HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
200
Total Requests
1
Total Time
154 ms
  • IP
    142.250.68.206
    View Map

  • Timing

    Wait

    0 ms

    DNS

    12 ms

    TCP

    3 ms

    Request

    0 ms

    First Byte

    129 ms

    Download

    1 ms

    Total

    154 ms

  • HTTP Headers

    Content-Type

    text/html; charset=utf-8

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      utf-8

    X-Frame-Options

    DENY

    Clickjacking protection.

    DENY - No rendering within frame.

    Vary

    Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • Sec-Fetch-Dest
      • Sec-Fetch-Mode
      • Sec-Fetch-Site
    Cache-Control

    no-cache, no-store, max-age=0, must-revalidate

    Inform all caching mechanisms from server to client whether they may cache this object.

    • no-cache

      May be stored by any cache but must be validated by the server.

    • no-store

      May not be stored by any cache.

    • Max-Age

      0

      The time a browser should remember a site can only be accessed with https (seconds).

    • must-revalidate

      Stale caches must not be used.

    Pragma

    no-cache

    HTTP/1.0 backwards compatible cache handling.

    no-cache - Force requests to the origin server before releasing a cache.

    Expires

    Mon, 01 Jan 1990 00:00:00 GMT

    The time at which the response is considered stale.

    Date

    Thu, 30 Apr 2026 08:26:24 GMT

    The date and time that the message was sent.

    Content-Length

    0

    The length of the response body in octets (8-bit bytes).

    P3p

    CP="This is not a P3P policy! See g.co/p3phelp for more info."

    P3P policy.

    Content-Security-Policy

    base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-elWooJqBlcFvYP-2vTv3SA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/

    The content security policy allows the server to determine what resources the user is allowed to load.

    • Base-URI

      Define what can be used in the base element.

      • 'self'

    • Object-Src

      Define sources for object, embed, and applet elements.

      • 'none'

    • Report-URI

      /_/view/cspreport

      URI for violation reports.

    • Script-Src

      Define sources for JavaScript.

      • 'report-sample'
      • 'nonce-elWooJqBlcFvYP-2vTv3SA'
      • 'unsafe-inline'
      • 'unsafe-eval'

    • Worker-Src

      Define sources for Worker, SharedWork, and ServiceWorker scripts.

      • 'self'

    • Frame-Ancestors

      Define valid parents for frame, iframe, embed, object, and applet.

      • https://google-admin.corp.google.com/
    Cross-Origin-Resource-Policy

    same-site

    The cross-origin policy.

    same-site - Allow same site requests only.

    Cross-Origin-Opener-Policy

    unsafe-none

    Isolate the document from cross-origin windows.

    unsafe-none - Allow document to be added to its openered browsing context group.

