HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
403
Total Requests
1
Total Time
466 ms

  • http://litfan.ru/luchshie-literaturnye-konkursy/

    Status
    403
    Message
    Forbidden
    Time
    466 ms
  • IP
    141.8.192.138
    View Map

  • Timing

    Wait

    0 ms

    DNS

    252 ms

    TCP

    104 ms

    Request

    0 ms

    First Byte

    110 ms

    Download

    0 ms

    Total

    466 ms

  • HTTP Headers

    Server

    openresty

    A name for the server.

    openresty - Description of the server software.

    Date

    Wed, 16 Jul 2025 08:11:28 GMT

    The date and time that the message was sent.

    Content-Type

    text/html; charset=iso-8859-1

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      iso-8859-1

    Connection

    close

    Control options for the current connection and list of hop-by-hop response fields.

    close - The client or server would like to close the connection.

    Vary

    Accept-Encoding

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • Accept-Encoding
    X-Robots-Tag

    noarchive

    Specify how the resource is shown in search results.

    noarchive - Do not show a cached link for this page.

    Content-Security-Policy

    upgrade-insecure-requests; frame-ancestors 'self'

    The content security policy allows the server to determine what resources the user is allowed to load.

    • upgrade-insecure-requests

      Treat insecure URLs as though they are secure.

    • Frame-Ancestors

      Define valid parents for frame, iframe, embed, object, and applet.

      • 'self'
    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    X-Xss-Protection

    0

    Cross-site scripting (XSS) filter.

    0 - Disable XSS filtering.

    Referrer-Policy

    strict-origin-when-cross-origin

    Controls what referrer information is sent with requests.

    strict-origin-when-cross-origin - Send the full referrer for a same origin request. Send the origin only for cross-domain requests where the protocol level is the same. Otherwise do not send the referrer.

    Cross-Origin-Resource-Policy

    same-origin

    The cross-origin policy.

    same-origin - Allow same origin requests only.

    Cross-Origin-Embedder-Policy

    unsafe-none

    Cross-Origin-Opener-Policy

    same-origin-allow-popups

    Isolate the document from cross-origin windows.

    same-origin-allow-popups - Retain references to new opened windows or tabs.

    Permissions-Policy

    autoplay=(self), fullscreen=(self), accelerometer=(), camera=(), display-capture=(), encrypted-media=(), geolocation=(), microphone=(), sync-xhr=()

    Enable and disable browser features.

    • autoplay

      Allow access to autoplay media.

      • (self) - Allowed on this page and all nested contexts in the same origin.

    • fullscreen

      Control access to fullscreen API.

      • (self) - Allowed on this page and all nested contexts in the same origin.

    • accelerometer

      Control access to accelerometer.

      • () - Feature is disabled.

    • camera

      Control access to camera.

      • () - Feature is disabled.

    • display-capture

      Control access to display capture devices.

      • () - Feature is disabled.

    • encrypted-media

      Control access to encrypted media extensions API.

      • () - Feature is disabled.

    • geolocation

      Control access to geo location API.

      • () - Feature is disabled.

    • microphone

      Control access to microphone device.

      • () - Feature is disabled.

    • sync-xhr

      Control access to XMLHttpRequests.

      • () - Feature is disabled.