HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
Total Requests
1
Total Time
66 ms
  • https://whatweather.today/

    Status
    200
    Message
    OK
    Time
    66 ms
  • IP
    172.67.192.201
  • Timing

    Wait

    0 ms

    DNS

    18 ms

    TCP

    2 ms

    Request

    0 ms

    First Byte

    40 ms

    Download

    0 ms

    Total

    66 ms

  • HTTP Headers

    Date

    Sun, 16 Mar 2025 05:33:49 GMT

    The date and time that the message was sent.

    Content-Type

    text/html

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    Connection

    close

    Control options for the current connection and list of hop-by-hop response fields.

    close - The client or server would like to close the connection.

    Cache-Control

    public, max-age=0

    Inform all caching mechanisms from server to client whether they may cache this object.

    • public

      May be stored by any cache.

    • Max-Age

      0

      The time a browser should remember a site can only be accessed with https (seconds).

    Expires

    Sun, 16 Mar 2025 05:33:48 GMT

    The time at which the response is considered stale.

    Last-Modified

    Sat, 15 Mar 2025 19:55:19 GMT

    The last modified date for the requested object.

    Vary

    Accept-Encoding,User-Agent,Accept-Encoding

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • Accept-Encoding
      • User-Agent
      • Accept-Encoding

    Problems were detected with this header

    • Duplicates
    Platform

    hostinger

    Panel

    hpanel

    Content-Security-Policy

    upgrade-insecure-requests

    The content security policy allows the server to determine what resources the user is allowed to load.

    upgrade-insecure-requests - Treat insecure URLs as though they are secure.

    Referrer-Policy

    strict-origin-when-cross-origin

    Controls what referrer information is sent with requests.

    strict-origin-when-cross-origin - Send the full referrer for a same origin request. Send the origin only for cross-domain requests where the protocol level is the same. Otherwise do not send the referrer.

    X-Frame-Options

    sameorigin

    Clickjacking protection.

    sameorigin - No rendering if origin mismatch.

    X-Xss-Protection

    1; mode=block

    Cross-site scripting (XSS) filter.

    • 1

      Enable XSS filtering.

    • Mode

      Filtering mode.

      • block - Block page if XSS is detected.
    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    Strict-Transport-Security

    max-age=15552000; includeSubDomains; preload

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      15552000 (180 days)

      The time a browser should remember a site can only be accessed with https (seconds).

    • includesubdomains

      max-age applies to subdomains as well.

    • preload

      Use Google's preloading strict transport security.

    Permissions-Policy

    midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=()

    Enable and disable browser features.

    • midi

      Control access to MIDI API.

      • () - Feature is disabled.
    • sync-xhr

      Control access to XMLHttpRequests.

      • () - Feature is disabled.
    • accelerometer

      Control access to accelerometer.

      • () - Feature is disabled.
    • gyroscope

      Control access to gyroscope API.

      • () - Feature is disabled.
    • magnetometer

      Control access to magnetometer API.

      • () - Feature is disabled.
    • camera

      Control access to camera.

      • () - Feature is disabled.
    Alt-Svc

    h3=":443"; ma=86400

    Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.

    • Service

      • h3 - :443
    • Service

      • ma - 86400 (1 day)

        Max age for the alternative (seconds).

    X-Turbo-Charged-By

    LiteSpeed

    Cf-Cache-Status

    DYNAMIC

    Encoded information about your request from Cloudflare.

    DYNAMIC - This is not cached by default.

    Report-To

    {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cnrE4Iwwmb3gwA%2FtzoRpuOijshjqRqrdcDCbSCY%2FvVV3TOa3xnsl%2BiF2J7Z6KaljC0Lh9%2BkU0rJZ2r4Ni6FqQvRyhkt0Mr%2BdMhSHhXkL2SwZ4Cn0nnB1q4zO5PJNrdsgiyGmfQ%3D%3D"}],"group":"cf-nel","max_age":604800}

    Report to.

    • Endpoints

      • {"url":"https://a.nel.cloudflare.com/report/v4?s=cnrE4Iwwmb3gwA%2FtzoRpuOijshjqRqrdcDCbSCY%2FvVV3TOa3xnsl%2BiF2J7Z6KaljC0Lh9%2BkU0rJZ2r4Ni6FqQvRyhkt0Mr%2BdMhSHhXkL2SwZ4Cn0nnB1q4zO5PJNrdsgiyGmfQ%3D%3D"}
    • Group

      cf-nel

    • Max_age

      604800

    Nel

    {"success_fraction":0,"report_to":"cf-nel","max_age":604800}

    Configure network request logging.

    • Success_fraction

      0
    • Report_to

      cf-nel

    • Max_age

      604800

    Speculation-Rules

    "/cdn-cgi/speculation"

    Server

    cloudflare

    A name for the server.

    cloudflare - Description of the server software.

    Cf-Ray

    9211e0bd1de4b29e-EWR

    Encoded information about your request from Cloudflare.

    Server-Timing

    cfL4;desc="?proto=TCP&rtt=1710&min_rtt=1355&rtt_var=762&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2840&recv_bytes=695&delivery_rate=2137269&cwnd=252&unsent_bytes=0&cid=4b997782df153f82&ts=44&x=0"

    Server metrics for the request.

    • Cfl4