HTTP Headers
Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.
Summary
- Response
- Total Requests
- 1
- Total Time
- 184 ms
https://vimeo.com/709347107- Status
- 200
- Message
- OK
- Time
- 184 ms
- IP
- 162.159.128.61
Timing
Wait
0 ms
DNS
3 ms
TCP
7 ms
Request
0 ms
First Byte
163 ms
Download
1 ms
Total
184 ms
HTTP Headers
- Date
Wed, 24 Jun 2026 22:29:52 GMT
The date and time that the message was sent.
- Content-Type
text/html; charset=utf-8
The MIME type of this content.
Problems were detected with this header
- Unknown MIME type.
- Connection
keep-alive
Control options for the current connection and list of hop-by-hop response fields.
keep-alive - The client would like to keep the connection open.
- Set-Cookie
__cf_bm=MyJQ2c5ggaeQAPhjTn0fTmrjnpy0lmpsEbms5OxzShM-1782340192.7880104-1.0.1.1-ibmM3mFoq2q_Cj8jVMjQ1xL04MYQ1p7jcRe43D4g5yz2KdoFRWXGKppcSmkvTTopSHi7xzs7.OfkD8Xcn6fYSr1mfwylXl0Z3lNDGr.EDIVSTZCTQEZ5rnmOLsZ8PzlL; HttpOnly; SameSite=None; Secure; Path=/; Domain=vimeo.com; Expires=Wed, 24 Jun 2026 22:59:52 GMT
A cookie sent from the server to be set on the client
__cf_bm
MyJQ2c5ggaeQAPhjTn0fTmrjnpy0lmpsEbms5OxzShM-1782340192.7880104-1.0.1.1-ibmM3mFoq2q_Cj8jVMjQ1xL04MYQ1p7jcRe43D4g5yz2KdoFRWXGKppcSmkvTTopSHi7xzs7.OfkD8Xcn6fYSr1mfwylXl0Z3lNDGr.EDIVSTZCTQEZ5rnmOLsZ8PzlL
Cookie name and value.
HttpOnly
Prevents access to the cookie through JavaScript.
Samesite
None
Cookie sent with both cross-site and same-site requests..
Secure
The cookie is only sent when requesting from a https domain.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
Domain
vimeo.com
The client will only send the cookie when requesting from this domain.
Expires
Wed, 24 Jun 2026 22:59:52 GMT
When the cookie should expire.
- Set-Cookie
_cfuvid=Clpmf0wBFACLzoXpcy22FLQgZtL9TYh7Ur9Y0ZDrCuw-1782340192.7880104-1.0.1.1-woJmcQtQxruG4LXP_5wiIxexa.Q6XLl1_Ejw9yz7KYA; HttpOnly; SameSite=None; Secure; Path=/; Domain=vimeo.com
A cookie sent from the server to be set on the client
_cfuvid
Clpmf0wBFACLzoXpcy22FLQgZtL9TYh7Ur9Y0ZDrCuw-1782340192.7880104-1.0.1.1-woJmcQtQxruG4LXP_5wiIxexa.Q6XLl1_Ejw9yz7KYA
Cookie name and value.
HttpOnly
Prevents access to the cookie through JavaScript.
Samesite
None
Cookie sent with both cross-site and same-site requests..
Secure
The cookie is only sent when requesting from a https domain.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
Domain
vimeo.com
The client will only send the cookie when requesting from this domain.
- Cf-Ray
a10f2c7cea78e5e2-EWR
Encoded information about your request from Cloudflare.
- Cf-Cache-Status
DYNAMIC
Encoded information about your request from Cloudflare.
DYNAMIC - This is not cached by default.
- Accept-Ranges
bytes
What partial content range types this server supports via byte serving.
bytes - Byte ranges are supported.
- Age
0
The age the object has been in a proxy cache in seconds.
- Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Inform all caching mechanisms from server to client whether they may cache this object.
no-store
May not be stored by any cache.
no-cache
May be stored by any cache but must be validated by the server.
must-revalidate
Stale caches must not be used.
post-check
0
Problems were found.
- Option is not one of known values.
pre-check
0
Problems were found.
- Option is not one of known values.
- Expires
Wed, 24 Jun 2026 22:29:52 GMT
The time at which the response is considered stale.
- Server
cloudflare
A name for the server.
cloudflare - Description of the server software.
- Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
Max-Age
31536000 (1 year)
The time a browser should remember a site can only be accessed with https (seconds).
includesubdomains
max-age applies to subdomains as well.
preload
Use Google's preloading strict transport security.
- Vary
Crossroads-Language, Accept-Encoding, X-Geo-Vary-Group, Crossroads-Backend,x-http-method-override
Indicates that different content may be provided to different clients, depending on the vary header.
Headers
- Crossroads-Language
- Accept-Encoding
- X-Geo-Vary-Group
- Crossroads-Backend
- x-http-method-override
- Via
1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
Added by proxies to track a request through proxies and to avoid loops.
Version
1.1
Protocol version.
Host
Host name.
Version
1.1
Protocol version.
Host
Host name.
Version
1.1
Protocol version.
Host
Host name.
- X-Backend-Proxy
web-varnish-8549b448b5-xwtjr
- X-Bapp-Server
- X-Cache
MISS, MISS
Indicates whether a cache was used to server this response.
- X-Cache-Hits
0, 0
- X-Content-Type-Options
nosniff
Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
nosniff - Block requests if type 'style' or 'script'.
- X-Frame-Options
sameorigin
Clickjacking protection.
sameorigin - No rendering if origin mismatch.
- X-Link-Match
9
- X-Powered-By
Next.js
The software powering this site.
- X-Served-By
cache-iad-kjyo7100161-IAD, cache-lga21985-LGA
- X-Timer
S1782340193.802311,VS0,VE141
- X-Turnstile-Exception
3
- X-Varnish-Cache
0
- X-Vserver
web-varnish-8549b448b5-xwtjr
- X-Xss-Protection
1; mode=block
Cross-site scripting (XSS) filter.
1
Enable XSS filtering.
Mode
Filtering mode.
- block - Block page if XSS is detected.
- Alt-Svc
h3=":443"; ma=86400
Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.
Service
- h3 - :443
Service
- ma - 86400 (1 day)
Max age for the alternative (seconds).
- ma - 86400 (1 day)