HTTP Headers
Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.
Summary
- Response
- Total Requests
- 1
- Total Time
- 171 ms
- IP
- 44.194.184.136
Timing
Wait
0 ms
DNS
7 ms
TCP
8 ms
Request
0 ms
First Byte
146 ms
Download
1 ms
Total
171 ms
HTTP Headers
- Date
Fri, 05 Jul 2024 05:02:05 GMT
The date and time that the message was sent.
- Content-Type
text/html; charset=utf-8
The MIME type of this content.
Type
text/html
Description
HTML file
Charset
utf-8
- Connection
close
Control options for the current connection and list of hop-by-hop response fields.
close - The client or server would like to close the connection.
- Server
Apache
A name for the server.
Apache - Description of the server software.
- X-Session-Id
4453ba1ea40d0b02727920068c26a2a1
- X-Request-Context-Id
de9714a9-ed2b-4352-9a08-73a1ea24dcba
- Vary
Accept-Encoding
Indicates that different content may be provided to different clients, depending on the vary header.
Headers
- Accept-Encoding
- X-Rate-Limit-Remaining
700.0
- X-Canvas-Meta
q=5313;a=10;g=ff2e5780-fa5b-012d-f7b3-123135003972;s=7;c=cluster7;z=us-east-1b;o=eportfolio_entries;n=show;st=06ed2a0663f44222b8a30961c311d7ae-38b479eb8054488e-0;b=2093276;m=2093276;u=0.09;y=0.01;d=0.01;
- Pragma
no-cache
HTTP/1.0 backwards compatible cache handling.
no-cache - Force requests to the origin server before releasing a cache.
- Content-Security-Policy
frame-ancestors 'self' canvas.instructure.com canvas.staging.instructure.com canvas.beta.instructure.com canvas.test.instructure.com oauth.instructure.com oauth.staging.instructure.com oauth.beta.instructure.com oauth.test.instructure.com localhost instructure.com staging.instructure.com beta.instructure.com test.instructure.com stats.instructure.com stats.staging.instructure.com stats.beta.instructure.com stats.test.instructure.com cluster7.instructure.com cluster7.staging.instructure.com cluster7.beta.instructure.com cluster7.test.instructure.com cluster7.iad.canvas-user-content.com cluster7.iad.staging.canvas-user-content.com cluster7.iad.beta.canvas-user-content.com cluster7.iad.test.canvas-user-content.com;
The content security policy allows the server to determine what resources the user is allowed to load.
Frame-Ancestors
Define valid parents for frame, iframe, embed, object, and applet.
- 'self'
- canvas.instructure.com
- canvas.staging.instructure.com
- canvas.beta.instructure.com
- canvas.test.instructure.com
- oauth.instructure.com
- oauth.staging.instructure.com
- oauth.beta.instructure.com
- oauth.test.instructure.com
- localhost
- instructure.com
- staging.instructure.com
- beta.instructure.com
- test.instructure.com
- stats.instructure.com
- stats.staging.instructure.com
- stats.beta.instructure.com
- stats.test.instructure.com
- cluster7.instructure.com
- cluster7.staging.instructure.com
- cluster7.beta.instructure.com
- cluster7.test.instructure.com
- cluster7.iad.canvas-user-content.com
- cluster7.iad.staging.canvas-user-content.com
- cluster7.iad.beta.canvas-user-content.com
- cluster7.iad.test.canvas-user-content.com
- X-Request-Cost
0.0991229050102902
- Cache-Control
no-store
Inform all caching mechanisms from server to client whether they may cache this object.
no-store - May not be stored by any cache.
- Strict-Transport-Security
max-age=63072000
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
Max-Age
63072000 (2 years)
The time a browser should remember a site can only be accessed with https (seconds).
- Referrer-Policy
no-referrer-when-downgrade
Controls what referrer information is sent with requests.
no-referrer-when-downgrade - Send the full referrer when the protocol security stays the same, or improves.
- X-Permitted-Cross-Domain-Policies
none
Specifies if a cross-domain policy is allowed.
none - No policy is allowed.
- X-Xss-Protection
1; mode=block
Cross-site scripting (XSS) filter.
1
Enable XSS filtering.
Mode
Filtering mode.
- block - Block page if XSS is detected.
