HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
200
Total Requests
1
Total Time
165 ms
  • IP
    142.251.211.110
    View Map

  • Timing

    Wait

    0 ms

    DNS

    3 ms

    TCP

    7 ms

    Request

    0 ms

    First Byte

    138 ms

    Download

    0 ms

    Total

    165 ms

  • HTTP Headers

    Content-Type

    text/html; charset=utf-8

    The MIME type of this content.

    Problems were detected with this header

    • Unknown MIME type.
    X-Frame-Options

    DENY

    Clickjacking protection.

    DENY - No rendering within frame.

    Vary

    Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • Sec-Fetch-Dest
      • Sec-Fetch-Mode
      • Sec-Fetch-Site
    Cache-Control

    no-cache, no-store, max-age=0, must-revalidate

    Inform all caching mechanisms from server to client whether they may cache this object.

    • no-cache

      May be stored by any cache but must be validated by the server.

    • no-store

      May not be stored by any cache.

    • Max-Age

      0

      The time a browser should remember a site can only be accessed with https (seconds).

    • must-revalidate

      Stale caches must not be used.

    Pragma

    no-cache

    HTTP/1.0 backwards compatible cache handling.

    no-cache - Force requests to the origin server before releasing a cache.

    Expires

    Mon, 01 Jan 1990 00:00:00 GMT

    The time at which the response is considered stale.

    Date

    Mon, 29 Jun 2026 16:07:53 GMT

    The date and time that the message was sent.

    Content-Length

    0

    The length of the response body in octets (8-bit bytes).

    P3p

    CP="This is not a P3P policy! See g.co/p3phelp for more info."

    P3P policy.

    Cross-Origin-Resource-Policy

    same-site

    The cross-origin policy.

    same-site - Allow same site requests only.

    Cross-Origin-Opener-Policy

    unsafe-none

    Isolate the document from cross-origin windows.

    unsafe-none - Allow document to be added to its openered browsing context group.

    Content-Security-Policy

    base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-_P_SPvc1-Cz_pgLdtusVTg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/

    The content security policy allows the server to determine what resources the user is allowed to load.

    • Base-URI

      Define what can be used in the base element.

      • 'self'

    • Object-Src

      Define sources for object, embed, and applet elements.

      • 'none'

    • Report-URI

      /_/view/cspreport

      URI for violation reports.

    • Script-Src

      Define sources for JavaScript.

      • 'report-sample'
      • 'nonce-_P_SPvc1-Cz_pgLdtusVTg'
      • 'unsafe-inline'
      • 'unsafe-eval'

    • Worker-Src

      Define sources for Worker, SharedWork, and ServiceWorker scripts.

      • 'self'

    • Frame-Ancestors

      Define valid parents for frame, iframe, embed, object, and applet.

      • https://google-admin.corp.google.com/
    Content-Security-Policy-Report-Only

    require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/6b8ce7c01e3dacd3d2c7a8cd322ff979/mr

    The content security policy, reporting only.

