Domain:
Cookies:
This page is served from vibehost.cz/api/files.php
Content-Disposition: attachment should prevent this, but window.open() may bypass it
