HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
200
Total Requests
1
Total Time
171 ms
  • IP
    44.194.184.136
    View Map

  • Timing

    Wait

    0 ms

    DNS

    7 ms

    TCP

    8 ms

    Request

    0 ms

    First Byte

    146 ms

    Download

    1 ms

    Total

    171 ms

  • HTTP Headers

    Date

    Fri, 05 Jul 2024 05:02:05 GMT

    The date and time that the message was sent.

    Content-Type

    text/html; charset=utf-8

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      utf-8

    Connection

    close

    Control options for the current connection and list of hop-by-hop response fields.

    close - The client or server would like to close the connection.

    Server

    Apache

    A name for the server.

    Apache - Description of the server software.

    X-Session-Id

    4453ba1ea40d0b02727920068c26a2a1

    X-Request-Context-Id

    de9714a9-ed2b-4352-9a08-73a1ea24dcba

    Vary

    Accept-Encoding

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • Accept-Encoding
    X-Rate-Limit-Remaining

    700.0

    X-Canvas-Meta

    q=5313;a=10;g=ff2e5780-fa5b-012d-f7b3-123135003972;s=7;c=cluster7;z=us-east-1b;o=eportfolio_entries;n=show;st=06ed2a0663f44222b8a30961c311d7ae-38b479eb8054488e-0;b=2093276;m=2093276;u=0.09;y=0.01;d=0.01;

    Pragma

    no-cache

    HTTP/1.0 backwards compatible cache handling.

    no-cache - Force requests to the origin server before releasing a cache.

    Content-Security-Policy

    frame-ancestors 'self' canvas.instructure.com canvas.staging.instructure.com canvas.beta.instructure.com canvas.test.instructure.com oauth.instructure.com oauth.staging.instructure.com oauth.beta.instructure.com oauth.test.instructure.com localhost instructure.com staging.instructure.com beta.instructure.com test.instructure.com stats.instructure.com stats.staging.instructure.com stats.beta.instructure.com stats.test.instructure.com cluster7.instructure.com cluster7.staging.instructure.com cluster7.beta.instructure.com cluster7.test.instructure.com cluster7.iad.canvas-user-content.com cluster7.iad.staging.canvas-user-content.com cluster7.iad.beta.canvas-user-content.com cluster7.iad.test.canvas-user-content.com;

    The content security policy allows the server to determine what resources the user is allowed to load.

    • Frame-Ancestors

      Define valid parents for frame, iframe, embed, object, and applet.

      • 'self'
      • canvas.instructure.com
      • canvas.staging.instructure.com
      • canvas.beta.instructure.com
      • canvas.test.instructure.com
      • oauth.instructure.com
      • oauth.staging.instructure.com
      • oauth.beta.instructure.com
      • oauth.test.instructure.com
      • localhost
      • instructure.com
      • staging.instructure.com
      • beta.instructure.com
      • test.instructure.com
      • stats.instructure.com
      • stats.staging.instructure.com
      • stats.beta.instructure.com
      • stats.test.instructure.com
      • cluster7.instructure.com
      • cluster7.staging.instructure.com
      • cluster7.beta.instructure.com
      • cluster7.test.instructure.com
      • cluster7.iad.canvas-user-content.com
      • cluster7.iad.staging.canvas-user-content.com
      • cluster7.iad.beta.canvas-user-content.com
      • cluster7.iad.test.canvas-user-content.com
    X-Request-Cost

    0.0991229050102902

    Cache-Control

    no-store

    Inform all caching mechanisms from server to client whether they may cache this object.

    no-store - May not be stored by any cache.

    Strict-Transport-Security

    max-age=63072000

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      63072000 (2 years)

      The time a browser should remember a site can only be accessed with https (seconds).

    Referrer-Policy

    no-referrer-when-downgrade

    Controls what referrer information is sent with requests.

    no-referrer-when-downgrade - Send the full referrer when the protocol security stays the same, or improves.

    X-Permitted-Cross-Domain-Policies

    none

    Specifies if a cross-domain policy is allowed.

    none - No policy is allowed.

    X-Xss-Protection

    1; mode=block

    Cross-site scripting (XSS) filter.

    • 1

      Enable XSS filtering.

    • Mode

      Filtering mode.

