HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
200
Total Requests
1
Total Time
945 ms

  • https://earthshakekids.com/

    Status
    200
    Message
    OK
    Time
    945 ms
  • IP
    172.67.149.6
    View Map

  • Timing

    Wait

    0 ms

    DNS

    9 ms

    TCP

    2 ms

    Request

    0 ms

    First Byte

    925 ms

    Download

    0 ms

    Total

    945 ms

  • HTTP Headers

    Date

    Wed, 04 Dec 2024 21:10:56 GMT

    The date and time that the message was sent.

    Content-Type

    text/html; charset=utf-8

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      utf-8

    Connection

    close

    Control options for the current connection and list of hop-by-hop response fields.

    close - The client or server would like to close the connection.

    Vary

    Accept-Encoding

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • Accept-Encoding
    Vary

    RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • RSC
      • Next-Router-State-Tree
      • Next-Router-Prefetch
      • Accept-Encoding

    Problems were detected with this header

    • Duplicate header. There is another header with this name and this may cause problems.
    X-Dns-Prefetch-Control

    on

    Strict-Transport-Security

    max-age=31536000; includeSubDomains; preload

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      31536000 (1 year)

      The time a browser should remember a site can only be accessed with https (seconds).

    • includesubdomains

      max-age applies to subdomains as well.

    • preload

      Use Google's preloading strict transport security.

    X-Xss-Protection

    1; mode=block

    Cross-site scripting (XSS) filter.

    • 1

      Enable XSS filtering.

    • Mode

      Filtering mode.

      • block - Block page if XSS is detected.
    X-Frame-Options

    SAMEORIGIN

    Clickjacking protection.

    SAMEORIGIN - No rendering if origin mismatch.

    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    Referrer-Policy

    origin-when-cross-origin

    Controls what referrer information is sent with requests.

    origin-when-cross-origin - Send the full referrer when performing a same origin request, and the origin when not.

    Content-Security-Policy

    default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net fw-cdn.com *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/ https:; manifest-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to cdn.jsdelivr.net *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/; font-src 'self' fonts.gstatic.com cdn.livechatinc.com *.tawk.to; img-src 'self' cdn.jsdelivr.net tawk.link https: data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com; media-src 'self' data: cdn.databerjalan.com dataset.catgarong.com cdn.livechatinc.com youtube.com vimeo.com geo.dailymotion.com twitch.com; object-src 'self' data:; connect-src 'self' data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com unpkg.com *.tawk.to wss://*.tawk.to https: wss:; frame-src *.tawk.to https:; frame-ancestors 'self'; form-action 'self' *.tawk.to

    The content security policy allows the server to determine what resources the user is allowed to load.

    • Default-Src

      Fallback for all fetches.

      • 'none'

    • Script-Src

      Define sources for JavaScript.

      • 'self'
      • 'unsafe-inline'
      • 'unsafe-eval'
      • *.tawk.to
      • cdn.jsdelivr.net
      • fw-cdn.com
      • *.freshdesk.com
      • *.freshworks.com
      • https://fonts.googleapis.com/css
      • https://*.freshchat.com/
      • https:

    • Manifest-Src

      Define sources for manifest files.

      • 'self'

    • Child-Src

      Define sources for web works and frames.

      • 'self'

    • Style-Src

      Define sources for stylesheets.

      • 'self'
      • 'unsafe-inline'
      • fonts.googleapis.com
      • *.tawk.to
      • cdn.jsdelivr.net
      • *.freshdesk.com
      • *.freshworks.com
      • https://fonts.googleapis.com/css
      • https://*.freshchat.com/

    • Font-Src

      Define sources for fonts.

      • 'self'
      • fonts.gstatic.com
      • cdn.livechatinc.com
      • *.tawk.to

    • img-src

      Define sources for images and favicons.

      Problems were found.

      • Duplicate value detected.
      • 'self'
      • cdn.jsdelivr.net
      • tawk.link
      • https:
      • data:
      • cdn.databerjalan.com

        Duplicated value.

      • cdn.databerjalan.com

        Duplicated value.

      • cdn.livechat-files.com
      • www.google-analytics.com

    • Media-Src

      Define sources for audio, video, and track elements.

