HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
403
Total Requests
1
Total Time
18 ms
  • IP
    104.21.92.232
    View Map

  • Timing

    Wait

    1 ms

    DNS

    1 ms

    TCP

    3 ms

    Request

    0 ms

    First Byte

    4 ms

    Download

    1 ms

    Total

    18 ms

  • HTTP Headers

    Date

    Wed, 29 Apr 2026 08:05:25 GMT

    The date and time that the message was sent.

    Content-Type

    text/html; charset=UTF-8

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      UTF-8

    Content-Length

    5698(5.7 kB)

    The length of the response body in octets (8-bit bytes).

    Connection

    close

    Control options for the current connection and list of hop-by-hop response fields.

    close - The client or server would like to close the connection.

    Accept-Ch

    Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA

    Specify what client hints should be included in subsequent requests.

    • sec-ch-ua-bitness

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-arch

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-full-version

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-mobile

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-model

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-platform-version

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-full-version-list

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua-platform

      Problems were found.

      • Option is not one of known values.

    • sec-ch-ua

      Problems were found.

      • Option is not one of known values.

    • ua-bitness

      Problems were found.

      • Option is not one of known values.

    • ua-arch

      Problems were found.

      • Option is not one of known values.

    • ua-full-version

      Problems were found.

      • Option is not one of known values.

    • ua-mobile

      Problems were found.

      • Option is not one of known values.

    • ua-model

      Problems were found.

      • Option is not one of known values.

    • ua-platform-version

      Problems were found.

      • Option is not one of known values.

    • ua-platform

      Problems were found.

      • Option is not one of known values.

    • ua

      Problems were found.

      • Option is not one of known values.
    Cf-Mitigated

    challenge

    Content-Security-Policy

    default-src 'none'; script-src 'nonce-bAw3ByMPkgz8DJTi0S4Nkr' 'unsafe-eval' https://challenges.cloudflare.com; script-src-attr 'none'; style-src 'unsafe-inline'; img-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com blob:; child-src 'self' https://challenges.cloudflare.com blob:; worker-src blob:; form-action http: https:; base-uri 'self'

    The content security policy allows the server to determine what resources the user is allowed to load.

    • Default-Src

      Fallback for all fetches.

      • 'none'

    • Script-Src

      Define sources for JavaScript.

      • 'nonce-bAw3ByMPkgz8DJTi0S4Nkr'
      • 'unsafe-eval'
      • https://challenges.cloudflare.com

    • script-src-attr

      'none'

      Problems were found.

      • Option is not one of known values.

    • Style-Src

      Define sources for stylesheets.

      • 'unsafe-inline'

    • Img-Src

      Define sources for images and favicons.

      • 'self'
      • https://challenges.cloudflare.com

    • Connect-Src

      Define sources for script interfaces.

      • 'self'
      • https://challenges.cloudflare.com

    • Frame-Src

      Define sources for frames.

      • 'self'
      • https://challenges.cloudflare.com
      • blob:

    • Child-Src

      Define sources for web works and frames.

      • 'self'
      • https://challenges.cloudflare.com
      • blob:

    • Worker-Src

      Define sources for Worker, SharedWork, and ServiceWorker scripts.

      • blob:

    • Form-Action

      Define what can be used as the target for forms.

      • http:
      • https:

    • Base-URI

      Define what can be used in the base element.

      • 'self'
    Server

    cloudflare

    A name for the server.

    cloudflare - Description of the server software.

    Critical-Ch

    Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA

    Cross-Origin-Embedder-Policy

    require-corp

    Cross-Origin-Opener-Policy

    same-origin

    Isolate the document from cross-origin windows.

    same-origin - Isolated the browsing context to same-origin.

    Cross-Origin-Resource-Policy

    same-origin

    The cross-origin policy.

    same-origin - Allow same origin requests only.

    Origin-Agent-Cluster

    ?1

    Permissions-Policy

    accelerometer=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),xr-spatial-tracking=(self)

    Enable and disable browser features.

    • accelerometer

      Control access to accelerometer.

      • () - Feature is disabled.

    • browsing-topics

      Problems were found.

      • Unknown option
      • () - Feature is disabled.

    • camera

      Control access to camera.

      • () - Feature is disabled.

    • clipboard-read

      Control access to clipboard reading.

      • () - Feature is disabled.

    • clipboard-write

      Control access to clipboard writing.

      • () - Feature is disabled.

    • geolocation

      Control access to geo location API.

      • () - Feature is disabled.

    • gyroscope

      Control access to gyroscope API.

      • () - Feature is disabled.

    • hid

      Problems were found.

      • Unknown option
      • () - Feature is disabled.

    • interest-cohort

      Control access to Federated Learning of Cohorts.

      • () - Feature is disabled.

    • magnetometer

      Control access to magnetometer API.

      • () - Feature is disabled.

    • microphone

      Control access to microphone device.

      • () - Feature is disabled.

    • payment

      Control access to payment request API.

      • () - Feature is disabled.

    • publickey-credentials-get

      Control access to web authentication API.

      • () - Feature is disabled.

    • screen-wake-lock

      Control access to screen wake lock API.

      • () - Feature is disabled.

    • serial

      Problems were found.

      • Unknown option
      • () - Feature is disabled.

    • sync-xhr

      Control access to XMLHttpRequests.

      • () - Feature is disabled.

    • usb

      Control access to web USB API.

      • () - Feature is disabled.

    • xr-spatial-tracking

      Control access to WebXR API.

      • (self) - Allowed on this page and all nested contexts in the same origin.
    Referrer-Policy

    same-origin

    Controls what referrer information is sent with requests.

    same-origin - Send the full referrer for same origin requests, and nothing for cross-origin.

    Server-Timing

    chlray;desc="9f3ccd32ec833f3b"

    Server metrics for the request.

    • Chlray

      9f3ccd32ec833f3b

    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    X-Frame-Options

    SAMEORIGIN

    Clickjacking protection.

    SAMEORIGIN - No rendering if origin mismatch.

    Report-To

    {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9LbHc4reDOXLGxfS%2Bv2DKYJAv%2BEdd5aHHf%2BiZVMwCEUS6Y44aJDIaAVDBlU3JWTw9O2tMuUFAvgmFevV5s%2FDG0EoirLHA%2BfyyXA7RJkDp0RJrFFdx4YjC2ixajA8S96qin2rb3jGYqQY"}]}

    Report to.

    • Group

      cf-nel

    • Max_age

      604800

    • Endpoints

      • {"url":"https://a.nel.cloudflare.com/report/v4?s=9LbHc4reDOXLGxfS%2Bv2DKYJAv%2BEdd5aHHf%2BiZVMwCEUS6Y44aJDIaAVDBlU3JWTw9O2tMuUFAvgmFevV5s%2FDG0EoirLHA%2BfyyXA7RJkDp0RJrFFdx4YjC2ixajA8S96qin2rb3jGYqQY"}
    Nel

    {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}

    Configure network request logging.

    • Report_to

      cf-nel

    • Success_fraction

      0

    • Max_age

      604800

    Cf-Ray

    9f3ccd32ec833f3b-EWR

    Encoded information about your request from Cloudflare.

    Alt-Svc

    h3=":443"; ma=86400

    Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.

    • Service

      • h3 - :443

    • Service

      • ma - 86400 (1 day)

        Max age for the alternative (seconds).