    Reporting-Endpoints

    default="/web-reports?jobset=prod&wcrumsspbp=false&bl=editors.sites-viewer-frontend_20260427.03_p0&app=25&clss=1&context=eJwN0ntczXkCxvHTOb_f802dSqdS0vXXTE4uaQ0yqqmmVMNO47L2mHqte0iukesuWZPFa2fnIsnOzJZkRTFRyGBYud-SyyRSTAnpdk6qU-Hs88f7n89_z-v12KTrcqwNqsO2BtUkZ4PqT-T4rUHlS--zDSr7PQaVlGdQOVPYMYOqvNmgukdpH0xXZdC4oVWq94RhVSovCv_dpI6lts2d6m5al9Kt3kzXQs3qSjoTZlZfpK4ks_o9HdhhVv9Mc673qBfRwIT3al9aqrKoV5PZw6JWeVrUb9Za1G9pbq5ak0IfTdVoQih8s0YTS1OeazQJtLZtnJRO6uxQyYZOFYVK_6O4sWHSJDJOiJR66PGGT6V62rU8SvqJ5q6OklJIXRwl2dDHJ6KkSBq7aLwUQR-uGC8Np68ax0v_pOmjY6RZdO14jFRNmf-KlfLpRXes1EbZKXFSLtXrPpNeU42YIDXQmqk58iZ6eDJHfkqVHblyNT3V5ckvyeeLPFlPs2v2ycn0t7Z9cgadXpgvl9OhxfnyMbpeny_fJbej-2UfuhX_X_kB2WUckF1I51Ygu9NA7wLZl_RfFshBpBQVyFOaDskJtILW0eCJhfIIOhhfKB-l1LlH5PXUtOSIbCKHNU2yK00Pb5ZnUeKFZnkuPZjeIj8hhx9aZFfqO6CFpkCLYgc7lJF_mR0CyeucPfyp6qI96ujzHAdMo8KXjiihhU2OWE4iSAcH-uWIDhfISnFCPyoJdsJpihjrhDg6ONsJR2nkE2eMI5d4F3jS9-td8G96sdUFbbQpbwD-QYNrBmAE2Sx2hY56l7rCZpkrtvu44TtaMNoNr5LcYKTSw244Q-ZrblBdd8Nf9w7EV3Q_byBqaM0Od2yin7rdsZ8avh2EZkqc4IFZFHDRA3-gukIvXH3khVtUX-OFl6Rv80IQTTN6IYEeUR2dSfTGufneuEhNG73RRk2l3jDRROGDqfQ62QetZT7oog37fLGFjjzzxQlaPELBKhoTqyCEXNIUeFJfhgLNVgWntykop5RcBSvp7C0FF0h7W4EjddNbiqlQMJEK6DA53lEwgL5-r2AXvQv1gxzmh-JwP5RR-zo_dNJ3G_yQRQn3_TCH8j_wRxFNMPhjCnl1DoYf3Zb0-I26ZT0sVAQ9Sslkp0cvOTjq4Uyn6FdShukxhPbs1GMvXcnTo4J-a9SjlsocAnCeGhwD0EzVTgF4Rn3OAdC4BOCuKgQ3CkNwj-YdDUEyaY6FwJpu0B3KKglBYXwoSmh5VhjW0u7tnyCHglURCCe_ixEYSkuiIpFG1dmRyL0eiQJ6dScSRtrcFIntZFwchR4acSIKwSQaoqCl4OYohNOGrihsoUsu0bhFLpOi4Um1rdFopAXpMVhGfvkxGEofX41BJLWsikUnKUWxGELpT2OxjXYGxuEHKq-Lww2q3fE7GqmutR4vSDe5Ae50hSrIpqcBOmopaEQnLSpsRCrdDH-BSlqS_xJpNGvwKyykb56-wm6qbG5CNSm61xhCB0824yhlJbXgP3T_xxZUU0tVCzqpJbQVnaQ_2Qrdtja8K2mDXNqGFWHtUGa0YwgVprajhIq2tGN3TTuan7YjaJQRh3YZYZ9tRNZxIzJDTfiRHv_RhJuLTDifacIlWrfLhI3kdMQEN5rm3IFzkzu4swONMzsQP6cDhvVv8GTDG0wuf4M1NP71G8TR7d5O3KMBUhdePexCK-337MYh2jujG0MXdOOy1oxBnmZEKGaIPjMcaFx0Dz6lxj096KLrP_fgk-IeRJD2YQ-cafSjHoyjJQm9SKWqxF7U0OPEPgTf7cPtC29RS09mv8NzSjj-DnPoV8s7XKZyVwtuULGXBe7bLbhSYUEF-UerRCBlGqzEbvKaYSWuXLYS3letxLNStYhvVQuzs0as_lIjNlLJcY3wtpNEhpMkvqYWRRIz_i6J4ApJRFMRNVVK4twDSVh7yCJljCz2xsniIPn8RRadPhCyL8SKEIh15DEfYgJVbYSoo6VVEKupxsSLk2quEGVZQpynA5VC5Ky1FvvpIBXTScrcaC1CtlqL4FJrkRbcT9T29hP1lHjJRmS-tBHGD23F5_62IiXAVpwZbyt2NNiKBRO1YtBirbDka4XHWa14dsFO_FJlJ0ZV2wnbWjthT8PIONBeBPrbCyXMXuz8xl5kU1qWgyj7or84NL2_OJvWXwwr6C8CaVGGTmhqdKJihbOYlOssdFrr4vybFeif_vzUeSt36c_JSWuUYUnzklctS10ZuDJ5VdLK4avZklKHz09dtnRV0tJ5M0cGjRwTNGpkcGDQRzOXB_0fL85ihg&build-label=editors.sites-viewer-frontend_20260427.03_p0&imp-sid=CKKqqsKTlZQDFQjbzgAdNFYtoA&is-cached-offline=false"

    Document-Policy

    include-js-call-stacks-in-crash-reports

    Referrer-Policy

    strict-origin-when-cross-origin

    Controls what referrer information is sent with requests.

    strict-origin-when-cross-origin - Send the full referrer for a same origin request. Send the origin only for cross-domain requests where the protocol level is the same. Otherwise do not send the referrer.

    Server

    ESF

    A name for the server.

    ESF - Description of the server software.

    X-Xss-Protection

    0

    Cross-site scripting (XSS) filter.

    0 - Disable XSS filtering.

    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    Set-Cookie

    NID=531=MQdhlglQWXEwve2mQsmcgc5SBE2ioGA2lgP6V6sgleGJK3NaXN2He5EdS6nluvf480eJ2zprMbvlWoTQ0JdjvSj6ZHgaFcXROBTktePprRAjT0BZ27-F2D_rHnuT-RU4WGUQOseguhMT1Jzj1_ib_61nusHWNtPl0R7le80J5ocI-DYP59O6DKAn_zYUugjyuN7BN1mmOdHce2WLrsDj; expires=Fri, 30-Oct-2026 08:26:24 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none

    A cookie sent from the server to be set on the client

    • NID

      531

      Cookie name and value.

    • Expires

      Fri, 30-Oct-2026 08:26:24 GMT

      When the cookie should expire.

    • Path

      /

      The client will only send the cookie when requesting this path, or subdirectories, from the server.

    • Domain

      .google.com

      The client will only send the cookie when requesting from this domain.

    • Secure

      The cookie is only sent when requesting from a https domain.

    • HttpOnly

      Prevents access to the cookie through JavaScript.

    • Samesite

      none

      Cookie sent with both cross-site and same-site requests..

    Alt-Svc

    h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

    Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.

    • Service

      • h3 - :443

    • Service

      • ma - 2592000 (30 days)

        Max age for the alternative (seconds).

      • h3-29 - :443

        HTTP/3 (draft 29)

    • Service

      • ma - 2592000 (30 days)

        Max age for the alternative (seconds).