ua-tracer
by Paul Kinlan
ua-tracer
what does a user agent actually fetch, follow & run?
Trace q15NwvDO
First seen: 2026-06-23 16:38:15.383 UTC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:152.0) Gecko/20100101 Firefox/152.0
What this user agent did
Directly-referenced assets:
✗ fetched CSS
✓ fetched JS
✗ fetched image
✗ fetched font (HTML)
Document-level link hints:
✗ fetched favicon
✗ fetched apple-touch-icon
✗ fetched web manifest
✗ fetched preload
✗ fetched prefetch
Second-level follows (proves it parsed the linking file):
✗ followed CSS background-image
✗ followed CSS @font-face
✗ followed manifest icon
✗ followed CSS @import
Frames (does it descend into iframes?):
✗ fetched iframe document
✗ descended into iframe (loaded inner image)
Reporting (a report-only CSP is violated by inline styles; reports can arrive via HTTP headers with no JS, or via in-page beacons):
✗ sent a CSP/Reporting report (any path)
✗ delivered via report-uri/Report-To header (no JS)
✗ delivered via in-page beacon (securitypolicyviolation / ReportingObserver)
Social embed (Open Graph / Twitter card images):
✗ fetched og:image
✗ fetched twitter:image
JavaScript execution:
✗ EXECUTED classic JS
✗ EXECUTED ES module
✗ posted client timing
Server-side request waterfall
Every request the server received for this trace, in receive order. +ms is the delta from the
homepage request.
| Received | Δ | Kind | Method | User-Agent |
|---|---|---|---|---|
| 2026-06-23 16:38:15.383 UTC | +0 ms | homepage | GET | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:152.0) Gecko/20100101 Firefox/152.0 |
request headers (13){
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
"accept-encoding": "gzip",
"accept-language": "en-US,en;q=0.9",
"host": "uatracer.com",
"sec-fetch-dest": "document",
"sec-fetch-mode": "navigate",
"sec-fetch-site": "none",
"sec-fetch-user": "?1",
"traceparent": "00-8d720427716f5581160c3b0d01e259bf-29c93f2cf767c158-01",
"tracestate": "",
"upgrade-insecure-requests": "1",
"user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:152.0) Gecko/20100101 Firefox/152.0",
"via": "HTTP/2 ams.vultr.prod.deno-cluster.net"
}
|
||||
| 2026-06-23 16:38:27.169 UTC | +11786 ms | ES module | GET | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36 |
request headers (13){
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
"accept-encoding": "gzip",
"accept-language": "en-US,en;q=0.9",
"host": "uatracer.com",
"sec-fetch-dest": "document",
"sec-fetch-mode": "navigate",
"sec-fetch-site": "none",
"sec-fetch-user": "?1",
"traceparent": "00-d509891d41b815a2e960040fe0a8c5a4-d296296328630201-01",
"tracestate": "",
"upgrade-insecure-requests": "1",
"user-agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36",
"via": "HTTP/2 ams.vultr.prod.deno-cluster.net"
}
|
||||
| 2026-06-23 16:38:27.393 UTC | +12010 ms | JS | GET | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:152.0) Gecko/20100101 Firefox/152.0 |
request headers (13){
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
"accept-encoding": "gzip",
"accept-language": "en-US,en;q=0.9",
"host": "uatracer.com",
"sec-fetch-dest": "document",
"sec-fetch-mode": "navigate",
"sec-fetch-site": "none",
"sec-fetch-user": "?1",
"traceparent": "00-23857402086ca8a0c198e9b0040ec0a6-8add2563e6088e66-01",
"tracestate": "",
"upgrade-insecure-requests": "1",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:152.0) Gecko/20100101 Firefox/152.0",
"via": "HTTP/2 ams.vultr.prod.deno-cluster.net"
}
|
||||