HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
404
Total Requests
1
Total Time
361 ms

  • https://www.alonegocio.net.br/author/cowedger78/

    Status
    404
    Message
    Not Found
    Time
    361 ms
  • IP
    108.167.151.78
    View Map

  • Timing

    Wait

    1 ms

    DNS

    118 ms

    TCP

    25 ms

    Request

    0 ms

    First Byte

    184 ms

    Download

    1 ms

    Total

    361 ms

  • HTTP Headers

    Date

    Thu, 07 Aug 2025 01:25:08 GMT

    The date and time that the message was sent.

    Server

    Apache

    A name for the server.

    Apache - Description of the server software.

    Expires

    Wed, 11 Jan 1984 05:00:00 GMT

    The time at which the response is considered stale.

    Cache-Control

    no-cache, must-revalidate, max-age=0, no-store, private

    Inform all caching mechanisms from server to client whether they may cache this object.

    • no-cache

      May be stored by any cache but must be validated by the server.

    • must-revalidate

      Stale caches must not be used.

    • Max-Age

      0

      The time a browser should remember a site can only be accessed with https (seconds).

    • no-store

      May not be stored by any cache.

    • private

      May only be stored by a browser cache.

    Access-Control-Allow-Methods

    GET,POST

    Access-Control-Allow-Methods

    GET,POST

    Access-Control-Allow-Headers

    Content-Type, Authorization

    Access-Control-Allow-Headers

    Content-Type, Authorization

    Content-Security-Policy

    upgrade-insecure-requests;

    The content security policy allows the server to determine what resources the user is allowed to load.

    • upgrade-insecure-requests

      Treat insecure URLs as though they are secure.

    Content-Security-Policy

    upgrade-insecure-requests;

    The content security policy allows the server to determine what resources the user is allowed to load.

    • upgrade-insecure-requests

      Treat insecure URLs as though they are secure.

    Problems were detected with this header

    • Duplicate header. There is another header with this name and this may cause problems.
    Cross-Origin-Embedder-Policy

    unsafe-none; report-to='default'

    Cross-Origin-Embedder-Policy

    unsafe-none; report-to='default'

    Cross-Origin-Embedder-Policy-Report-Only

    unsafe-none; report-to='default'

    Cross-Origin-Embedder-Policy-Report-Only

    unsafe-none; report-to='default'

    Cross-Origin-Opener-Policy

    unsafe-none

    Isolate the document from cross-origin windows.

    unsafe-none - Allow document to be added to its openered browsing context group.

    Cross-Origin-Opener-Policy

    unsafe-none

    Isolate the document from cross-origin windows.

    unsafe-none - Allow document to be added to its openered browsing context group.

    Problems were detected with this header

    • Duplicate header. There is another header with this name and this may cause problems.
    Cross-Origin-Opener-Policy-Report-Only

    unsafe-none; report-to='default'

    Cross-Origin-Opener-Policy-Report-Only

    unsafe-none; report-to='default'

    Cross-Origin-Resource-Policy

    cross-origin

    The cross-origin policy.

    cross-origin - Allow cross-origin requests.

    Cross-Origin-Resource-Policy

    cross-origin

    The cross-origin policy.

    cross-origin - Allow cross-origin requests.

    Problems were detected with this header

    • Duplicate header. There is another header with this name and this may cause problems.
    Permissions-Policy

    accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=()

    Enable and disable browser features.

    • accelerometer

      Control access to accelerometer.

      • () - Feature is disabled.

    • autoplay

      Allow access to autoplay media.

      • () - Feature is disabled.

    • camera

      Control access to camera.

      • () - Feature is disabled.

    • cross-origin-isolated

      Problems were found.

      • Unknown option
      • () - Feature is disabled.

    • display-capture

      Control access to display capture devices.

      • (self) - Allowed on this page and all nested contexts in the same origin.

    • encrypted-media

      Control access to encrypted media extensions API.

      • () - Feature is disabled.

    • fullscreen

      Control access to fullscreen API.

      • * - Allowed on this page and all nested contexts of any origin.

    • geolocation

      Control access to geo location API.

      • (self) - Allowed on this page and all nested contexts in the same origin.

    • gyroscope

      Control access to gyroscope API.

      • () - Feature is disabled.

    • keyboard-map

      Problems were found.

      • Unknown option
      • () - Feature is disabled.

    • magnetometer

      Control access to magnetometer API.

      • () - Feature is disabled.

    • microphone

      Control access to microphone device.

      • () - Feature is disabled.

    • midi

      Control access to MIDI API.

      • () - Feature is disabled.

    • payment

      Control access to payment request API.

      • * - Allowed on this page and all nested contexts of any origin.

    • picture-in-picture

      Control access to picture-in-picture mode.

      • * - Allowed on this page and all nested contexts of any origin.

    • publickey-credentials-get

      Control access to web authentication API.

      • () - Feature is disabled.

    • screen-wake-lock

      Control access to screen wake lock API.

      • () - Feature is disabled.

    • sync-xhr

      Control access to XMLHttpRequests.

      • * - Allowed on this page and all nested contexts of any origin.

    • usb

      Control access to web USB API.

