HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
404
Total Requests
1
Total Time
413 ms

  • https://notabug.org/yellowact4

    Status
    404
    Message
    Not Found
    Time
    413 ms
  • IP
    5.9.105.58
    View Map

  • Timing

    Wait

    1 ms

    DNS

    149 ms

    TCP

    89 ms

    Request

    0 ms

    First Byte

    87 ms

    Download

    0 ms

    Total

    413 ms

  • HTTP Headers

    Server

    nginx/1.28.0

    A name for the server.

    • Server

      nginx

      Description of the server software.

    • Version

      1.28.0

      Version number.

    Date

    Sat, 14 Mar 2026 05:58:50 GMT

    The date and time that the message was sent.

    Content-Type

    text/html

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    Content-Length

    8010(8.01 kB)

    The length of the response body in octets (8-bit bytes).

    Connection

    keep-alive

    Control options for the current connection and list of hop-by-hop response fields.

    keep-alive - The client would like to keep the connection open.

    Vary

    Accept-Encoding

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • Accept-Encoding
    Etag

    "63c2b303-1f4a"

    An identifier for a specific version of a resource.

    • Validator

      strong

      A weak tag is easier to generate and prevents byte range caching.

    • Tag

      63c2b303-1f4a

    X-Clacks-Overhead

    GNU Terry Pratchett

    Content-Security-Policy

    default-src 'self'; connect-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:;

    The content security policy allows the server to determine what resources the user is allowed to load.

    • Default-Src

      Fallback for all fetches.

      • 'self'

    • Connect-Src

      Define sources for script interfaces.

      • 'self'

    • Img-Src

      Define sources for images and favicons.

      • *

    • Script-Src

      Define sources for JavaScript.

      • 'self'

    • Style-Src

      Define sources for stylesheets.

      • 'self'
      • 'unsafe-inline'

    • Font-Src

      Define sources for fonts.

      • 'self'
      • data:
    Strict-Transport-Security

    max-age=31536000; includeSubDomains; preload

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      31536000 (1 year)

      The time a browser should remember a site can only be accessed with https (seconds).

    • includesubdomains

      max-age applies to subdomains as well.

    • preload

      Use Google's preloading strict transport security.