HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
200
Total Requests
1
Total Time
200 ms
  • IP
    142.250.188.14
    View Map

  • Timing

    Wait

    0 ms

    DNS

    16 ms

    TCP

    5 ms

    Request

    3 ms

    First Byte

    156 ms

    Download

    0 ms

    Total

    200 ms

  • HTTP Headers

    Content-Type

    text/html; charset=utf-8

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      utf-8

    X-Frame-Options

    DENY

    Clickjacking protection.

    DENY - No rendering within frame.

    Vary

    Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • Sec-Fetch-Dest
      • Sec-Fetch-Mode
      • Sec-Fetch-Site
    Cache-Control

    no-cache, no-store, max-age=0, must-revalidate

    Inform all caching mechanisms from server to client whether they may cache this object.

    • no-cache

      May be stored by any cache but must be validated by the server.

    • no-store

      May not be stored by any cache.

    • Max-Age

      0

      The time a browser should remember a site can only be accessed with https (seconds).

    • must-revalidate

      Stale caches must not be used.

    Pragma

    no-cache

    HTTP/1.0 backwards compatible cache handling.

    no-cache - Force requests to the origin server before releasing a cache.

    Expires

    Mon, 01 Jan 1990 00:00:00 GMT

    The time at which the response is considered stale.

    Date

    Thu, 30 Apr 2026 08:15:09 GMT

    The date and time that the message was sent.

    Content-Length

    0

    The length of the response body in octets (8-bit bytes).

    P3p

    CP="This is not a P3P policy! See g.co/p3phelp for more info."

    P3P policy.

    Cross-Origin-Resource-Policy

    same-site

    The cross-origin policy.

    same-site - Allow same site requests only.

    Content-Security-Policy

    base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-t21uCCUZSfFyLkpRYqMlMg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/

    The content security policy allows the server to determine what resources the user is allowed to load.

    • Base-URI

      Define what can be used in the base element.

      • 'self'

    • Object-Src

      Define sources for object, embed, and applet elements.

      • 'none'

    • Report-URI

      /_/view/cspreport

      URI for violation reports.

    • Script-Src

      Define sources for JavaScript.

      • 'report-sample'
      • 'nonce-t21uCCUZSfFyLkpRYqMlMg'
      • 'unsafe-inline'
      • 'unsafe-eval'

    • Worker-Src

      Define sources for Worker, SharedWork, and ServiceWorker scripts.

      • 'self'

    • Frame-Ancestors

      Define valid parents for frame, iframe, embed, object, and applet.

      • https://google-admin.corp.google.com/
    Cross-Origin-Opener-Policy

    unsafe-none

    Isolate the document from cross-origin windows.

    unsafe-none - Allow document to be added to its openered browsing context group.