- X-Download-Options
noopen
- X-Runtime
0.133407
- X-Content-Type-Options
nosniff
Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
nosniff - Block requests if type 'style' or 'script'.
- Set-Cookie
_csrf_token=SEf%2B%2FVNjjdoN5KjW8UYPKXuJ%2FNlkoCZCbwJPrgvb2qwpI7GMEA3%2Bv2TSmuGlF2JjDOGTgTPjSg1XNhfvIOiM2Q%3D%3D; path=/; secure
A cookie sent from the server to be set on the client
_csrf_token
SEf%2B%2FVNjjdoN5KjW8UYPKXuJ%2FNlkoCZCbwJPrgvb2qwpI7GMEA3%2Bv2TSmuGlF2JjDOGTgTPjSg1XNhfvIOiM2Q%3D%3D
Cookie name and value.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
secure
The cookie is only sent when requesting from a https domain.
- Set-Cookie
log_session_id=4453ba1ea40d0b02727920068c26a2a1; path=/; secure; httponly
A cookie sent from the server to be set on the client
log_session_id
4453ba1ea40d0b02727920068c26a2a1
Cookie name and value.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
secure
The cookie is only sent when requesting from a https domain.
httponly
Prevents access to the cookie through JavaScript.
- Set-Cookie
_legacy_normandy_session=Mt8N1kA5U6we0P7xYTTCPQ+h0Ngh8gu2z0ITBx0c5bgRxlaKCROZq96Hty6_Auwm4mCnc-ztf_O8BM3yYMVE3N2iaJgSLMbBG1He3eZMkj6P5S9ygGBTMO7j66-ZT7HWiQ2U9XuwDMpzp78HGvBpGB1kESA-RuyIHJsmt8q5GUmo1lOt2GowyhjTs3NXJU-8NM.mbIAnNguEmMGnozW6DmhL36wXKY.Zod-TQ; path=/; secure; httponly
A cookie sent from the server to be set on the client
_legacy_normandy_session
Mt8N1kA5U6we0P7xYTTCPQ+h0Ngh8gu2z0ITBx0c5bgRxlaKCROZq96Hty6_Auwm4mCnc-ztf_O8BM3yYMVE3N2iaJgSLMbBG1He3eZMkj6P5S9ygGBTMO7j66-ZT7HWiQ2U9XuwDMpzp78HGvBpGB1kESA-RuyIHJsmt8q5GUmo1lOt2GowyhjTs3NXJU-8NM.mbIAnNguEmMGnozW6DmhL36wXKY.Zod-TQ
Cookie name and value.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
secure
The cookie is only sent when requesting from a https domain.
httponly
Prevents access to the cookie through JavaScript.
- Set-Cookie
canvas_session=Mt8N1kA5U6we0P7xYTTCPQ+h0Ngh8gu2z0ITBx0c5bgRxlaKCROZq96Hty6_Auwm4mCnc-ztf_O8BM3yYMVE3N2iaJgSLMbBG1He3eZMkj6P5S9ygGBTMO7j66-ZT7HWiQ2U9XuwDMpzp78HGvBpGB1kESA-RuyIHJsmt8q5GUmo1lOt2GowyhjTs3NXJU-8NM.mbIAnNguEmMGnozW6DmhL36wXKY.Zod-TQ; path=/; secure; httponly; SameSite=None
A cookie sent from the server to be set on the client
canvas_session
Mt8N1kA5U6we0P7xYTTCPQ+h0Ngh8gu2z0ITBx0c5bgRxlaKCROZq96Hty6_Auwm4mCnc-ztf_O8BM3yYMVE3N2iaJgSLMbBG1He3eZMkj6P5S9ygGBTMO7j66-ZT7HWiQ2U9XuwDMpzp78HGvBpGB1kESA-RuyIHJsmt8q5GUmo1lOt2GowyhjTs3NXJU-8NM.mbIAnNguEmMGnozW6DmhL36wXKY.Zod-TQ
Cookie name and value.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
secure
The cookie is only sent when requesting from a https domain.
httponly
Prevents access to the cookie through JavaScript.
Samesite
None
Cookie sent with both cross-site and same-site requests..
- X-Request-Processor
09622848a03691b7e
- X-A11y-Ally
Dana Danger Grey
- P3p
CP="None, see http://www.instructure.com/privacy-policy"
P3P policy.