HTTP Headers

Sat, 19 Apr 2025 09:52:54 GMT

The date and time that the message was sent.

text/html; charset=UTF-8

The MIME type of this content.

close

Control options for the current connection and list of hop-by-hop response fields.

close - The client or server would like to close the connection.

932b8301db6a97d5-EWR

Encoded information about your request from Cloudflare.

DYNAMIC

Encoded information about your request from Cloudflare.

DYNAMIC - This is not cached by default.

bytes

What partial content range types this server supports via byte serving.

bytes - Byte ranges are supported.

0

The age the object has been in a proxy cache in seconds.

no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Inform all caching mechanisms from server to client whether they may cache this object.

Sat, 19 Apr 2025 10:07:54 GMT

The time at which the response is considered stale.

max-age=31536000; includeSubDomains; preload

A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

User-Agent, X-Geo-Vary-Group, Crossroads-Backend, Accept-Encoding,x-http-method-override

Indicates that different content may be provided to different clients, depending on the vary header.

1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish

Added by proxies to track a request through proxies and to avoid loops.

default-src 'self' f.vimeocdn.com; connect-src 'self' blob: data: ws: wss: *.6sc.co *.6sense.com *.agora.io llhls-live.akamaized.net cognito-identity.us-east-1.amazonaws.com https://s3.amazonaws.com/business.sightera.com/ sqs.us-east-1.amazonaws.com *.amplitude.com vimeo.bynder.com bat.bing.com bat.bing.net www.bing.com api.branch.io cdn.builder.io http://d1oca24q5dwo6d.cloudfront.net d2by6sxflmuwyq.cloudfront.net duysrfiajusdh.cloudfront.net cdn.cookielaw.org browser-intake-datadoghq.com *.g.doubleclick.net *.elfsight.com www.facebook.com s-usc1f-nss-6502.firebaseio.com tracking-api.g2.com *.getsmartling.com *.google.ae *.google.com *.google.ca *.google.es *.google.fr *.google.iq *.google.is *.google.it *.google.rs *.google.co.jp *.google.co.kr *.google.co.nz *.google.co.th *.google.co.uk *.google.com.ar *.google.com.au *.google.com.br *.google.com.pk *.google.com.sa *.google.com.tr *.google.com.uk *.google.de *.analytics.google.com *.google-analytics.com *.googleapis.com csi.gstatic.com pagead2.googlesyndication.com *.googletagmanager.com api.greenhouse.io *.hivestreaming.com 117151225.intellimizeio.com *.intellimize.co *.kollective.app leatherback-dot-vimeo-prod.appspot.com snap.licdn.com px.ads.linkedin.com linkedin.com *.cdn.magisto.com vimeo.magisto.com *.maze.co 582-gou-684.mktoresp.com js-agent.newrelic.com t.paypal.com data.pendo.io *.pndsn.com privacyportal.onetrust.com privacyportal-cdn.onetrust.com app.qualified.com *.qualtrics.com pixel-config.reddit.com www.redditstatic.com *.riskified.com *.statscollector.ap.sd-rtn.com *.ap.sd-rtn.com o209747.ingest.us.sentry.io sierra.chat simonsignal.com static.simonsignal.com sdk-api-v1.singular.net web-sdk-cdn.singular.net telemetry.transcend.io transcend-cdn.com *.vimeo.com vimeo.com *.vimeo.work *.vimeocdn.com cdn.widerfunnel.com appds8093.blob.core.windows.net *.wirewax.com *.zdassets.com vimeosupport.zendesk.com ws.zoominfo.com; font-src 'self' data: d2by6sxflmuwyq.cloudfront.net fonts.gstatic.com *.cdn.magisto.com privacyportal-cdn.onetrust.com www.paypalobjects.com cf-st.sc-cdn.net use.typekit.net f.vimeocdn.com edge-assets.wirewax.com; frame-src 'self' bat.bing.com challenges.cloudflare.com td.doubleclick.net 3600063.fls.doubleclick.net *.g.doubleclick.net www.facebook.com vimeo-live-streamhealth-prod.firebaseapp.com vimeo-chat.firebaseapp.com vimeo-live-composer-prod.firebaseapp.com s-usc1b-nss-2113.firebaseio.com s-usc1f-nss-6502.firebaseio.com *.google.com storage.googleapis.com www.googletagmanager.com 117151225.intellimizeio.com lp.livestream.com www.paypal.com app.qualified.com vimeo.com *.vimeo.com vimeopro.com static.zdassets.com us01ccistatic.zoom.us *.zuora.com; img-src * blob: data:; media-src 'self' blob: data: download-video.akamaized.net llhls-live.akamaized.net http://d1oca24q5dwo6d.cloudfront.net duysrfiajusdh.cloudfront.net media.gettyimages.com *.cdn.magisto.com player.vimeo.com *.vimeocdn.com app.qualified.com https://s3.amazonaws.com/sound.sightera.com/ https://storage.googleapis.com/vimeo-create-prod-files/; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: ws: wss: *.6sc.co app.link bat.bing.com cdnjs.cloudflare.com challenges.cloudflare.com www.datadoghq-browser-agent.com securepubads.g.doubleclick.net www.dropbox.com static.elfsight.com *.elfsightcdn.com connect.facebook.net s-usc1b-nss-2113.firebaseio.com s-usc1f-nss-6502.firebaseio.com vimeo-chat.firebaseio.com tracking.g2crowd.com *.google.com www.googleadservices.com www.gstatic.com *.google-analytics.com maps.googleapis.com pendo-static-6633483048714240.storage.googleapis.com pagead2.googlesyndication.com www.googletagmanager.com www.googletagservices.com cdn.intellimize.co *.kollective.app snap.licdn.com lp.livestream.com munchkin.marketo.net snippet.maze.co privacyportal-cdn.onetrust.com www.paypalobjects.com cdn.pendo.io js.qualified.com data.pendo.io *.qualtrics.com www.redditstatic.com beacon.riskified.com secured-pixel.com sierra.chat static.simonsignal.com web-sdk-cdn.singular.net transcend-cdn.com *.vimeo.com *.vimeocdn.com cdn.widerfunnel.com embedder-sdk.wirewax.com origin-4.xtlo.net static.zdassets.com us01ccistatic.zoom.us ws.zoominfo.com static.zuora.com https://www.dropbox.com/static/api/2/dropins.js; style-src 'self' 'unsafe-inline' *.6sc.co cdn01.boxcdn.net cdnjs.cloudflare.com accounts.google.com fonts.googleapis.com pendo-static-6633483048714240.storage.googleapis.com www.gstatic.com lp.livestream.com privacyportal-cdn.onetrust.com www.paypalobjects.com sierra.chat *.vimeo.com *.vimeocdn.com vimeopro.com transcend-cdn.com cdn.widerfunnel.com edge-assets.wirewax.com origin-4.xtlo.net; worker-src 'self' blob:; report-to csp-endpoint; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba92ed04ee7cceea44335c3d8c1ccc173&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acspreport%2Cenv%3Aproduction

