HTTP Headers
Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.
Summary
- Response
- Total Requests
- 1
- Total Time
- 992 ms
https://notabug.org/yellowact4- Status
- 200
- Message
- OK
- Time
- 992 ms
- IP
- 5.9.105.58
Timing
Wait
0 ms
DNS
114 ms
TCP
94 ms
Request
0 ms
First Byte
595 ms
Download
0 ms
Total
992 ms
HTTP Headers
- Server
nginx/1.26.2
A name for the server.
Server
nginx
Description of the server software.
Version
1.26.2
Version number.
- Date
Wed, 05 Feb 2025 07:47:16 GMT
The date and time that the message was sent.
- Content-Type
text/html; charset=UTF-8
The MIME type of this content.
Type
text/html
Description
HTML file
Charset
UTF-8
- Connection
close
Control options for the current connection and list of hop-by-hop response fields.
close - The client or server would like to close the connection.
- Vary
Accept-Encoding
Indicates that different content may be provided to different clients, depending on the vary header.
Headers
- Accept-Encoding
- Set-Cookie
lang=en-US; Path=/; secure; Max-Age=2147483647
A cookie sent from the server to be set on the client
lang
en-US
Cookie name and value.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
secure
The cookie is only sent when requesting from a https domain.
Max-Age
2147483647 (68 years 35 days 3 hours 14 minutes 7 seconds)
Number of seconds until the cookie expires.
- Set-Cookie
notabug_session=5d06effa5ae5d38c; Path=/; secure; HttpOnly
A cookie sent from the server to be set on the client
notabug_session
5d06effa5ae5d38c
Cookie name and value.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
secure
The cookie is only sent when requesting from a https domain.
HttpOnly
Prevents access to the cookie through JavaScript.
- Set-Cookie
_csrf=QDnlZmPG2WJ8HwFC3AyXPTJjWrw6MTczODc0MTYzNjAyNjc0OTMyMA%3D%3D; Path=/; secure; Expires=Thu, 06 Feb 2025 07:47:16 GMT; HttpOnly
A cookie sent from the server to be set on the client
_csrf
QDnlZmPG2WJ8HwFC3AyXPTJjWrw6MTczODc0MTYzNjAyNjc0OTMyMA%3D%3D
Cookie name and value.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
secure
The cookie is only sent when requesting from a https domain.
Expires
Thu, 06 Feb 2025 07:47:16 GMT
When the cookie should expire.
HttpOnly
Prevents access to the cookie through JavaScript.
- X-Clacks-Overhead
GNU Terry Pratchett
- Content-Security-Policy
default-src 'self'; connect-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:;
The content security policy allows the server to determine what resources the user is allowed to load.
Default-Src
Fallback for all fetches.
- 'self'
Connect-Src
Define sources for script interfaces.
- 'self'
Img-Src
Define sources for images and favicons.
- *
Script-Src
Define sources for JavaScript.
- 'self'
Style-Src
Define sources for stylesheets.
- 'self'
- 'unsafe-inline'
Font-Src
Define sources for fonts.
- 'self'
- data:
- X-Content-Type-Options
nosniff
Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
nosniff - Block requests if type 'style' or 'script'.
- X-Xss-Protection
1; mode=block
Cross-site scripting (XSS) filter.
1
Enable XSS filtering.
Mode
Filtering mode.
- block - Block page if XSS is detected.
- Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
Max-Age
31536000 (1 year)
The time a browser should remember a site can only be accessed with https (seconds).
includesubdomains
max-age applies to subdomains as well.
preload
Use Google's preloading strict transport security.