      • () - Feature is disabled.

    • xr-spatial-tracking

      Control access to WebXR API.

      • () - Feature is disabled.

    • gamepad

      Control access to gamepad API.

      • () - Feature is disabled.

    • serial

      Problems were found.

      • Unknown option
      • () - Feature is disabled.
    Permissions-Policy

    accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=()

    Enable and disable browser features.

    • accelerometer

      Control access to accelerometer.

      • () - Feature is disabled.

    • autoplay

      Allow access to autoplay media.

      • () - Feature is disabled.

    • camera

      Control access to camera.

      • () - Feature is disabled.

    • cross-origin-isolated

      Problems were found.

      • Unknown option
      • () - Feature is disabled.

    • display-capture

      Control access to display capture devices.

      • (self) - Allowed on this page and all nested contexts in the same origin.

    • encrypted-media

      Control access to encrypted media extensions API.

      • () - Feature is disabled.

    • fullscreen

      Control access to fullscreen API.

      • * - Allowed on this page and all nested contexts of any origin.

    • geolocation

      Control access to geo location API.

      • (self) - Allowed on this page and all nested contexts in the same origin.

    • gyroscope

      Control access to gyroscope API.

      • () - Feature is disabled.

    • keyboard-map

      Problems were found.

      • Unknown option
      • () - Feature is disabled.

    • magnetometer

      Control access to magnetometer API.

      • () - Feature is disabled.

    • microphone

      Control access to microphone device.

      • () - Feature is disabled.

    • midi

      Control access to MIDI API.

      • () - Feature is disabled.

    • payment

      Control access to payment request API.

      • * - Allowed on this page and all nested contexts of any origin.

    • picture-in-picture

      Control access to picture-in-picture mode.

      • * - Allowed on this page and all nested contexts of any origin.

    • publickey-credentials-get

      Control access to web authentication API.

      • () - Feature is disabled.

    • screen-wake-lock

      Control access to screen wake lock API.

      • () - Feature is disabled.

    • sync-xhr

      Control access to XMLHttpRequests.

      • * - Allowed on this page and all nested contexts of any origin.

    • usb

      Control access to web USB API.

      • () - Feature is disabled.

    • xr-spatial-tracking

      Control access to WebXR API.

      • () - Feature is disabled.

    • gamepad

      Control access to gamepad API.

      • () - Feature is disabled.

    • serial

      Problems were found.

      • Unknown option
      • () - Feature is disabled.

    Problems were detected with this header

    • Duplicate header. There is another header with this name and this may cause problems.
    Referrer-Policy

    strict-origin-when-cross-origin

    Controls what referrer information is sent with requests.

    strict-origin-when-cross-origin - Send the full referrer for a same origin request. Send the origin only for cross-domain requests where the protocol level is the same. Otherwise do not send the referrer.

    Referrer-Policy

    strict-origin-when-cross-origin

    Controls what referrer information is sent with requests.

    strict-origin-when-cross-origin - Send the full referrer for a same origin request. Send the origin only for cross-domain requests where the protocol level is the same. Otherwise do not send the referrer.

    Problems were detected with this header

    • Duplicate header. There is another header with this name and this may cause problems.
    Strict-Transport-Security

    max-age=63072000

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      63072000 (2 years)

      The time a browser should remember a site can only be accessed with https (seconds).

    Strict-Transport-Security

    max-age=63072000

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      63072000 (2 years)

      The time a browser should remember a site can only be accessed with https (seconds).

    Problems were detected with this header

    • Duplicate header. There is another header with this name and this may cause problems.
    X-Content-Security-Policy

    default-src 'self'; img-src *; media-src * data:;

    X-Content-Security-Policy

    default-src 'self'; img-src *; media-src * data:;

    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    Problems were detected with this header

    • Duplicate header. There is another header with this name and this may cause problems.
    X-Frame-Options

    SAMEORIGIN

    Clickjacking protection.

    SAMEORIGIN - No rendering if origin mismatch.

    X-Frame-Options

    SAMEORIGIN

    Clickjacking protection.

    SAMEORIGIN - No rendering if origin mismatch.

    Problems were detected with this header

    • Duplicate header. There is another header with this name and this may cause problems.
    X-Permitted-Cross-Domain-Policies

    none

    Specifies if a cross-domain policy is allowed.

    none - No policy is allowed.

    X-Permitted-Cross-Domain-Policies

    none

    Specifies if a cross-domain policy is allowed.

    none - No policy is allowed.

    Problems were detected with this header

    • Duplicate header. There is another header with this name and this may cause problems.
    Link

    <https://www.alonegocio.net.br/wp-json/>; rel="https://api.w.org/"

    Used to express a typed relationship with another resource.

    Upgrade

    h2,h2c

    Connection

    Upgrade, close

    Control options for the current connection and list of hop-by-hop response fields.

    • upgrade

      Indicate the connection should be upgraded from HTTP to HTTPS.

    • close

      The client or server would like to close the connection.

    Vary

    User-Agent,Accept-Encoding

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • User-Agent
      • Accept-Encoding
    Content-Type

    text/html; charset=UTF-8

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      UTF-8