    Reporting-Endpoints

    default="/web-reports?jobset=prod&wcrumsspbp=false&bl=editors.sites-viewer-frontend_20260427.03_p0&app=25&clss=1&context=eJwN0ns41XkCx_HjnN_v85W7g5wM4ph0dJFtKk0YDGFr13TZ9hiep5vUoKtcuuyqptFWz7Yzu-m2M7MkNiKjqDRdpk1XXaTLSCNqMopwOMJBZT9_vP55__d5no_FK_scc73iuKVeMcdRr_gT2X-jV3jS-4N6hc0hvULK0yscKfikXlHVrlc8oLQPYxRZNGN8neI9YUKdwp2CfzUqI8mwrVfZTxuT-5Xb6GagSVlL54NMyivUl2BSvqeju03KH2hp9YAyiUbFvld60mrFsDKdTK7DSoXbsPLNhmHlW4rPVaqS6aP5KlUABW9TqSJp3m8qVSxtMMyQtpLyYKBkQWdLAqX_UdT0IGkOlbqGSqepe1aoNEC_bP5UekH71oZJ31N8epiUTMqyMMmCPj4dJoXS9KSZUgiNWTdTmkhftcyU_k4xUyOkxXTzVIRUT9n_iJTy6WV_pGSgvOQo6Ri9UP9eek0NYpbUTBnzc-Qt9PhMjvyManty5Xp6ps6TX5HHZ3myjpY0HJET6a-GI3IWnfsiX66iYyvz5ZNU_SJfvk-aEwWyB92J_q_8iKyzjspOpNYUyi40anSh7Em6zwtlP9KWFMrz2o7JsVQUXSyfoJT4UnkTta0qlY1km9EmO1NMcLu8mOIut8vx9CimQ35Ktt92yM40dNQKqkIrlNlao5K8K63hS-4_2cCb6q7YoIn-mGOLBVT8yh7l9EWbPdaS8FPDln4sVeMymWkdMILK_R1wjkKmOyCKipY44ARNfuqIGeQU7QQ3-tcmJ_ybXu5wgoG25I3E32hsw0hMIouVzlDT4GpnWKxxxi4PDf5JK6Zq0JqgQTdVHNfgPJluaqCo1uAvh0fhK3qYNwoNlLHbBVvo-34XFFDzNx-gneJmuWIx-Vxxxe-oqdgdN5644w61Nrijk3QGd_jRgm53xNITaqLzcaNxdvloXKS2zNEwUFvFaBhptvDAfHqd6IHOSg_00eYjnthOpc89cZpWTtIilaZFahFATmlauNFQlhaqHVqc26lFFSXnarGeLtzR4jJZ3dXCnvrpLUXUaDGbCuk42d_TYiTtea_FPnoX6AU5yAtlwV6opK6NXuil2IdeWEr5H3qjhGbpvTGP3HvHwovuSjr8TCXQoYKM1joMkq29Do50li6SdoIO4-jQXh0O0_U8HWro5xYdGqnS1geXqNneB-1U7-CD5zTk6AOVkw_uKwJwqzgAD2jZiQAkkupkAMzpFt2j_eUBKI4ORDmt3R-EDXRg1yfIIX9FCILJ60oIxtOqsFCkUf3BUORWh6KQWu-Fopu2tYViF3WvDMMAjTkdhokkmsNgRf7tYQimzX1h2E5XncJxh5zmhMONGjvD0UIrtkZgDXnlR2A8fXwjAqHUkRqJXtKWRGIcbX0WiZ201zcK31JVUxRuUePuX9FCTZ0v8JLUc5vhQtephiwGmqGmjsIW9FJScQtS6HbwS9TSqvxXSKOksa1Ioa-fteIA1ba3oZ406tfwoKIz7ThB-xM68B96-F0H6qmjrgO91BHYiV7SnemEeqcB78oNkCsMWBfUBe3CLoyj4pQulFPJ9i4caOhC-7Mu-E3pRvG-btgc7EZ2oBHfUdMfjLidZMSlbCOu0sZ9RmSSQ6kRGlrg2IOf5vZwYw9aFvUgemkP9Jve4OnmN5hb9QYZNPP1G0TR3cFePCA7qQ-tj_vQSQVu_ThGhxf2Y_yKflyzMuEDNxNCtCaIIRNsaUb4AD6llkMD6KPqHwbwSdkAQsjq8QAcaeqTAcygVbGDSKG6uEE00C9xQ_C_P4S7l9-ikZ4ueYffKPbUOyyli8PvcI2qnIdxi8rch-GyaxgXaoZxlbzDFcKXsvVm4gA5LzQT16-ZCY8bZuJ5hVJEdyqFyVEl0j9XiUwqP6US7taSyHKQxB7q0ErCtFkSC7-UhH-NJMKphNpqJXHpkSTMXWWRPE0Wh6NkUURPNRC9HhCyJ8S6AIiN5LocYhbVZUI00eo6iHRqMPLipIgXonK_EJfoaK0QORvMRQEVURmdoexMcxGww1xMrTAX6f4jROPgCPGC4q5aiOxXFqJ7jKWI9rYUyT6W4txMS7Gr2VKsmG0lXFZaCUWBlXC9YCWeX7YWP9ZZiyn11sKy0VrY0ATqHmUjJnnbCK8gG7H3axtxkNL224rTn9mJYzF24kKanZhQaCd8KSlLLZQNanFvnaOYk-so1Jbme3Ju18DuxoVLm1ykPycmZGgnJCxLTF2Tst53fWJqwvqJ6WwJKROXp6xZnZqwetmiyX6Tp_lNmezv6_fRorV-_wftJ1gy&build-label=editors.sites-viewer-frontend_20260427.03_p0&imp-sid=CJjRs4CRlZQDFbbDzgAd_Nk3cw&is-cached-offline=false"

    Document-Policy

    include-js-call-stacks-in-crash-reports

    Referrer-Policy

    strict-origin-when-cross-origin

    Controls what referrer information is sent with requests.

    strict-origin-when-cross-origin - Send the full referrer for a same origin request. Send the origin only for cross-domain requests where the protocol level is the same. Otherwise do not send the referrer.

    Server

    ESF

    A name for the server.

    ESF - Description of the server software.

    X-Xss-Protection

    0

    Cross-site scripting (XSS) filter.

    0 - Disable XSS filtering.

    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    Set-Cookie

    NID=531=VBn-ZmIQgzaClqjX_4mHl0Lq_4zGmyBYBRhlRz95Pk5s2ID2yze8b6zm2Ypc17i4SCAG4aDFWaK7tuYrE34R8a8xxh4Q8tnFuAKeqbtSinI_3Qc_SD3nujwDIxmQjZAYAjfJZCpPjLcv3xnysgnEzudT1lVJuEPaIti4X2fehHwLHzF_rHCHwGWuKm2GWBL8eWRPv5t8pcb_EoN8YW2p; expires=Fri, 30-Oct-2026 08:15:09 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none

    A cookie sent from the server to be set on the client

    • NID

      531

      Cookie name and value.

    • Expires

      Fri, 30-Oct-2026 08:15:09 GMT

      When the cookie should expire.

    • Path

      /

      The client will only send the cookie when requesting this path, or subdirectories, from the server.

    • Domain

      .google.com

      The client will only send the cookie when requesting from this domain.

    • Secure

      The cookie is only sent when requesting from a https domain.

    • HttpOnly

      Prevents access to the cookie through JavaScript.

    • Samesite

      none

      Cookie sent with both cross-site and same-site requests..

    Alt-Svc

    h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

    Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.

    • Service

      • h3 - :443

    • Service

      • ma - 2592000 (30 days)

        Max age for the alternative (seconds).

      • h3-29 - :443

        HTTP/3 (draft 29)

    • Service

      • ma - 2592000 (30 days)

        Max age for the alternative (seconds).