HTTP Headers
Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.
Summary
- Response
- Total Requests
- 1
- Total Time
- 189 ms
https://vimeo.com/706948616- Status
- 200
- Message
- OK
- Time
- 189 ms
- IP
- 162.159.128.61
Timing
Wait
0 ms
DNS
5 ms
TCP
9 ms
Request
0 ms
First Byte
165 ms
Download
1 ms
Total
189 ms
HTTP Headers
- Date
Thu, 25 Jun 2026 10:12:14 GMT
The date and time that the message was sent.
- Content-Type
text/html; charset=utf-8
The MIME type of this content.
Problems were detected with this header
- Unknown MIME type.
- Connection
keep-alive
Control options for the current connection and list of hop-by-hop response fields.
keep-alive - The client would like to keep the connection open.
- Set-Cookie
__cf_bm=WFmSSkJ6TigyB_BQiacvB09QUMtJUGKNUUHRLn.Tfbg-1782382334.461684-1.0.1.1-4omU_baA9hfQp17eSihjQdWC4sSQ7.kyXApcYiPmKUkxRzNmns9TP_ixN0_57B98Hgn9AllhB8FGx7E4A6M..P.Qz5MWix4voGF.uz2Q9yxQyYApZ_DoyJD7EVe0droP; HttpOnly; SameSite=None; Secure; Path=/; Domain=vimeo.com; Expires=Thu, 25 Jun 2026 10:42:14 GMT
A cookie sent from the server to be set on the client
__cf_bm
WFmSSkJ6TigyB_BQiacvB09QUMtJUGKNUUHRLn.Tfbg-1782382334.461684-1.0.1.1-4omU_baA9hfQp17eSihjQdWC4sSQ7.kyXApcYiPmKUkxRzNmns9TP_ixN0_57B98Hgn9AllhB8FGx7E4A6M..P.Qz5MWix4voGF.uz2Q9yxQyYApZ_DoyJD7EVe0droP
Cookie name and value.
HttpOnly
Prevents access to the cookie through JavaScript.
Samesite
None
Cookie sent with both cross-site and same-site requests..
Secure
The cookie is only sent when requesting from a https domain.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
Domain
vimeo.com
The client will only send the cookie when requesting from this domain.
Expires
Thu, 25 Jun 2026 10:42:14 GMT
When the cookie should expire.
- Set-Cookie
_cfuvid=aIbjZk4hkAr_dTcfbJVS3LDgsVeyEStJjwloopaGcZI-1782382334.461684-1.0.1.1-L0T3UugpNES9prF4uvBvTNNPuowx._97RwZqhKlq7Wo; HttpOnly; SameSite=None; Secure; Path=/; Domain=vimeo.com
A cookie sent from the server to be set on the client
_cfuvid
aIbjZk4hkAr_dTcfbJVS3LDgsVeyEStJjwloopaGcZI-1782382334.461684-1.0.1.1-L0T3UugpNES9prF4uvBvTNNPuowx._97RwZqhKlq7Wo
Cookie name and value.
HttpOnly
Prevents access to the cookie through JavaScript.
Samesite
None
Cookie sent with both cross-site and same-site requests..
Secure
The cookie is only sent when requesting from a https domain.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
Domain
vimeo.com
The client will only send the cookie when requesting from this domain.
- Cf-Ray
a11331566a94430f-EWR
Encoded information about your request from Cloudflare.
- Cf-Cache-Status
DYNAMIC
Encoded information about your request from Cloudflare.
DYNAMIC - This is not cached by default.
- Accept-Ranges
bytes
What partial content range types this server supports via byte serving.
bytes - Byte ranges are supported.
- Age
0
The age the object has been in a proxy cache in seconds.
- Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Inform all caching mechanisms from server to client whether they may cache this object.
no-store
May not be stored by any cache.
no-cache
May be stored by any cache but must be validated by the server.
must-revalidate
Stale caches must not be used.
post-check
0
Problems were found.
- Option is not one of known values.
pre-check
0
Problems were found.
- Option is not one of known values.
- Expires
Thu, 25 Jun 2026 10:12:14 GMT
The time at which the response is considered stale.
- Server
cloudflare
A name for the server.
cloudflare - Description of the server software.
- X-Xss-Protection
1; mode=block
Cross-site scripting (XSS) filter.
1
Enable XSS filtering.
Mode
Filtering mode.
- block - Block page if XSS is detected.
- Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
Max-Age
31536000 (1 year)
The time a browser should remember a site can only be accessed with https (seconds).
includesubdomains
max-age applies to subdomains as well.
preload
Use Google's preloading strict transport security.
- Vary
Crossroads-Language, Accept-Encoding, X-Geo-Vary-Group, Crossroads-Backend,x-http-method-override
Indicates that different content may be provided to different clients, depending on the vary header.
Headers
- Crossroads-Language
- Accept-Encoding
- X-Geo-Vary-Group
- Crossroads-Backend
- x-http-method-override
- Via
1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
Added by proxies to track a request through proxies and to avoid loops.
Version
1.1
Protocol version.
Host
Host name.
Version
1.1
Protocol version.
Host
Host name.
Version
1.1
Protocol version.
Host
Host name.
- X-Backend-Proxy
web-varnish-8549b448b5-clkws
- X-Bapp-Server
- X-Cache
MISS, MISS
Indicates whether a cache was used to server this response.
- X-Cache-Hits
0, 0
- X-Content-Type-Options
nosniff
Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
nosniff - Block requests if type 'style' or 'script'.
- X-Frame-Options
sameorigin
Clickjacking protection.
sameorigin - No rendering if origin mismatch.
- X-Link-Match
9
- X-Powered-By
Next.js
The software powering this site.
- X-Served-By
cache-iad-kjyo7100136-IAD, cache-lga21983-LGA
- X-Timer
S1782382334.477438,VS0,VE142
- X-Turnstile-Exception
3
- X-Varnish-Cache
0
- X-Vserver
web-varnish-8549b448b5-clkws
- Alt-Svc
h3=":443"; ma=86400
Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.
Service
- h3 - :443
Service
- ma - 86400 (1 day)
Max age for the alternative (seconds).
- ma - 86400 (1 day)