HTTP Headers
Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.
Summary
- Response
- Total Requests
- 1
- Total Time
- 544 ms
https://onhour.ru/- Status
- 200
- Message
- OK
- Time
- 544 ms
- IP
- 176.53.162.79
Timing
Wait
1 ms
DNS
33 ms
TCP
129 ms
Request
0 ms
First Byte
128 ms
Download
1 ms
Total
544 ms
HTTP Headers
- Server
nginx/1.20.2
A name for the server.
Server
nginx
Description of the server software.
Version
1.20.2
Version number.
- Date
Sat, 21 Mar 2026 03:48:11 GMT
The date and time that the message was sent.
- Content-Type
text/html; charset=utf-8
The MIME type of this content.
Type
text/html
Description
HTML file
Charset
utf-8
- Connection
keep-alive
Control options for the current connection and list of hop-by-hop response fields.
keep-alive - The client would like to keep the connection open.
- X-Powered-By
PHP/7.2.24-0ubuntu0.18.04.17
The software powering this site.
- Expires
Sat, 21 Mar 2026 06:48:11 GMT
The time at which the response is considered stale.
- Cache-Control
public, max-age=10800
Inform all caching mechanisms from server to client whether they may cache this object.
public
May be stored by any cache.
Max-Age
10800 (3 hours)
The time a browser should remember a site can only be accessed with https (seconds).
- Cache-Control
public, max-age=3600, must-revalidate
Inform all caching mechanisms from server to client whether they may cache this object.
public
May be stored by any cache.
Max-Age
3600 (1 hour)
The time a browser should remember a site can only be accessed with https (seconds).
must-revalidate
Stale caches must not be used.
Problems were detected with this header
- Duplicate header. There is another header with this name and this may cause problems.
- X-Cache
HIT
Indicates whether a cache was used to server this response.
- X-Content-Type-Options
nosniff
Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
nosniff - Block requests if type 'style' or 'script'.
- X-Content-Type-Options
nosniff
Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
nosniff - Block requests if type 'style' or 'script'.
Problems were detected with this header
- Duplicate header. There is another header with this name and this may cause problems.
- X-Frame-Options
SAMEORIGIN
Clickjacking protection.
SAMEORIGIN - No rendering if origin mismatch.
- X-Frame-Options
DENY
Clickjacking protection.
DENY - No rendering within frame.
Problems were detected with this header
- Duplicate header. There is another header with this name and this may cause problems.
- X-Xss-Protection
1; mode=block
Cross-site scripting (XSS) filter.
1
Enable XSS filtering.
Mode
Filtering mode.
- block - Block page if XSS is detected.
- X-Xss-Protection
1; mode=block
Cross-site scripting (XSS) filter.
1
Enable XSS filtering.
Mode
Filtering mode.
- block - Block page if XSS is detected.
Problems were detected with this header
- Duplicate header. There is another header with this name and this may cause problems.
- Referrer-Policy
strict-origin-when-cross-origin
Controls what referrer information is sent with requests.
strict-origin-when-cross-origin - Send the full referrer for a same origin request. Send the origin only for cross-domain requests where the protocol level is the same. Otherwise do not send the referrer.
- Strict-Transport-Security
max-age=31536000; includeSubDomains
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
Max-Age
31536000 (1 year)
The time a browser should remember a site can only be accessed with https (seconds).
includesubdomains
max-age applies to subdomains as well.
- Set-Cookie
PHPSESSID=003f71913545715786aad318baff33a9; path=/;HttpOnly;Secure;SameSite=Strict
A cookie sent from the server to be set on the client
PHPSESSID
003f71913545715786aad318baff33a9
Cookie name and value.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
HttpOnly
Prevents access to the cookie through JavaScript.
Secure
The cookie is only sent when requesting from a https domain.
Samesite
Strict
Cookie only sent for same-site requests.
- X-Ua-Compatible
IE=edge
Recommends the preferred rendering engine (often a backward-compatibility mode) to use to display the content.
IE=edge - Use highest level rendering.
- Content-Security-Policy
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
The content security policy allows the server to determine what resources the user is allowed to load.
Default-Src
Fallback for all fetches.
- 'self'
- https:
- data:
- 'unsafe-inline'
- 'unsafe-eval'
- Permissions-Policy
geolocation=(), microphone=(), camera=()
Enable and disable browser features.
geolocation
Control access to geo location API.
- () - Feature is disabled.
microphone
Control access to microphone device.
- () - Feature is disabled.
camera
Control access to camera.
- () - Feature is disabled.
- Last-Modified
Tue, 10 Mar 2026 10:14:47 GMT
The last modified date for the requested object.
- Content-Language
ru
The natural language or languages of the intended audience for the enclosed content.
ru - Russian
- X-Robots-Tag
index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1
Specify how the resource is shown in search results.
Agent
index, follow, max-snippet
Settings apply to this user agent.
-1
Problems were found.
- Option is not one of known values.
max-image-preview:large
Problems were found.
- Option is not one of known values.
max-video-preview:-1
Problems were found.
- Option is not one of known values.
- Link
</fonts/main.woff2>; rel=preload; as=font; crossorigin
Used to express a typed relationship with another resource.
Link
/fonts/main.woff2
- rel - preload
- as - font
- crossorigin