HTTP Headers

Mon, 31 Mar 2025 05:34:47 GMT

The date and time that the message was sent.

text/html; charset=UTF-8

The MIME type of this content.

close

Control options for the current connection and list of hop-by-hop response fields.

close - The client or server would like to close the connection.

928d7acc09741b58-EWR

Encoded information about your request from Cloudflare.

DYNAMIC

Encoded information about your request from Cloudflare.

DYNAMIC - This is not cached by default.

bytes

What partial content range types this server supports via byte serving.

bytes - Byte ranges are supported.

0

The age the object has been in a proxy cache in seconds.

no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Inform all caching mechanisms from server to client whether they may cache this object.

Mon, 31 Mar 2025 05:49:47 GMT

The time at which the response is considered stale.

max-age=31536000; includeSubDomains; preload

A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

User-Agent, X-Geo-Vary-Group, Crossroads-Backend, Accept-Encoding,x-http-method-override

Indicates that different content may be provided to different clients, depending on the vary header.

1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish

Added by proxies to track a request through proxies and to avoid loops.

default-src 'self' f.vimeocdn.com; connect-src 'self' blob: data: ws: wss: *.6sc.co *.6sense.com *.agora.io llhls-live.akamaized.net *.amplitude.com bat.bing.com bat.bing.net www.bing.com api.branch.io cdn.builder.io d2by6sxflmuwyq.cloudfront.net duysrfiajusdh.cloudfront.net browser-intake-datadoghq.com *.g.doubleclick.net static.elfsight.com www.facebook.com s-usc1f-nss-6502.firebaseio.com *.google.com *.google.ca *.google.com.br *.analytics.google.com *.google-analytics.com *.googleapis.com csi.gstatic.com pagead2.googlesyndication.com *.googletagmanager.com *.hivestreaming.com 117151225.intellimizeio.com api.intellimize.co cdn.intellimize.co log.intellimize.co *.kollective.app snap.licdn.com px.ads.linkedin.com linkedin.com sticker.cdn.magisto.com vimeo.magisto.com *.maze.co 582-gou-684.mktoresp.com t.paypal.com data.pendo.io *.pndsn.com privacyportal.onetrust.com app.qualified.com *.qualtrics.com pixel-config.reddit.com www.redditstatic.com *.riskified.com sierra.chat simonsignal.com static.simonsignal.com sdk-api-v1.singular.net web-sdk-cdn.singular.net telemetry.transcend.io transcend-cdn.com *.vimeo.com vimeo.com *.vimeo.work *.vimeocdn.com cdn.widerfunnel.com *.wirewax.com vimeosupport.zendesk.com ws.zoominfo.com; font-src 'self' data: d2by6sxflmuwyq.cloudfront.net fonts.gstatic.com privacyportal-cdn.onetrust.com www.paypalobjects.com cf-st.sc-cdn.net use.typekit.net *.videoji.cn f.vimeocdn.com edge-assets.wirewax.com; frame-src 'self' bat.bing.com challenges.cloudflare.com td.doubleclick.net 3600063.fls.doubleclick.net *.g.doubleclick.net www.facebook.com vimeo-live-streamhealth-prod.firebaseapp.com vimeo-chat.firebaseapp.com vimeo-live-composer-prod.firebaseapp.com s-usc1b-nss-2113.firebaseio.com s-usc1f-nss-6502.firebaseio.com *.google.com storage.googleapis.com www.googletagmanager.com 117151225.intellimizeio.com lp.livestream.com www.paypal.com app.qualified.com vimeo.com *.vimeo.com static.zdassets.com us01ccistatic.zoom.us *.zuora.com; img-src * blob: data:; media-src 'self' blob: data: download-video.akamaized.net llhls-live.akamaized.net d1oca24q5dwo6d.cloudfront.net duysrfiajusdh.cloudfront.net media.gettyimages.com *.cdn.magisto.com player.vimeo.com *.vimeocdn.com app.qualified.com https://s3.amazonaws.com/sound.sightera.com/ https://storage.googleapis.com/vimeo-create-prod-files; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: ws: wss: *.6sc.co app.link bat.bing.com cdnjs.cloudflare.com challenges.cloudflare.com www.datadoghq-browser-agent.com securepubads.g.doubleclick.net www.dropbox.com static.elfsight.com connect.facebook.net s-usc1b-nss-2113.firebaseio.com s-usc1f-nss-6502.firebaseio.com tracking.g2crowd.com *.google.com www.googleadservices.com www.gstatic.com *.google-analytics.com maps.googleapis.com pendo-static-6633483048714240.storage.googleapis.com pagead2.googlesyndication.com www.googletagmanager.com www.googletagservices.com cdn.intellimize.co snap.licdn.com lp.livestream.com munchkin.marketo.net snippet.maze.co privacyportal-cdn.onetrust.com www.paypalobjects.com cdn.pendo.io js.qualified.com data.pendo.io *.qualtrics.com www.redditstatic.com beacon.riskified.com secured-pixel.com sierra.chat static.simonsignal.com web-sdk-cdn.singular.net transcend-cdn.com *.videoji.cn *.vimeo.com *.vimeocdn.com cdn.widerfunnel.com embedder-sdk.wirewax.com static.zdassets.com us01ccistatic.zoom.us ws.zoominfo.com static.zuora.com https://www.dropbox.com/static/api/2/dropins.js; style-src 'self' 'unsafe-inline' *.6sc.co cdn01.boxcdn.net cdnjs.cloudflare.com accounts.google.com fonts.googleapis.com pendo-static-6633483048714240.storage.googleapis.com www.gstatic.com lp.livestream.com privacyportal-cdn.onetrust.com www.paypalobjects.com sierra.chat *.videoji.cn *.vimeo.com *.vimeocdn.com vimeopro.com transcend-cdn.com cdn.widerfunnel.com edge-assets.wirewax.com origin-4.xtlo.net; worker-src 'self' blob:; report-to csp-endpoint; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba92ed04ee7cceea44335c3d8c1ccc173&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acspreport%2Cenv%3Aproduction

