HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
403
Total Requests
1
Total Time
18 ms

  • https://vimeo.com/932358988

    Status
    403
    Message
    Forbidden
    Time
    18 ms
  • IP
    162.159.138.60
    View Map

  • Timing

    Wait

    0 ms

    DNS

    2 ms

    TCP

    3 ms

    Request

    0 ms

    First Byte

    9 ms

    Download

    0 ms

    Total

    18 ms

  • HTTP Headers

    Date

    Wed, 03 Jul 2024 01:09:50 GMT

    The date and time that the message was sent.

    Content-Type

    text/html; charset=UTF-8

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      UTF-8

    Content-Length

    15857(15.9 kB)

    The length of the response body in octets (8-bit bytes).

    Connection

    close

    Control options for the current connection and list of hop-by-hop response fields.

    close - The client or server would like to close the connection.

    Accept-Ch

    Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA

    Specify what client hints should be included in subsequent requests.

    • sec-ch-ua-bitness

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-arch

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-full-version

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-mobile

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-model

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-platform-version

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-full-version-list

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-platform

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua

      Problems were found.

      • Option is not one of known values.

    • ua-bitness

      Problems were found.

      • Option is not one of known values.

    • ua-arch

      Problems were found.

      • Option is not one of known values.

    • ua-full-version

      Problems were found.

      • Option is not one of known values.

    • ua-mobile

      Problems were found.

      • Option is not one of known values.

    • ua-model

      Problems were found.

      • Option is not one of known values.

    • ua-platform-version

      Problems were found.

      • Option is not one of known values.

    • ua-platform

      Problems were found.

      • Option is not one of known values.

    • ua

      Problems were found.

      • Option is not one of known values.
    Critical-Ch

    Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA

    Cross-Origin-Embedder-Policy

    require-corp

    Cross-Origin-Opener-Policy

    same-origin

    Isolate the document from cross-origin windows.

    same-origin - Isolated the browsing context to same-origin.

    Cross-Origin-Resource-Policy

    same-origin

    The cross-origin policy.

    same-origin - Allow same origin requests only.

    Origin-Agent-Cluster

    ?1

    Permissions-Policy

    accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()

    Enable and disable browser features.

    • accelerometer

      Control access to accelerometer.

      • () - Feature is disabled.

    • autoplay

      Allow access to autoplay media.

      • () - Feature is disabled.

    • browsing-topics

      Problems were found.

      • Unknown option
      • () - Feature is disabled.

    • camera

      Control access to camera.

      • () - Feature is disabled.

    • clipboard-read

      Control access to clipboard reading.

      • () - Feature is disabled.

    • clipboard-write

      Control access to clipboard writing.

      • () - Feature is disabled.

    • geolocation

      Control access to geo location API.

      • () - Feature is disabled.

    • gyroscope

      Control access to gyroscope API.

      • () - Feature is disabled.

    • hid

      Problems were found.

      • Unknown option
      • () - Feature is disabled.

    • interest-cohort

      Control access to Federated Learning of Cohorts.

      • () - Feature is disabled.

    • magnetometer

      Control access to magnetometer API.

      • () - Feature is disabled.

    • microphone

      Control access to microphone device.

      • () - Feature is disabled.

    • payment

      Control access to payment request API.

      • () - Feature is disabled.

    • publickey-credentials-get

      Control access to web authentication API.

      • () - Feature is disabled.

    • screen-wake-lock

      Control access to screen wake lock API.

      • () - Feature is disabled.

    • serial

      Problems were found.

      • Unknown option
      • () - Feature is disabled.

    • sync-xhr

      Control access to XMLHttpRequests.

      • () - Feature is disabled.

    • usb

      Control access to web USB API.

      • () - Feature is disabled.
    Referrer-Policy

    same-origin

    Controls what referrer information is sent with requests.

    same-origin - Send the full referrer for same origin requests, and nothing for cross-origin.

    X-Content-Options

    nosniff

    X-Frame-Options

    SAMEORIGIN

    Clickjacking protection.

    SAMEORIGIN - No rendering if origin mismatch.

    Cf-Mitigated

    challenge

    Cf-Chl-Out

    LRhrtyag6HxiwT9qJYEYcVbMh0enSR7ckfyUp0IALjVvLewv8pQYLGKDFXe3Rk/kBgcXhq4CpN0U0y69BsKZWlI/zGFeJLyF3IdMqi56tv/oBqBTJ4s0eHD97riqJDebX/HQ4NLYLtz5siwVUG7kTw==$ySIKPh+n2JSF7vvSxMCRxw==

    Cache-Control

    private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0

    Inform all caching mechanisms from server to client whether they may cache this object.

    • private

      May only be stored by a browser cache.

    • Max-Age

      0

      The time a browser should remember a site can only be accessed with https (seconds).

    • no-store

      May not be stored by any cache.

    • no-cache

      May be stored by any cache but must be validated by the server.

    • must-revalidate

      Stale caches must not be used.

    • post-check

      0

      Problems were found.

      • Option is not one of known values.

    • pre-check

      0

      Problems were found.

      • Option is not one of known values.
    Expires

    Thu, 01 Jan 1970 00:00:01 GMT

    The time at which the response is considered stale.

    Set-Cookie

    __cf_bm=2rDG.eTDNzdRr2jE1LYOBcoB8040Bm3zXBnp25DDux4-1719968990-1.0.1.1-E6FERM12znhQHTzhvIAA_eLIQ24oVpYXQGUr3.hU9vauSF1ytxEpewo_qOK93GIU3ZX9M8Ysn5oNkvkey9lOFg; path=/; expires=Wed, 03-Jul-24 01:39:50 GMT; domain=.vimeo.com; HttpOnly; Secure

    A cookie sent from the server to be set on the client

    • __cf_bm

      2rDG.eTDNzdRr2jE1LYOBcoB8040Bm3zXBnp25DDux4-1719968990-1.0.1.1-E6FERM12znhQHTzhvIAA_eLIQ24oVpYXQGUr3.hU9vauSF1ytxEpewo_qOK93GIU3ZX9M8Ysn5oNkvkey9lOFg

      Cookie name and value.

    • Path

      /

      The client will only send the cookie when requesting this path, or subdirectories, from the server.

    • Expires

      Wed, 03-Jul-24 01:39:50 GMT

      When the cookie should expire.

    • Domain

      .vimeo.com

      The client will only send the cookie when requesting from this domain.

    • HttpOnly

      Prevents access to the cookie through JavaScript.

    • Secure

      The cookie is only sent when requesting from a https domain.

    Server

    cloudflare

    A name for the server.

    cloudflare - Description of the server software.

    Cf-Ray

    89d2fe105dfcc44f-EWR

    Encoded information about your request from Cloudflare.