HTTP Headers
Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.
Summary
- Response
- Total Requests
- 1
- Total Time
- 81 ms
https://clash.gg/csgo-case-battles- Status
- 403
- Message
- Forbidden
- Time
- 81 ms
- IP
- 104.18.22.108
Timing
Wait
0 ms
DNS
6 ms
TCP
6 ms
Request
0 ms
First Byte
59 ms
Download
0 ms
Total
81 ms
HTTP Headers
- Date
Fri, 10 Jul 2026 06:52:21 GMT
The date and time that the message was sent.
- Content-Type
text/html; charset=UTF-8
The MIME type of this content.
Problems were detected with this header
- Unknown MIME type.
- Content-Length
186658(187 kB)
The length of the response body in octets (8-bit bytes).
- Connection
close
Control options for the current connection and list of hop-by-hop response fields.
close - The client or server would like to close the connection.
- Accept-Ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Specify what client hints should be included in subsequent requests.
sec-ch-ua-bitness
Problems were found.
- Option is not one of known values.
sec-ch-ua-arch
Problems were found.
- Option is not one of known values.
sec-ch-ua-full-version
Problems were found.
- Option is not one of known values.
sec-ch-ua-mobile
Problems were found.
- Option is not one of known values.
sec-ch-ua-model
Problems were found.
- Option is not one of known values.
sec-ch-ua-platform-version
Problems were found.
- Option is not one of known values.
sec-ch-ua-full-version-list
Problems were found.
- Option is not one of known values.
sec-ch-ua-platform
Problems were found.
- Option is not one of known values.
sec-ch-ua
Problems were found.
- Option is not one of known values.
ua-bitness
Problems were found.
- Option is not one of known values.
ua-arch
Problems were found.
- Option is not one of known values.
ua-full-version
Problems were found.
- Option is not one of known values.
ua-mobile
Problems were found.
- Option is not one of known values.
ua-model
Problems were found.
- Option is not one of known values.
ua-platform-version
Problems were found.
- Option is not one of known values.
ua-platform
Problems were found.
- Option is not one of known values.
ua
Problems were found.
- Option is not one of known values.
- Cf-Mitigated
challenge
- X-Frame-Options
SAMEORIGIN
Clickjacking protection.
SAMEORIGIN - No rendering if origin mismatch.
- Server
cloudflare
A name for the server.
cloudflare - Description of the server software.
- Critical-Ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
- Cross-Origin-Embedder-Policy
require-corp
- Cross-Origin-Opener-Policy
same-origin
Isolate the document from cross-origin windows.
same-origin - Isolated the browsing context to same-origin.
- Cross-Origin-Resource-Policy
same-origin
The cross-origin policy.
same-origin - Allow same origin requests only.
- Origin-Agent-Cluster
?1
- Permissions-Policy
accelerometer=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),xr-spatial-tracking=*
Enable and disable browser features.
accelerometer
Control access to accelerometer.
- () - Feature is disabled.
camera
Control access to camera.
- () - Feature is disabled.
clipboard-read
Control access to clipboard reading.
- () - Feature is disabled.
clipboard-write
Control access to clipboard writing.
- () - Feature is disabled.
geolocation
Control access to geo location API.
- () - Feature is disabled.
gyroscope
Control access to gyroscope API.
- () - Feature is disabled.
hid
Problems were found.
- Unknown option
- () - Feature is disabled.
magnetometer
Control access to magnetometer API.
- () - Feature is disabled.
microphone
Control access to microphone device.
- () - Feature is disabled.
payment
Control access to payment request API.
- () - Feature is disabled.
publickey-credentials-get
Control access to web authentication API.
- () - Feature is disabled.
screen-wake-lock
Control access to screen wake lock API.
- () - Feature is disabled.
serial
Problems were found.
- Unknown option
- () - Feature is disabled.
sync-xhr
Control access to XMLHttpRequests.
- () - Feature is disabled.
usb
Control access to web USB API.
- () - Feature is disabled.
xr-spatial-tracking
Control access to WebXR API.
- * - Allowed on this page and all nested contexts of any origin.
- Referrer-Policy
same-origin
Controls what referrer information is sent with requests.
same-origin - Send the full referrer for same origin requests, and nothing for cross-origin.
- Server-Timing
chlray;desc="a18da52b9edd3ea9"
Server metrics for the request.
Chlray
a18da52b9edd3ea9
- X-Content-Type-Options
nosniff
Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
nosniff - Block requests if type 'style' or 'script'.
- Set-Cookie
__cf_bm=nMj13Mrr6GmW56V7VDPqS1QSYj_vw7jr5d2c4vm3VUM-1783666341.6966002-1.0.1.1-SmtRNe..ZNj7lwUAsuXH7moQ_7TP8C3j9_aAWGgAb4ACt_3g_qFU1yWjHGCkZkK_hkvB0oLagl1VWe3sUn9RyVMLRT_O1Y6ZwUid9fT21mUOGIcOnkKdciB_o0OW9wWw; HttpOnly; SameSite=None; Secure; Path=/; Domain=clash.gg; Expires=Fri, 10 Jul 2026 07:22:21 GMT
A cookie sent from the server to be set on the client
__cf_bm
nMj13Mrr6GmW56V7VDPqS1QSYj_vw7jr5d2c4vm3VUM-1783666341.6966002-1.0.1.1-SmtRNe..ZNj7lwUAsuXH7moQ_7TP8C3j9_aAWGgAb4ACt_3g_qFU1yWjHGCkZkK_hkvB0oLagl1VWe3sUn9RyVMLRT_O1Y6ZwUid9fT21mUOGIcOnkKdciB_o0OW9wWw
Cookie name and value.
HttpOnly
Prevents access to the cookie through JavaScript.
Samesite
None
Cookie sent with both cross-site and same-site requests..
Secure
The cookie is only sent when requesting from a https domain.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
Domain
clash.gg
The client will only send the cookie when requesting from this domain.
Expires
Fri, 10 Jul 2026 07:22:21 GMT
When the cookie should expire.
- Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
Max-Age
31536000 (1 year)
The time a browser should remember a site can only be accessed with https (seconds).
includesubdomains
max-age applies to subdomains as well.
preload
Use Google's preloading strict transport security.
- Cf-Ray
a18da52b9edd3ea9-EWR
Encoded information about your request from Cloudflare.
- Alt-Svc
h3=":443"; ma=86400
Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.
Service
- h3 - :443
Service
- ma - 86400 (1 day)
Max age for the alternative (seconds).
- ma - 86400 (1 day)