      • 'self'
      • data:
      • cdn.databerjalan.com
      • dataset.catgarong.com
      • cdn.livechatinc.com
      • youtube.com
      • vimeo.com
      • geo.dailymotion.com
      • twitch.com

    • Object-Src

      Define sources for object, embed, and applet elements.

      • 'self'
      • data:

    • connect-src

      Define sources for script interfaces.

      Problems were found.

      • Duplicate value detected.
      • 'self'
      • data:
      • cdn.databerjalan.com

        Duplicated value.

      • cdn.databerjalan.com

        Duplicated value.

      • cdn.livechat-files.com
      • www.google-analytics.com
      • unpkg.com
      • *.tawk.to
      • wss://*.tawk.to
      • https:
      • wss:

    • Frame-Src

      Define sources for frames.

      • *.tawk.to
      • https:

    • Frame-Ancestors

      Define valid parents for frame, iframe, embed, object, and applet.

      • 'self'

    • Form-Action

      Define what can be used as the target for forms.

      • 'self'
      • *.tawk.to
    Cache-Control

    public, max-age=120

    Inform all caching mechanisms from server to client whether they may cache this object.

    • public

      May be stored by any cache.

    • Max-Age

      120 (2 minutes)

      The time a browser should remember a site can only be accessed with https (seconds).

    Link

    </_next/static/media/0484562807a97172-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/4c285fdca692ea22-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/6245472ced48d3be-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/7108afb8b1381ad1-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/7db6c35d839a711c-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2"

    Used to express a typed relationship with another resource.

    • Link

      /_next/static/media/0484562807a97172-s.p.woff2

      • rel - preload
      • as - font
      • crossorigin
      • type - font/woff2

    • Link

      /_next/static/media/4c285fdca692ea22-s.p.woff2

      • rel - preload
      • as - font
      • crossorigin
      • type - font/woff2

    • Link

      /_next/static/media/6245472ced48d3be-s.p.woff2

      • rel - preload
      • as - font
      • crossorigin
      • type - font/woff2

    • Link

      /_next/static/media/7108afb8b1381ad1-s.p.woff2

      • rel - preload
      • as - font
      • crossorigin
      • type - font/woff2

    • Link

      /_next/static/media/7db6c35d839a711c-s.p.woff2

      • rel - preload
      • as - font
      • crossorigin
      • type - font/woff2
    Cf-Cache-Status

    DYNAMIC

    Encoded information about your request from Cloudflare.

    DYNAMIC - This is not cached by default.

    Report-To

    {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=64Hr3PCCqg83k9%2B%2FXf%2FgZz9apkBNZ4wsP5bqIcpfYGHq1AUQbVYJIyAF0q9wdVURt9ebmGxHiYPLV1ITw%2Fc7qYWjjGc%2FX7gfTT%2BCqt%2BG2gkSJROy7ibdvySv86iZFPR94EIBxT8%3D"}],"group":"cf-nel","max_age":604800}

    Report to.

    • Endpoints

      • {"url":"https://a.nel.cloudflare.com/report/v4?s=64Hr3PCCqg83k9%2B%2FXf%2FgZz9apkBNZ4wsP5bqIcpfYGHq1AUQbVYJIyAF0q9wdVURt9ebmGxHiYPLV1ITw%2Fc7qYWjjGc%2FX7gfTT%2BCqt%2BG2gkSJROy7ibdvySv86iZFPR94EIBxT8%3D"}

    • Group

      cf-nel

    • Max_age

      604800

    Nel

    {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

    Configure network request logging.

    • Success_fraction

      0

    • Report_to

      cf-nel

    • Max_age

      604800

    Server

    cloudflare

    A name for the server.

    cloudflare - Description of the server software.

    Cf-Ray

    8ecec935596b0c86-EWR

    Encoded information about your request from Cloudflare.

    Alt-Svc

    h3=":443"; ma=86400

    Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.

    • Service

      • h3 - :443

    • Service

      • ma - 86400 (1 day)

        Max age for the alternative (seconds).

    Server-Timing

    cfL4;desc="?proto=TCP&rtt=1067&min_rtt=1063&rtt_var=306&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=697&delivery_rate=2664213&cwnd=247&unsent_bytes=0&cid=bd6f07dd17d5c1b2&ts=933&x=0"

    Server metrics for the request.

    • Cfl4