      • block - Block page if XSS is detected.
    X-Download-Options

    noopen

    X-Runtime

    0.133407

    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    Set-Cookie

    _csrf_token=SEf%2B%2FVNjjdoN5KjW8UYPKXuJ%2FNlkoCZCbwJPrgvb2qwpI7GMEA3%2Bv2TSmuGlF2JjDOGTgTPjSg1XNhfvIOiM2Q%3D%3D; path=/; secure

    A cookie sent from the server to be set on the client

    • _csrf_token

      SEf%2B%2FVNjjdoN5KjW8UYPKXuJ%2FNlkoCZCbwJPrgvb2qwpI7GMEA3%2Bv2TSmuGlF2JjDOGTgTPjSg1XNhfvIOiM2Q%3D%3D

      Cookie name and value.

    • Path

      /

      The client will only send the cookie when requesting this path, or subdirectories, from the server.

    • secure

      The cookie is only sent when requesting from a https domain.

    Set-Cookie

    log_session_id=4453ba1ea40d0b02727920068c26a2a1; path=/; secure; httponly

    A cookie sent from the server to be set on the client

    • log_session_id

      4453ba1ea40d0b02727920068c26a2a1

      Cookie name and value.

    • Path

      /

      The client will only send the cookie when requesting this path, or subdirectories, from the server.

    • secure

      The cookie is only sent when requesting from a https domain.

    • httponly

      Prevents access to the cookie through JavaScript.

    Set-Cookie

    _legacy_normandy_session=Mt8N1kA5U6we0P7xYTTCPQ+h0Ngh8gu2z0ITBx0c5bgRxlaKCROZq96Hty6_Auwm4mCnc-ztf_O8BM3yYMVE3N2iaJgSLMbBG1He3eZMkj6P5S9ygGBTMO7j66-ZT7HWiQ2U9XuwDMpzp78HGvBpGB1kESA-RuyIHJsmt8q5GUmo1lOt2GowyhjTs3NXJU-8NM.mbIAnNguEmMGnozW6DmhL36wXKY.Zod-TQ; path=/; secure; httponly

    A cookie sent from the server to be set on the client

    • _legacy_normandy_session

      Mt8N1kA5U6we0P7xYTTCPQ+h0Ngh8gu2z0ITBx0c5bgRxlaKCROZq96Hty6_Auwm4mCnc-ztf_O8BM3yYMVE3N2iaJgSLMbBG1He3eZMkj6P5S9ygGBTMO7j66-ZT7HWiQ2U9XuwDMpzp78HGvBpGB1kESA-RuyIHJsmt8q5GUmo1lOt2GowyhjTs3NXJU-8NM.mbIAnNguEmMGnozW6DmhL36wXKY.Zod-TQ

      Cookie name and value.

    • Path

      /

      The client will only send the cookie when requesting this path, or subdirectories, from the server.

    • secure

      The cookie is only sent when requesting from a https domain.

    • httponly

      Prevents access to the cookie through JavaScript.

    Set-Cookie

    canvas_session=Mt8N1kA5U6we0P7xYTTCPQ+h0Ngh8gu2z0ITBx0c5bgRxlaKCROZq96Hty6_Auwm4mCnc-ztf_O8BM3yYMVE3N2iaJgSLMbBG1He3eZMkj6P5S9ygGBTMO7j66-ZT7HWiQ2U9XuwDMpzp78HGvBpGB1kESA-RuyIHJsmt8q5GUmo1lOt2GowyhjTs3NXJU-8NM.mbIAnNguEmMGnozW6DmhL36wXKY.Zod-TQ; path=/; secure; httponly; SameSite=None

    A cookie sent from the server to be set on the client

    • canvas_session

      Mt8N1kA5U6we0P7xYTTCPQ+h0Ngh8gu2z0ITBx0c5bgRxlaKCROZq96Hty6_Auwm4mCnc-ztf_O8BM3yYMVE3N2iaJgSLMbBG1He3eZMkj6P5S9ygGBTMO7j66-ZT7HWiQ2U9XuwDMpzp78HGvBpGB1kESA-RuyIHJsmt8q5GUmo1lOt2GowyhjTs3NXJU-8NM.mbIAnNguEmMGnozW6DmhL36wXKY.Zod-TQ

      Cookie name and value.

    • Path

      /

      The client will only send the cookie when requesting this path, or subdirectories, from the server.

    • secure

      The cookie is only sent when requesting from a https domain.

    • httponly

      Prevents access to the cookie through JavaScript.

    • Samesite

      None

      Cookie sent with both cross-site and same-site requests..

    X-Request-Processor

    09622848a03691b7e

    X-A11y-Ally

    Dana Danger Grey

    P3p

    CP="None, see http://www.instructure.com/privacy-policy"

    P3P policy.