ua-tracer by Paul Kinlan

ua-tracer

what does a user agent actually fetch, follow & run?

← all traces

Trace u9EOCexp

First seen: 2026-06-23 16:48:37.375 UTC
User-Agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36

What this user agent did

Directly-referenced assets:

✓ fetched CSS ✗ fetched JS ✗ fetched image ✓ fetched font (HTML)

Document-level link hints:

✗ fetched favicon ✗ fetched apple-touch-icon ✗ fetched web manifest ✓ fetched preload ✓ fetched prefetch

Second-level follows (proves it parsed the linking file):

✗ followed CSS background-image ✗ followed CSS @font-face ✗ followed manifest icon ✗ followed CSS @import

Frames (does it descend into iframes?):

✗ fetched iframe document ✗ descended into iframe (loaded inner image)

Reporting (a report-only CSP is violated by inline styles; reports can arrive via HTTP headers with no JS, or via in-page beacons):

✗ sent a CSP/Reporting report (any path) ✗ delivered via report-uri/Report-To header (no JS) ✗ delivered via in-page beacon (securitypolicyviolation / ReportingObserver)

Social embed (Open Graph / Twitter card images):

✗ fetched og:image ✗ fetched twitter:image

JavaScript execution:

✗ EXECUTED classic JS ✗ EXECUTED ES module ✗ posted client timing

Server-side request waterfall

Every request the server received for this trace, in receive order. +ms is the delta from the homepage request.

ReceivedΔKindMethodUser-Agent
2026-06-23 16:48:37.375 UTC +0 ms homepage GET Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36
request headers (16) 
{
  "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
  "accept-encoding": "gzip, deflate, br, zstd",
  "accept-language": "en-GB,en-US;q=0.9,en;q=0.8,cy;q=0.7,ja;q=0.6",
  "host": "uatracer.com",
  "priority": "u=0, i",
  "sec-ch-ua": "\"Not;A=Brand\";v=\"8\", \"Chromium\";v=\"150\", \"Google Chrome\";v=\"150\"",
  "sec-ch-ua-mobile": "?1",
  "sec-ch-ua-platform": "\"Android\"",
  "sec-fetch-dest": "document",
  "sec-fetch-mode": "navigate",
  "sec-fetch-site": "cross-site",
  "traceparent": "00-dd8eabab45e14d8baad408710a2a5067-2672ebaa15b56b9d-01",
  "tracestate": "",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36",
  "via": "HTTP/2 ams.vultr.prod.deno-cluster.net"
}
2026-06-23 16:48:40.633 UTC +3258 ms CSS GET Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36
request headers (16) 
{
  "accept": "text/css,*/*;q=0.1",
  "accept-encoding": "gzip, deflate, br, zstd",
  "accept-language": "en-GB,en-US;q=0.9,en;q=0.8,cy;q=0.7,ja;q=0.6",
  "host": "uatracer.com",
  "priority": "u=0",
  "referer": "https://uatracer.com/",
  "sec-ch-ua": "\"Not;A=Brand\";v=\"8\", \"Chromium\";v=\"150\", \"Google Chrome\";v=\"150\"",
  "sec-ch-ua-mobile": "?1",
  "sec-ch-ua-platform": "\"Android\"",
  "sec-fetch-dest": "style",
  "sec-fetch-mode": "no-cors",
  "sec-fetch-site": "same-origin",
  "traceparent": "00-192ecd732523f59b421c6760440aedd7-51863df7a9114ad7-01",
  "tracestate": "",
  "user-agent": "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36",
  "via": "HTTP/2 ams.vultr.prod.deno-cluster.net"
}
2026-06-23 16:48:40.643 UTC +3268 ms font (HTML) GET Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36
request headers (17) 
{
  "accept": "*/*",
  "accept-encoding": "gzip, deflate, br, zstd",
  "accept-language": "en-GB,en-US;q=0.9,en;q=0.8,cy;q=0.7,ja;q=0.6",
  "host": "uatracer.com",
  "origin": "https://uatracer.com",
  "priority": "u=1",
  "referer": "https://uatracer.com/",
  "sec-ch-ua": "\"Not;A=Brand\";v=\"8\", \"Chromium\";v=\"150\", \"Google Chrome\";v=\"150\"",
  "sec-ch-ua-mobile": "?1",
  "sec-ch-ua-platform": "\"Android\"",
  "sec-fetch-dest": "font",
  "sec-fetch-mode": "cors",
  "sec-fetch-site": "same-origin",
  "traceparent": "00-24147d1fdf4091a9ff6bfafa3dc25aa2-182d81085e9cbbb4-01",
  "tracestate": "",
  "user-agent": "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36",
  "via": "HTTP/2 ams.vultr.prod.deno-cluster.net"
}
2026-06-23 16:48:40.663 UTC +3288 ms preload (image) GET Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36
request headers (16) 
{
  "accept": "image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8",
  "accept-encoding": "gzip, deflate, br, zstd",
  "accept-language": "en-GB,en-US;q=0.9,en;q=0.8,cy;q=0.7,ja;q=0.6",
  "host": "uatracer.com",
  "priority": "i",
  "referer": "https://uatracer.com/",
  "sec-ch-ua": "\"Not;A=Brand\";v=\"8\", \"Chromium\";v=\"150\", \"Google Chrome\";v=\"150\"",
  "sec-ch-ua-mobile": "?1",
  "sec-ch-ua-platform": "\"Android\"",
  "sec-fetch-dest": "image",
  "sec-fetch-mode": "no-cors",
  "sec-fetch-site": "same-origin",
  "traceparent": "00-b6ba45f326d83b48dfe50091019c93cb-88c1e43cb0039c76-01",
  "tracestate": "",
  "user-agent": "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36",
  "via": "HTTP/2 ams.vultr.prod.deno-cluster.net"
}
2026-06-23 16:48:40.758 UTC +3383 ms prefetch GET Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36
request headers (17) 
{
  "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
  "accept-encoding": "gzip, deflate, br, zstd",
  "accept-language": "en-GB,en-US;q=0.9,en;q=0.8,cy;q=0.7,ja;q=0.6",
  "host": "uatracer.com",
  "priority": "u=4, i",
  "referer": "https://uatracer.com/",
  "sec-ch-ua": "\"Not;A=Brand\";v=\"8\", \"Chromium\";v=\"150\", \"Google Chrome\";v=\"150\"",
  "sec-ch-ua-mobile": "?1",
  "sec-ch-ua-platform": "\"Android\"",
  "sec-fetch-dest": "empty",
  "sec-fetch-mode": "no-cors",
  "sec-fetch-site": "same-origin",
  "sec-purpose": "prefetch",
  "traceparent": "00-0d9003a26b7afc1240736752dbbc1c46-90511c84ffbed0ab-01",
  "tracestate": "",
  "user-agent": "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36",
  "via": "HTTP/2 ams.vultr.prod.deno-cluster.net"
}