HTTP Headers
Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.
Summary
- Response
- Total Requests
- 1
- Total Time
- 206 ms
https://vimeo.com/709758286
- Status
- 200
- Message
- OK
- Time
- 206 ms
- IP
- 162.159.128.61
Timing
Wait
0 ms
DNS
1 ms
TCP
1 ms
Request
0 ms
First Byte
202 ms
Download
0 ms
Total
206 ms
HTTP Headers
- Date
Thu, 31 Oct 2024 01:31:20 GMT
The date and time that the message was sent.
- Content-Type
text/html; charset=UTF-8
The MIME type of this content.
Type
text/html
Description
HTML file
Charset
UTF-8
- Connection
close
Control options for the current connection and list of hop-by-hop response fields.
close - The client or server would like to close the connection.
- Cf-Ray
8dafe28b6c5642a7-EWR
Encoded information about your request from Cloudflare.
- Cf-Cache-Status
DYNAMIC
Encoded information about your request from Cloudflare.
DYNAMIC - This is not cached by default.
- Accept-Ranges
bytes
What partial content range types this server supports via byte serving.
bytes - Byte ranges are supported.
- Age
0
The age the object has been in a proxy cache in seconds.
- Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Inform all caching mechanisms from server to client whether they may cache this object.
no-store
May not be stored by any cache.
no-cache
May be stored by any cache but must be validated by the server.
must-revalidate
Stale caches must not be used.
post-check
0
Problems were found.
- Option is not one of known values.
pre-check
0
Problems were found.
- Option is not one of known values.
- Expires
Thu, 31 Oct 2024 01:46:20 GMT
The time at which the response is considered stale.
- Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
Max-Age
31536000 (1 year)
The time a browser should remember a site can only be accessed with https (seconds).
includesubdomains
max-age applies to subdomains as well.
preload
Use Google's preloading strict transport security.
- Vary
User-Agent, X-Geo-Vary-Group, Accept-Encoding,x-http-method-override
Indicates that different content may be provided to different clients, depending on the vary header.
Headers
- User-Agent
- X-Geo-Vary-Group
- Accept-Encoding
- x-http-method-override
- Via
1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
Added by proxies to track a request through proxies and to avoid loops.
Version
1.1
Protocol version.
Host
Host name.
Version
1.1
Protocol version.
Host
Host name.
Version
1.1
Protocol version.
Host
Host name.
- Content-Security-Policy-Report-Only
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp
The content security policy, reporting only.
Default-Src
Fallback for all fetches.
- https:
- data:
- blob:
- wss:
- 'unsafe-inline'
- 'unsafe-eval'
Report-URI
/_csp
URI for violation reports.
- X-Backend-Proxy
webproxy9
- X-Bapp-Server
pweb-bf944b5b6-mkz9n
- X-Cache
MISS, MISS
Indicates whether a cache was used to server this response.
- X-Cache-Hits
0, 0
- X-Content-Type-Options
nosniff
Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
nosniff - Block requests if type 'style' or 'script'.
- X-Frame-Options
sameorigin
Clickjacking protection.
sameorigin - No rendering if origin mismatch.
- X-Served-By
cache-iad-kiad7000095-IAD, cache-lga21939-LGA
- X-Timer
S1730338280.245654,VS0,VE174
- X-Ua-Compatible
IE=edge
Recommends the preferred rendering engine (often a backward-compatibility mode) to use to display the content.
IE=edge - Use highest level rendering.
- X-Varnish-Cache
0
- X-Vimeo-Device
d
- X-Vserver
web-varnish-prod-varnish-8
- X-Xss-Protection
1; mode=block
Cross-site scripting (XSS) filter.
1
Enable XSS filtering.
Mode
Filtering mode.
- block - Block page if XSS is detected.
- Set-Cookie
__cf_bm=OLbHHjEXuLuJqjyX.DbRUtdFfo03TM1fxV5SYB8_u6E-1730338280-1.0.1.1-_w2IZJqN4gRDYnaZWxfTFTYCaMf6IZYA316Rqq1VvJMs39KdfQSZN5l0G4_Bx8wn; path=/; expires=Thu, 31-Oct-24 02:01:20 GMT; domain=.vimeo.com; HttpOnly; Secure
A cookie sent from the server to be set on the client
__cf_bm
OLbHHjEXuLuJqjyX.DbRUtdFfo03TM1fxV5SYB8_u6E-1730338280-1.0.1.1-_w2IZJqN4gRDYnaZWxfTFTYCaMf6IZYA316Rqq1VvJMs39KdfQSZN5l0G4_Bx8wn
Cookie name and value.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
Expires
Thu, 31-Oct-24 02:01:20 GMT
When the cookie should expire.
Domain
.vimeo.com
The client will only send the cookie when requesting from this domain.
HttpOnly
Prevents access to the cookie through JavaScript.
Secure
The cookie is only sent when requesting from a https domain.
- Set-Cookie
_cfuvid=l_puYNtT.et29hnVFpBQ6jC9DlMU5YRXvWmXDDx4EtI-1730338280427-0.0.1.1-604800000; path=/; domain=.vimeo.com; HttpOnly
A cookie sent from the server to be set on the client
_cfuvid
l_puYNtT.et29hnVFpBQ6jC9DlMU5YRXvWmXDDx4EtI-1730338280427-0.0.1.1-604800000
Cookie name and value.
Path
/
The client will only send the cookie when requesting this path, or subdirectories, from the server.
Domain
.vimeo.com
The client will only send the cookie when requesting from this domain.
HttpOnly
Prevents access to the cookie through JavaScript.
- Server
cloudflare
A name for the server.
cloudflare - Description of the server software.