HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
200
Total Requests
1
Total Time
219 ms

  • https://vimeo.com/930826349

    Status
    200
    Message
    OK
    Time
    219 ms
  • IP
    162.159.128.61
    View Map

  • Timing

    Wait

    0 ms

    DNS

    2 ms

    TCP

    3 ms

    Request

    0 ms

    First Byte

    208 ms

    Download

    0 ms

    Total

    219 ms

  • HTTP Headers

    Date

    Thu, 21 Aug 2025 09:54:20 GMT

    The date and time that the message was sent.

    Content-Type

    text/html; charset=utf-8

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      utf-8

    Connection

    close

    Control options for the current connection and list of hop-by-hop response fields.

    close - The client or server would like to close the connection.

    Server

    cloudflare

    A name for the server.

    cloudflare - Description of the server software.

    Cf-Ray

    97293f9f8ccd4408-EWR

    Encoded information about your request from Cloudflare.

    Cf-Cache-Status

    DYNAMIC

    Encoded information about your request from Cloudflare.

    DYNAMIC - This is not cached by default.

    Accept-Ranges

    bytes

    What partial content range types this server supports via byte serving.

    bytes - Byte ranges are supported.

    Age

    0

    The age the object has been in a proxy cache in seconds.

    Cache-Control

    no-store, no-cache, must-revalidate, post-check=0, pre-check=0

    Inform all caching mechanisms from server to client whether they may cache this object.

    • no-store

      May not be stored by any cache.

    • no-cache

      May be stored by any cache but must be validated by the server.

    • must-revalidate

      Stale caches must not be used.

    • post-check

      0

      Problems were found.

      • Option is not one of known values.

    • pre-check

      0

      Problems were found.

      • Option is not one of known values.
    Strict-Transport-Security

    max-age=31536000; includeSubDomains; preload

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      31536000 (1 year)

      The time a browser should remember a site can only be accessed with https (seconds).

    • includesubdomains

      max-age applies to subdomains as well.

    • preload

      Use Google's preloading strict transport security.

    Vary

    Crossroads-Language, Accept-Encoding, X-Geo-Vary-Group, Crossroads-Backend,x-http-method-override

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • Crossroads-Language
      • Accept-Encoding
      • X-Geo-Vary-Group
      • Crossroads-Backend
      • x-http-method-override
    Via

    1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish

    Added by proxies to track a request through proxies and to avoid loops.

    • Version

      1.1

      Protocol version.

    • Host

      Host name.

    • Version

      1.1

      Protocol version.

    • Host

      Host name.

    • Version

      1.1

      Protocol version.

    • Host

      Host name.

    Content-Security-Policy-Report-Only

    default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp

    The content security policy, reporting only.

    • Default-Src

      Fallback for all fetches.

      • https:
      • data:
      • blob:
      • wss:
      • 'unsafe-inline'
      • 'unsafe-eval'

    • Report-URI

      /_csp

      URI for violation reports.

    X-Backend-Proxy

    web-varnish-7b67c4657-kp9dr

    X-Bapp-Server
    X-Cache

    MISS, MISS

    Indicates whether a cache was used to server this response.

    X-Cache-Hits

    0, 0

    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    X-Frame-Options

    sameorigin

    Clickjacking protection.

    sameorigin - No rendering if origin mismatch.

    X-Link-Match

    9

    X-Powered-By

    Next.js

    The software powering this site.

    X-Served-By

    cache-iad-kiad7000109-IAD, cache-lga21956-LGA

    X-Timer

    S1755770061.740242,VS0,VE184

    X-Varnish-Cache

    0

    X-Vserver

    web-varnish-7b67c4657-kp9dr

    X-Xss-Protection

    1; mode=block

    Cross-site scripting (XSS) filter.

    • 1

      Enable XSS filtering.

    • Mode

      Filtering mode.

      • block - Block page if XSS is detected.
    Set-Cookie

    __cf_bm=5beZkssE72n7BYEc8rVNZDUhfwIDogLkdgLjxaz7N6o-1755770060-1.0.1.1-h2m8WF2dTy_eY9EKb7iHgQeVCub7YfCFBPkrEtZDSRVaSzzv8tqxZNBhFz9SlK0B; path=/; expires=Thu, 21-Aug-25 10:24:20 GMT; domain=.vimeo.com; HttpOnly; Secure; SameSite=None

    A cookie sent from the server to be set on the client

    • __cf_bm

      5beZkssE72n7BYEc8rVNZDUhfwIDogLkdgLjxaz7N6o-1755770060-1.0.1.1-h2m8WF2dTy_eY9EKb7iHgQeVCub7YfCFBPkrEtZDSRVaSzzv8tqxZNBhFz9SlK0B

      Cookie name and value.

    • Path

      /

      The client will only send the cookie when requesting this path, or subdirectories, from the server.

    • Expires

      Thu, 21-Aug-25 10:24:20 GMT

      When the cookie should expire.

    • Domain

      .vimeo.com

      The client will only send the cookie when requesting from this domain.

    • HttpOnly

      Prevents access to the cookie through JavaScript.

    • Secure

      The cookie is only sent when requesting from a https domain.

    • Samesite

      None

      Cookie sent with both cross-site and same-site requests..

    Set-Cookie

    _cfuvid=dmK44fblel1Jn3PGG6.qkdgdFFRE4twvjaE_A4BieIk-1755770060928-0.0.1.1-604800000; path=/; domain=.vimeo.com; HttpOnly; Secure; SameSite=None

    A cookie sent from the server to be set on the client

    • _cfuvid

      dmK44fblel1Jn3PGG6.qkdgdFFRE4twvjaE_A4BieIk-1755770060928-0.0.1.1-604800000

      Cookie name and value.

    • Path

      /

      The client will only send the cookie when requesting this path, or subdirectories, from the server.

    • Domain

      .vimeo.com

      The client will only send the cookie when requesting from this domain.

    • HttpOnly

      Prevents access to the cookie through JavaScript.

    • Secure

      The cookie is only sent when requesting from a https domain.

    • Samesite

      None

      Cookie sent with both cross-site and same-site requests..