ua-tracer by Paul Kinlan

ua-tracer

what does a user agent actually fetch, follow & run?

← all traces

Trace GqNNMStp

First seen: 2026-07-03 07:59:42.417 UTC
User-Agent: DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html)
Bot verification: Not a known bot (no IP-range check applies).

What this user agent did

Directly-referenced assets:

✗ fetched CSS ✗ fetched JS ✗ fetched image ✗ fetched font (HTML)

Document-level link hints:

✓ fetched favicon ✗ fetched apple-touch-icon ✗ fetched web manifest ✗ fetched preload ✗ fetched prefetch

Second-level follows (proves it parsed the linking file):

✗ followed CSS background-image ✗ followed CSS @font-face ✗ followed manifest icon ✗ followed CSS @import

Frames (does it descend into iframes?):

✗ fetched iframe document ✗ descended into iframe (loaded inner image)

Reporting (a report-only CSP is violated by inline styles; reports can arrive via HTTP headers with no JS, or via in-page beacons):

✗ sent a CSP/Reporting report (any path) ✗ delivered via report-uri/Report-To header (no JS) ✗ delivered via in-page beacon (securitypolicyviolation / ReportingObserver)

Social embed (Open Graph / Twitter card images):

✗ fetched og:image ✗ fetched twitter:image

JavaScript execution:

✗ EXECUTED classic JS ✗ EXECUTED ES module ✗ posted client timing

Server-side request waterfall

Every request the server received for this trace, in receive order. +ms is the delta from the homepage request.

ReceivedΔKindMethodUser-Agent
2026-07-03 07:59:42.417 UTC +0 ms homepage GET DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html)
request headers (15)
{
  "accept": "*/*",
  "accept-encoding": "gzip",
  "accept-language": "en-US,en;q=0.8,zh;q=0.6,es;q=0.4",
  "connection": "close",
  "host": "uatracer.com",
  "referer": "http://uatracer.com",
  "signature": "sig1=:9SFsrKRIZj1ED22AiiqKt1WDAEDqIoqhPNesKjyNd0EOmWMraeS4yI8XWu0KeYbwiPkefEHgt863snAJs4sJBQ==:",
  "signature-agent": "https://bot.duckduckgo.com",
  "signature-input": "sig1=(\"@method\" \"@authority\" \"@path\" \"signature-agent\");created=1783065582;expires=1783066182;alg=\"ed25519\";tag=\"web-bot-auth\";keyid=\"5HvpfNA946z6lcCXEIOOpzlN5l0mdZE42jdqimEwPf8\"",
  "traceparent": "00-1668539ace529d00697a202014a3d396-d1dd99b71c90182c-01",
  "tracestate": "",
  "user-agent": "DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html)",
  "via": "HTTP/1.1 ams.vultr.prod.deno-cluster.net",
  "x-deno-userspace-traceparent": "00-1668539ace529d00697a202014a3d396-31570a07eeb7ec2f-01",
  "x-deno-userspace-tracestate": ""
}
2026-07-03 07:59:44.083 UTC +1666 ms favicon GET DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html)
request headers (14)
{
  "accept": "*/*",
  "accept-encoding": "gzip",
  "accept-language": "en-US,en;q=0.8,zh;q=0.6,es;q=0.4",
  "connection": "close",
  "host": "uatracer.com",
  "signature": "sig1=:qaFabNlwj5V5qfj5+H7PnZ2T72YHfO5SdHompJMHZ28RNVTvWwO9UgYcaX+6+PIv4khAv3T06P1+MZ8uGgkpCw==:",
  "signature-agent": "https://bot.duckduckgo.com",
  "signature-input": "sig1=(\"@method\" \"@authority\" \"@path\" \"signature-agent\");created=1783065584;expires=1783066184;alg=\"ed25519\";tag=\"web-bot-auth\";keyid=\"5HvpfNA946z6lcCXEIOOpzlN5l0mdZE42jdqimEwPf8\"",
  "traceparent": "00-bdc1ddd5f4f62f28c125477c3ed5a04b-77ee176a4aa5c8b0-01",
  "tracestate": "",
  "user-agent": "DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html)",
  "via": "HTTP/1.1 ams.vultr.prod.deno-cluster.net",
  "x-deno-userspace-traceparent": "00-bdc1ddd5f4f62f28c125477c3ed5a04b-7ab9cc0d30006b4d-01",
  "x-deno-userspace-tracestate": ""
}