HTTP Headers
Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.
Summary
- Response
- Total Requests
- 1
- Total Time
- 280 ms
https://codimd.communecter.org/6bJkDG3-RRy-6R_9NQM4fA/- Status
- 200
- Message
- OK
- Time
- 280 ms
- IP
- 51.210.248.2
Timing
Wait
0 ms
DNS
3 ms
TCP
82 ms
Request
0 ms
First Byte
90 ms
Download
0 ms
Total
280 ms
HTTP Headers
- Cache-Control
private
Inform all caching mechanisms from server to client whether they may cache this object.
private - May only be stored by a browser cache.
- Codimd-Version
2.4.1
- Content-Length
43321(43.3 kB)
The length of the response body in octets (8-bit bytes).
- Content-Security-Policy
script-src 'self' vimeo.com https://gist.github.com www.slideshare.net https://query.yahooapis.com 'unsafe-eval' https://disqus.com https://*.disqus.com https://*.disquscdn.com https://www.google-analytics.com 'nonce-d710a4ee-aa78-477a-a55d-e40c7a5347d2' 'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM='; img-src * data:; style-src 'self' 'unsafe-inline' https://github.githubassets.com https://*.disquscdn.com; font-src 'self' data: https://public.slidesharecdn.com https://*.disquscdn.com; object-src *; media-src *; child-src *; connect-src *
The content security policy allows the server to determine what resources the user is allowed to load.
Script-Src
Define sources for JavaScript.
- 'self'
- vimeo.com
- https://gist.github.com
- www.slideshare.net
- https://query.yahooapis.com
- 'unsafe-eval'
- https://disqus.com
- https://*.disqus.com
- https://*.disquscdn.com
- https://www.google-analytics.com
- 'nonce-d710a4ee-aa78-477a-a55d-e40c7a5347d2'
- 'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM='
Img-Src
Define sources for images and favicons.
- *
- data:
Style-Src
Define sources for stylesheets.
- 'self'
- 'unsafe-inline'
- https://github.githubassets.com
- https://*.disquscdn.com
Font-Src
Define sources for fonts.
- 'self'
- data:
- https://public.slidesharecdn.com
- https://*.disquscdn.com
Object-Src
Define sources for object, embed, and applet elements.
- *
Media-Src
Define sources for audio, video, and track elements.
- *
Child-Src
Define sources for web works and frames.
- *
Connect-Src
Define sources for script interfaces.
- *
- Content-Type
text/html; charset=utf-8
The MIME type of this content.
Type
text/html
Description
HTML file
Charset
utf-8
- Date
Wed, 29 Apr 2026 08:07:06 GMT
The date and time that the message was sent.
- Etag
W/"a939-NXtBZa4KOrEL9mR5TW+B92KOay0"
An identifier for a specific version of a resource.
Validator
weak
A weak tag is easier to generate and prevents byte range caching.
Tag
a939-NXtBZa4KOrEL9mR5TW+B92KOay0
- Referrer-Policy
same-origin
Controls what referrer information is sent with requests.
same-origin - Send the full referrer for same origin requests, and nothing for cross-origin.
- Set-Cookie
connect.sid=s%3Aczfi1-TX-3Jw5TtHbP2tw6TAlM3eSaAr.nrz%2FR5zBMPnRlNx2rWdAKC6pamqlq%2FgyXdS3SCp4jo8; Path=/; Expires=Wed, 13 May 2026 08:07:06 GMT; HttpOnly
A cookie sent from the server to be set on the client
connect.sid
s%3Aczfi1-TX-3Jw5TtHbP2tw6TAlM3eSaAr.nrz%2FR5zBMPnRlNx2rWdAKC6pamqlq%2FgyXdS3SCp4jo8
Cookie name and value.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
Expires
Wed, 13 May 2026 08:07:06 GMT
When the cookie should expire.
HttpOnly
Prevents access to the cookie through JavaScript.
- Strict-Transport-Security
max-age=31536000; preload
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
Max-Age
31536000 (1 year)
The time a browser should remember a site can only be accessed with https (seconds).
preload
Use Google's preloading strict transport security.
- X-Powered-By
Express
The software powering this site.
- X-Robots-Tag
noindex, nofollow
Specify how the resource is shown in search results.
noindex
Do not show this page in search results.
nofollow
Do not follow links on this page.