ua-tracer
by Paul Kinlan
ua-tracer
what does a user agent actually fetch, follow & run?
Trace icMbraRK
First seen: 2026-07-03 06:47:13.157 UTC
User-Agent: DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html)
Bot verification: Not a known bot (no IP-range check applies).
What this user agent did
Directly-referenced assets:
✗ fetched CSS
✗ fetched JS
✗ fetched image
✗ fetched font (HTML)
Document-level link hints:
✓ fetched favicon
✗ fetched apple-touch-icon
✗ fetched web manifest
✗ fetched preload
✗ fetched prefetch
Second-level follows (proves it parsed the linking file):
✗ followed CSS background-image
✗ followed CSS @font-face
✗ followed manifest icon
✗ followed CSS @import
Frames (does it descend into iframes?):
✗ fetched iframe document
✗ descended into iframe (loaded inner image)
Reporting (a report-only CSP is violated by inline styles; reports can arrive via HTTP headers with no JS, or via in-page beacons):
✗ sent a CSP/Reporting report (any path)
✗ delivered via report-uri/Report-To header (no JS)
✗ delivered via in-page beacon (securitypolicyviolation / ReportingObserver)
Social embed (Open Graph / Twitter card images):
✗ fetched og:image
✗ fetched twitter:image
JavaScript execution:
✗ EXECUTED classic JS
✗ EXECUTED ES module
✗ posted client timing
Server-side request waterfall
Every request the server received for this trace, in receive order. +ms is the delta from the
homepage request.
| Received | Δ | Kind | Method | User-Agent |
|---|---|---|---|---|
| 2026-07-03 06:47:13.157 UTC | +0 ms | homepage | GET | DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html) |
request headers (13){
"accept": "*/*",
"accept-encoding": "gzip",
"accept-language": "en-US,en;q=0.8,zh;q=0.6,es;q=0.4",
"connection": "close",
"host": "uatracer.com",
"referer": "http://uatracer.com",
"signature": "sig1=:jw86KbnLpTpmVOsSbuNpGZoXSRVjXpiFniajsREpiy/UgUvEKMLbn3DrMIPKlkhUvIW2BOn9OGN8BoxWy/SoDg==:",
"signature-agent": "https://bot.duckduckgo.com",
"signature-input": "sig1=(\"@method\" \"@authority\" \"@path\" \"signature-agent\");created=1783061233;expires=1783061833;alg=\"ed25519\";tag=\"web-bot-auth\";keyid=\"5HvpfNA946z6lcCXEIOOpzlN5l0mdZE42jdqimEwPf8\"",
"traceparent": "00-4b7455530636029603e8c3ee29af3a6a-7f72357da7e2cdfe-01",
"tracestate": "",
"user-agent": "DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html)",
"via": "HTTP/1.1 ams.vultr.prod.deno-cluster.net"
}
|
||||
| 2026-07-03 06:47:14.812 UTC | +1655 ms | favicon | GET | DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html) |
request headers (12){
"accept": "*/*",
"accept-encoding": "gzip",
"accept-language": "en-US,en;q=0.8,zh;q=0.6,es;q=0.4",
"connection": "close",
"host": "uatracer.com",
"signature": "sig1=:nOBkCY2CJHqHtgv8qwjpskYJUgy0CMkrKNN2lmn5B8lX9FhE3pdrj0oiDL315a23H+7CU7tUyuvzhU6jra16CQ==:",
"signature-agent": "https://bot.duckduckgo.com",
"signature-input": "sig1=(\"@method\" \"@authority\" \"@path\" \"signature-agent\");created=1783061234;expires=1783061834;alg=\"ed25519\";tag=\"web-bot-auth\";keyid=\"5HvpfNA946z6lcCXEIOOpzlN5l0mdZE42jdqimEwPf8\"",
"traceparent": "00-cf290defe7a1106f3e343b9cd735ea9e-b89dd229d94b5463-01",
"tracestate": "",
"user-agent": "DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html)",
"via": "HTTP/1.1 ams.vultr.prod.deno-cluster.net"
}
|
||||