The content security policy, reporting only.

csp-endpoint='https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba92ed04ee7cceea44335c3d8c1ccc173&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Acspreport%2Cenv%3Aproduction'

web-varnish-67bcc8cc55-phppz

pweb-57784df8d4-4c4tl

MISS, MISS

Indicates whether a cache was used to server this response.

0, 0

nosniff

Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

nosniff - Block requests if type 'style' or 'script'.

sameorigin

Clickjacking protection.

sameorigin - No rendering if origin mismatch.

cache-iad-kjyo7100026-IAD, cache-lga21925-LGA

S1745056374.066444,VS0,VE181

0

IE=edge

Recommends the preferred rendering engine (often a backward-compatibility mode) to use to display the content.

IE=edge - Use highest level rendering.

0

d

web-varnish-67bcc8cc55-phppz

1; mode=block

Cross-site scripting (XSS) filter.

__cf_bm=QQIIA6iWPsoXvVNAAdkrCNHFiNYev4aersGCuXEPU7E-1745056374-1.0.1.1-TZPxV58DRmdP8UJ_RruTXVud8ImzEga6srZYHF5zEdzgD_sQ0hZjkDJ1wZ3HyrYQ; path=/; expires=Sat, 19-Apr-25 10:22:54 GMT; domain=.vimeo.com; HttpOnly; Secure

A cookie sent from the server to be set on the client

_cfuvid=QCH6BzrQmUEBUp7XXOeQ58n5yMCcPBq13X_X0A89PW0-1745056374249-0.0.1.1-604800000; path=/; domain=.vimeo.com; HttpOnly

A cookie sent from the server to be set on the client

cloudflare

A name for the server.

cloudflare - Description of the server software.