct: max-age=31536000
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
content-encoding: gzip
X-Firefox-Spdy: h2