    Reporting-Endpoints

    default="/web-reports?jobset=prod&wcrumsspbp=false&bl=editors.sites-viewer-frontend_20260617.02_p0&app=25&clss=1&context=eJwV0ntYzIkaB_Bp5vd731HTbZqpqakx_YYkSazkqBTFtOzJbZ3aPMctSRe3lNBZl2M5OGuXPZRd9iA5UokUsi67LgfLEtkVNmJLFF2miy6k8z1_fP74fp_3n_d5vtZ3nfYro2XHbKJlUzXRsk_BcUe0zBOEnGiZBsJPRsvSB8TINsGYIZWyD0C-lTIDhP7RKjdD84YOeSesTu6Ub4Cfg7vk9-B8SJf8KryN75J_gCPbuuTHYf7NbnkSuMZ-kHvCElmffCV0uffJZR598vZVffL3EHdArkiGj2YoFEEQukGhMMP0FwpFLKxqHiOsB_meYMEazhYGC5cgcnSIMBUsk8YJ3fB75nihBnYvCxe-h7iV4UIyyE-EC9bwp9PhwjgYnTRBCIOByycIQ-GLugnClxATMFGYC7u-Mgu58LLTLDRDTnKkkA816o-F11DFk4RayJixX1wHD8_sF5_BvbYD4iMwTskRvWFe1SExET5vPiRugnOLcsUrkJ-SK56EmzW5YgXoig-LRrgd9R_xN7DddETUgmv_PNETvD_LE_1BKswTpzfki7GQCRvhaFSBWAypcUXiGmhYXCS2gn1Gg-gCMaFvxLkw6_IbMQ5-i2kUn4D93kbRBd4dUZEiT0Un7G2pDLzKbMkPKq_aUTX8eb89zYSCV45UAosaHGkZsL-a7OGHIjVdBqdSNenBSnKiflAS6ETnIGy0E0VCyTxkGPFEQ2NAG6UlD_hmjZa-g3U5zvQPGFTlTMPAOsWF1NCzxIWsl7rQVqOOdkJCgI7q43VkgdJjOjoPv-a4UhVkbHOjdfB9pxsdhtodenoDsya501wYfNWdhkN1gYFuPDbQbaivMlATeDcbyB9mWgwUC4-hGs7P6k9nF_ani9Cwtj81g1wwEsNkNtIMeJ1opKYyI72FzEOetBGKnnvSaQjzlSgSUoZJlAajzBIFwbtNEik2S3Rui0RXIPmARCvgwm2JLoPqjkSO0AnvYWK5RJMhD46B412JnGH7B4l2Q2-wicQQE_WlmYjTTdSy2kQdkLrGRBmQnWmifbDhbybaDLG_mmg-5A7wokKYFO1F08HQMYhMcEfwpgdQSN5UCq223tQD9o7epIGzcBEkX2_yges53lQOD-q86SlUyILoVkEQ3YcFxUGUCIqTQaSEW3AXskqCqCAqmEpgWVYIrYLsrWNpP0zuF0ozwHQ1jIbAoz3jqP7uOLLAhoZxtBUsKeHUDQtWhFMK-G4Mp5HAteGkgv9qI-g2aKdGkAc8bYqgOkhYP5GWgil3Ig2BxjQzdYBUaCYfcHpkJj2sf2amLfAvv0jaC1eqI-kW1Cs_Jgvod_xBRqhvqiELbHGvpe2gnlZLbnAdysG6Gx005tVRByQV1FEq_BL6ku5B4KSXFAqLp7ykdFic-4rSIWlQPaVCwMMGGgP33jTQI5DUr8kHjp55Q8WQFd9I_4bGykbqgMbgJuoArzNNpN7STL0lzSSWNtPykBaSZreQD3y2sIXmQeHGFsquaqHGZy3kP9JCR3dbyG6PhbJOWWhXcCvtg-pPWumXpFZyKmolHczUtNGP09rwXxvVzWmjqPltFL2mnZ5kttO6knb6AqZdaadVMOF1O0VC-c4OqoQ7PR10H-ofvqUmOOzRSflwcHYnBSR00jVVF-k9uihM6iJ-10X2UKXrploYE9FN46Hu2256CzePd9PYE90UCqqH3aSBgMe4g4-KeigIfp_1jgIr3lHoyfdkhifzeukFLN7XS6kQe6qX5sPFvl66BtvkH-gbuOLSR7fghKGPzq3so5_AbWsfeUXI2A92RVtxNhhmW_H2HCveDdevWXH_G1b8vFTOUU1y7tIoeI-Lgg9AiquC06DklIINtgI3SgLPWyBwInRmCjz77wLnXxD4JASWCxwBhdBwT2Clu8jJo0R2CBZZB8uDiFdD5VriaqhqxeTh8ColH4Vda5UctFnJgaVK_rpCyRmB_fhpTz-ugV2vrNky0IajvGw4ebANn59gw4M-teFttTZc3GLDl6B8kIorYctIFSdMVrE-RcV9uSp2v6Disvsq_gmeX7blHypt2eapLduBL1hc7XiYlx1fgp8hd7AdF4IpxI7_esiOS-LsOT3Lnnu0Dlw2xYHzYxz4QroD--Y5sB8MPO7IQyFpk5pLf1SzvErNAlRkOrHVDScuX67hb1dq-CBMPaDh4uMaLgPVYw1__ULDh15q2OCp5Z0BWnYfpWUDGEGCAeAF3uADvuAH_jDDrOXT2VrO7efMlxKcuTvGhR-sc-Gn8F7SsWDS8fMMHQ8_p-PNF3X8FTRW67jmrY5fQVyvjvONrrxosSvvDnbjsVPdOAzGw5dH3PjzXjc-CBd99bx5sp6zoHOvnrOP6fkgnL-jZx9nD_bP8WCf9wZeUm7kbHC5a2S92ZMTXnnyP60l3g47_i9EYrWN8vGJbRXk8HBPs9JN-EtifIbkG78gMW1p6gq_FYlp8SuGrkQXnzp0YerSJWnxSxbMGeE_YpT_qOGBfv4j5izz_x8Bw4w1&build-label=editors.sites-viewer-frontend_20260617.02_p0&imp-sid=CJyUzMnqrJUDFevIzgAd6ygLkg&is-cached-offline=false"

    Document-Policy

    include-js-call-stacks-in-crash-reports

    Referrer-Policy

    strict-origin-when-cross-origin

    Controls what referrer information is sent with requests.

    strict-origin-when-cross-origin - Send the full referrer for a same origin request. Send the origin only for cross-domain requests where the protocol level is the same. Otherwise do not send the referrer.

    Server

    ESF

    A name for the server.

    ESF - Description of the server software.

    X-Xss-Protection

    0

    Cross-site scripting (XSS) filter.

    0 - Disable XSS filtering.

    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    Set-Cookie

    NID=532=T2pUUL5hmkox0vk4p4RwMYK_X5WiPV-n1Ll09XSRR1ZlxmfnrVbnnfOFkgRqp9fo7lBfS3XE_uvU-ud9TX9WFDpAhMgR4CfJ_Qmu3EHMWpK2cl4UHvKjzMvrRXT2C_38oCFOPStiK2JCWZ7JdwibFtzJwptIptimdMa3jntOzGFcxwKKsoqUqSybqAQblna2Av7Jgc4dJA; expires=Tue, 29-Dec-2026 16:07:53 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none

    A cookie sent from the server to be set on the client

    • NID

      532

      Cookie name and value.

    • Expires

      Tue, 29-Dec-2026 16:07:53 GMT

      When the cookie should expire.

    • Path

      /

      The client will only send the cookie when requesting this path, or subdirectories, from the server.

    • Domain

      .google.com

      The client will only send the cookie when requesting from this domain.

    • Secure

      The cookie is only sent when requesting from a https domain.

    • HttpOnly

      Prevents access to the cookie through JavaScript.

    • Samesite

      none

      Cookie sent with both cross-site and same-site requests..

    Alt-Svc

    h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

    Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.

    • Service

      • h3 - :443

    • Service

      • ma - 2592000 (30 days)

        Max age for the alternative (seconds).

      • h3-29 - :443

        HTTP/3 (draft 29)

    • Service

      • ma - 2592000 (30 days)

        Max age for the alternative (seconds).