ua-tracer by Paul Kinlan

ua-tracer

what does a user agent actually fetch, follow & run?

← all traces

Trace i6KOgsDP

First seen: 2026-06-30 03:53:07.374 UTC
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

What this user agent did

Directly-referenced assets:

✗ fetched CSS ✓ fetched JS ✗ fetched image ✗ fetched font (HTML)

Document-level link hints:

✗ fetched favicon ✗ fetched apple-touch-icon ✗ fetched web manifest ✗ fetched preload ✗ fetched prefetch

Second-level follows (proves it parsed the linking file):

✗ followed CSS background-image ✗ followed CSS @font-face ✗ followed manifest icon ✗ followed CSS @import

Frames (does it descend into iframes?):

✓ fetched iframe document ✗ descended into iframe (loaded inner image)

Reporting (a report-only CSP is violated by inline styles; reports can arrive via HTTP headers with no JS, or via in-page beacons):

✗ sent a CSP/Reporting report (any path) ✗ delivered via report-uri/Report-To header (no JS) ✗ delivered via in-page beacon (securitypolicyviolation / ReportingObserver)

Social embed (Open Graph / Twitter card images):

✗ fetched og:image ✗ fetched twitter:image

JavaScript execution:

✗ EXECUTED classic JS ✗ EXECUTED ES module ✗ posted client timing

Server-side request waterfall

Every request the server received for this trace, in receive order. +ms is the delta from the homepage request.

ReceivedΔKindMethodUser-Agent
2026-06-30 03:53:07.374 UTC +0 ms homepage GET Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
request headers (16)
{
  "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US",
  "connection": "Keep-Alive",
  "host": "uatracer.com",
  "sec-fetch-dest": "document",
  "sec-fetch-mode": "navigate",
  "sec-fetch-site": "same-origin",
  "sec-fetch-user": "?1",
  "traceparent": "00-38cbf55da294d09ed1d2d2ed5de8a3e5-2d472e575bd932e1-01",
  "tracestate": "",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",
  "via": "HTTP/1.1 ord.vultr.prod.deno-cluster.net",
  "x-deno-userspace-traceparent": "00-38cbf55da294d09ed1d2d2ed5de8a3e5-04baaa5182d4866f-01",
  "x-deno-userspace-tracestate": ""
}
2026-06-30 03:53:08.497 UTC +1123 ms JS GET Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
request headers (18)
{
  "accept": "*/*",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US",
  "connection": "Keep-Alive",
  "cookie": "ua-tracer-trace=i6KOgsDP",
  "host": "uatracer.com",
  "referer": "https://uatracer.com/",
  "sec-fetch-dest": "document",
  "sec-fetch-mode": "navigate",
  "sec-fetch-site": "same-origin",
  "sec-fetch-user": "?1",
  "traceparent": "00-1f0af3ced41b4976b5cb048817db9b33-5ba7e3a0e17df173-01",
  "tracestate": "",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",
  "via": "HTTP/1.1 ord.vultr.prod.deno-cluster.net",
  "x-deno-userspace-traceparent": "00-1f0af3ced41b4976b5cb048817db9b33-c454a3f37793398d-01",
  "x-deno-userspace-tracestate": ""
}
2026-06-30 03:53:08.893 UTC +1519 ms iframe document GET Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
request headers (18)
{
  "accept": "*/*",
  "accept-encoding": "gzip, deflate",
  "accept-language": "en-US",
  "connection": "Keep-Alive",
  "cookie": "ua-tracer-trace=i6KOgsDP",
  "host": "uatracer.com",
  "referer": "https://uatracer.com/",
  "sec-fetch-dest": "document",
  "sec-fetch-mode": "navigate",
  "sec-fetch-site": "same-origin",
  "sec-fetch-user": "?1",
  "traceparent": "00-4c6862723f1e8797287acc50a0b76fb3-d9d0cfb6025adee4-01",
  "tracestate": "",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",
  "via": "HTTP/1.1 ord.vultr.prod.deno-cluster.net",
  "x-deno-userspace-traceparent": "00-4c6862723f1e8797287acc50a0b76fb3-650966c8d02f7773-01",
  "x-deno-userspace-tracestate": ""
}