HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
200
Total Requests
1
Total Time
373 ms

  • https://hackmd.okfn.de/s/SyF79J15Ze

    Status
    200
    Message
    OK
    Time
    373 ms
  • IP
    136.243.171.22
    View Map

  • Timing

    Wait

    0 ms

    DNS

    19 ms

    TCP

    106 ms

    Request

    1 ms

    First Byte

    147 ms

    Download

    0 ms

    Total

    373 ms

  • HTTP Headers

    Server

    nginx

    A name for the server.

    nginx - Description of the server software.

    Date

    Wed, 29 Apr 2026 08:03:13 GMT

    The date and time that the message was sent.

    Content-Type

    text/html; charset=utf-8

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      utf-8

    Content-Length

    13711(13.7 kB)

    The length of the response body in octets (8-bit bytes).

    Connection

    keep-alive

    Control options for the current connection and list of hop-by-hop response fields.

    keep-alive - The client would like to keep the connection open.

    X-Powered-By

    Express

    The software powering this site.

    Strict-Transport-Security

    max-age=31536000000; includeSubDomains; preload

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      31536000000 (1000 years)

      The time a browser should remember a site can only be accessed with https (seconds).

    • includesubdomains

      max-age applies to subdomains as well.

    • preload

      Use Google's preloading strict transport security.

    Referrer-Policy

    same-origin

    Controls what referrer information is sent with requests.

    same-origin - Send the full referrer for same origin requests, and nothing for cross-origin.

    Content-Security-Policy

    script-src 'self' vimeo.com https://gist.github.com www.slideshare.net https://query.yahooapis.com 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.mathjax.org https://*.disqus.com https://*.disquscdn.com https://www.google-analytics.com 'nonce-6f03340e-11df-49ae-92f1-85ef85af7395' 'sha256-EtvSSxRwce5cLeFBZbvZvDrTiRoyoXbWWwvEVciM5Ag='; img-src *; style-src 'self' 'unsafe-inline' https://assets-cdn.github.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.disquscdn.com; font-src 'self' https://public.slidesharecdn.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://*.disquscdn.com; object-src *; media-src *; child-src *; connect-src *

    The content security policy allows the server to determine what resources the user is allowed to load.

    • Script-Src

      Define sources for JavaScript.

      • 'self'
      • vimeo.com
      • https://gist.github.com
      • www.slideshare.net
      • https://query.yahooapis.com
      • 'unsafe-eval'
      • https://cdnjs.cloudflare.com
      • https://cdn.mathjax.org
      • https://*.disqus.com
      • https://*.disquscdn.com
      • https://www.google-analytics.com
      • 'nonce-6f03340e-11df-49ae-92f1-85ef85af7395'
      • 'sha256-EtvSSxRwce5cLeFBZbvZvDrTiRoyoXbWWwvEVciM5Ag='

    • Img-Src

      Define sources for images and favicons.

      • *

    • Style-Src

      Define sources for stylesheets.

      • 'self'
      • 'unsafe-inline'
      • https://assets-cdn.github.com
      • https://cdnjs.cloudflare.com
      • https://fonts.googleapis.com
      • https://*.disquscdn.com

    • Font-Src

      Define sources for fonts.

      • 'self'
      • https://public.slidesharecdn.com
      • https://cdnjs.cloudflare.com
      • https://fonts.gstatic.com
      • https://*.disquscdn.com

    • Object-Src

      Define sources for object, embed, and applet elements.

      • *

    • Media-Src

      Define sources for audio, video, and track elements.

      • *

    • Child-Src

      Define sources for web works and frames.

      • *

    • Connect-Src

      Define sources for script interfaces.

      • *
    Codimd-Version

    1.2.0

    Cache-Control

    private

    Inform all caching mechanisms from server to client whether they may cache this object.

    private - May only be stored by a browser cache.

    Etag

    W/"358f-hyMRMq9PfAxFxDEQIzpThv7HgRA"

    An identifier for a specific version of a resource.

    • Validator

      weak

      A weak tag is easier to generate and prevents byte range caching.

    • Tag

      358f-hyMRMq9PfAxFxDEQIzpThv7HgRA

    Set-Cookie

    connect.sid=s%3AE7Nh-h6IEuB-9Cwc11MJXj14MbH5HWrs.e1WnzEjUpQUrnUxcKqclaNGd9ll3xUvWtaMxFlqMHMU; Path=/; Expires=Wed, 13 May 2026 08:03:13 GMT; HttpOnly

    A cookie sent from the server to be set on the client

    • connect.sid

      s%3AE7Nh-h6IEuB-9Cwc11MJXj14MbH5HWrs.e1WnzEjUpQUrnUxcKqclaNGd9ll3xUvWtaMxFlqMHMU

      Cookie name and value.

    • Path

      /

      The client will only send the cookie when requesting this path, or subdirectories, from the server.

    • Expires

      Wed, 13 May 2026 08:03:13 GMT

      When the cookie should expire.

    • HttpOnly

      Prevents access to the cookie through JavaScript.

    Vary

    Accept-Encoding

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • Accept-Encoding