The content security policy, reporting only.

csp-endpoint='https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba92ed04ee7cceea44335c3d8c1ccc173&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acspreport%2Cenv%3Aproduction'

web-varnish-889797789-stfsc

pweb-6778f5bcbb-bcw9d

MISS, MISS

Indicates whether a cache was used to server this response.

0, 0

nosniff

Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

nosniff - Block requests if type 'style' or 'script'.

sameorigin

Clickjacking protection.

sameorigin - No rendering if origin mismatch.

cache-iad-kcgs7200150-IAD, cache-lga21948-LGA

S1743399288.699247,VS0,VE223

0

IE=edge

Recommends the preferred rendering engine (often a backward-compatibility mode) to use to display the content.

IE=edge - Use highest level rendering.

0

d

web-varnish-889797789-stfsc

1; mode=block

Cross-site scripting (XSS) filter.

__cf_bm=GjHPLQ92uB7XnLL_8Chtdw9UXLa_NYYu82qNNxDb_DM-1743399287-1.0.1.1-ibrfIPT8qFsxwD8DTy9Sh9CR3W1LLsahkz2gGWAABFw5Uovwd8hM2z917uGUUi7l; path=/; expires=Mon, 31-Mar-25 06:04:47 GMT; domain=.vimeo.com; HttpOnly; Secure

A cookie sent from the server to be set on the client

_cfuvid=siQmZNZZ8ujlajdbLUMI574whp8yC437mMJrXPLJm.4-1743399287924-0.0.1.1-604800000; path=/; domain=.vimeo.com; HttpOnly

A cookie sent from the server to be set on the client

cloudflare

A name for the server.

cloudflare - Description of the server software.