HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
405
Total Requests
1
Total Time
445 ms
  • IP
    95.216.11.25
    View Map

  • Timing

    Wait

    0 ms

    DNS

    12 ms

    TCP

    108 ms

    Request

    0 ms

    First Byte

    217 ms

    Download

    0 ms

    Total

    445 ms

  • HTTP Headers

    Allow

    POST

    Cache-Control

    no-cache, private

    Inform all caching mechanisms from server to client whether they may cache this object.

    • no-cache

      May be stored by any cache but must be validated by the server.

    • private

      May only be stored by a browser cache.

    Content-Type

    text/html; charset=UTF-8

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      UTF-8

    Date

    Fri, 19 Dec 2025 05:04:48 GMT

    The date and time that the message was sent.

    Server

    LiteSpeed

    A name for the server.

    LiteSpeed - Description of the server software.

    Edit

    Set-Cookie: (.*) "$; SameSite=Strict; Secure"

    Content-Security-Policy

    frame-ancestors 'self'; img-src https://*;object-src data: 'unsafe-eval';

    The content security policy allows the server to determine what resources the user is allowed to load.

    • Frame-Ancestors

      Define valid parents for frame, iframe, embed, object, and applet.

      • 'self'

    • Img-Src

      Define sources for images and favicons.

      • https://*

    • Object-Src

      Define sources for object, embed, and applet elements.

      • data:
      • 'unsafe-eval'
    Access-Control-Allow-Origin

    none

    Indicate whether the response can be shared with the given origin.

    • none

      Problems were found.

      • Option is not one of known values.
    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    Referrer-Policy

    strict-origin

    Controls what referrer information is sent with requests.

    strict-origin - Send the origin when the protocol level stays the same

    Permissions-Policy

    geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()

    Enable and disable browser features.

    • geolocation

      Control access to geo location API.

      • () - Feature is disabled.

    • midi

      Control access to MIDI API.

      • () - Feature is disabled.

    • sync-xhr

      Control access to XMLHttpRequests.

      • () - Feature is disabled.

    • microphone

      Control access to microphone device.

      • () - Feature is disabled.

    • camera

      Control access to camera.

      • () - Feature is disabled.

    • magnetometer

      Control access to magnetometer API.

      • () - Feature is disabled.

    • gyroscope

      Control access to gyroscope API.

      • () - Feature is disabled.

    • fullscreen

      Control access to fullscreen API.

      • (self) - Allowed on this page and all nested contexts in the same origin.

    • payment

      Control access to payment request API.

      • () - Feature is disabled.
    Strict-Transport-Security

    max-age=63072000; includeSubDomains

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      63072000 (2 years)

      The time a browser should remember a site can only be accessed with https (seconds).

    • includesubdomains

      max-age applies to subdomains as well.

    Forcesecurecookie

    secure

    X-Frame-Options

    SAMEORIGIN

    Clickjacking protection.

    SAMEORIGIN - No rendering if origin mismatch.

    X-Xss-Protection

    1; mode=block

    Cross-site scripting (XSS) filter.

    • 1

      Enable XSS filtering.

    • Mode

      Filtering mode.

      • block - Block page if XSS is detected.
    Alt-Svc

    h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

    Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.

    • Service

      • h3 - :443

    • Service

      • ma - 2592000 (30 days)

        Max age for the alternative (seconds).

      • h3-29 - :443

    • Service

      • ma - 2592000 (30 days)

        Max age for the alternative (seconds).

      • h3-Q050 - :443

    • Service

      • ma - 2592000 (30 days)

        Max age for the alternative (seconds).

      • h3-Q046 - :443

    • Service

      • ma - 2592000 (30 days)

        Max age for the alternative (seconds).

      • h3-Q043 - :443

    • Service

      • ma - 2592000 (30 days)

        Max age for the alternative (seconds).

      • quic - :443

    • Service

      • ma - 2592000 (30 days)

        Max age for the alternative (seconds).

    • Version

      • 43
      • 46
    Connection

    Keep-Alive

    Control options for the current connection and list of hop-by-hop response fields.

    Keep-Alive - The client would like to keep the connection open.