HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
200
Total Requests
1
Total Time
1795 ms

  • https://www.foreximf.com/berita-forex

    Status
    200
    Message
    OK
    Time
    1795 ms
  • IP
    104.26.7.26
    View Map

  • Timing

    Wait

    0 ms

    DNS

    8 ms

    TCP

    3 ms

    Request

    0 ms

    First Byte

    1776 ms

    Download

    0 ms

    Total

    1795 ms

  • HTTP Headers

    Date

    Sun, 14 Sep 2025 12:13:04 GMT

    The date and time that the message was sent.

    Content-Type

    text/html; charset=UTF-8

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      UTF-8

    Connection

    close

    Control options for the current connection and list of hop-by-hop response fields.

    close - The client or server would like to close the connection.

    Expires

    Thu, 19 Nov 1981 08:52:00 GMT

    The time at which the response is considered stale.

    Cache-Control

    no-store, no-cache, must-revalidate

    Inform all caching mechanisms from server to client whether they may cache this object.

    • no-store

      May not be stored by any cache.

    • no-cache

      May be stored by any cache but must be validated by the server.

    • must-revalidate

      Stale caches must not be used.

    Cache-Control

    max-age=0, no-cache, no-store, must-revalidate

    Inform all caching mechanisms from server to client whether they may cache this object.

    • Max-Age

      0

      The time a browser should remember a site can only be accessed with https (seconds).

    • no-cache

      May be stored by any cache but must be validated by the server.

    • no-store

      May not be stored by any cache.

    • must-revalidate

      Stale caches must not be used.

    Problems were detected with this header

    • Duplicate header. There is another header with this name and this may cause problems.
    Pragma

    no-cache

    HTTP/1.0 backwards compatible cache handling.

    no-cache - Force requests to the origin server before releasing a cache.

    Strict-Transport-Security

    max-age=300

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      300 (5 minutes)

      The time a browser should remember a site can only be accessed with https (seconds).

    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    X-Xss-Protection

    1; mode=block

    Cross-site scripting (XSS) filter.

    • 1

      Enable XSS filtering.

    • Mode

      Filtering mode.

      • block - Block page if XSS is detected.
    X-Frame-Options

    ALLOWALL

    Clickjacking protection.

    ALLOWALL - Non-standard, allow from any location.

    Referrer-Policy

    same-origin

    Controls what referrer information is sent with requests.

    same-origin - Send the full referrer for same origin requests, and nothing for cross-origin.

    Content-Security-Policy

    default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' content.mql5.com https://google.com https://post.foreximf.com https://www.google.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://googletagmanager.com https://www.googletagmanager.com https://youtube.com https://www.youtube.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.id https://www.facebook.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net/; worker-src 'self' blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://cdn.ampproject.org/;

    The content security policy allows the server to determine what resources the user is allowed to load.

    • Default-Src

      Fallback for all fetches.

      • *
      • 'self'
      • data:
      • 'unsafe-inline'
      • 'unsafe-hashes'
      • 'unsafe-eval'
      • content.mql5.com
      • https://google.com
      • https://post.foreximf.com
      • https://www.google.com
      • https://maps.google.com
      • https://fonts.googleapis.com
      • https://fonts.gstatic.com
      • https://google-analytics.com
      • https://ssl.google-analytics.com
      • https://googletagmanager.com
      • https://www.googletagmanager.com
      • https://youtube.com
      • https://www.youtube.com
      • https://connect.facebook.net
      • https://www.google-analytics.com
      • https://www.google.co.id
      • https://www.facebook.com
      • https://stats.g.doubleclick.net
      • https://googleads.g.doubleclick.net/

    • Worker-Src

      Define sources for Worker, SharedWork, and ServiceWorker scripts.

      • 'self'
      • blob:
      • 'unsafe-inline'
      • 'unsafe-hashes'
      • 'unsafe-eval'
      • https://cdn.ampproject.org/
    Feature-Policy

    geolocation 'self'; vibrate 'none'

    Enable and disable browser features.

    • Feature

      geolocation

      Control access to geo location API.

      • self - Allowed on this page and all nested contexts in the same origin.

    • feature

      vibrate

      Problems were found.

      • Invalid value
    Vary

    User-Agent

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • User-Agent
    Server

    cloudflare

    A name for the server.

    cloudflare - Description of the server software.

    Cf-Cache-Status

    DYNAMIC

    Encoded information about your request from Cloudflare.

    DYNAMIC - This is not cached by default.

    Server-Timing

    cfCacheStatus;desc="DYNAMIC"

    Server metrics for the request.

    • Cfcachestatus

      DYNAMIC

    Server-Timing

    cfEdge;dur=10,cfOrigin;dur=1762

    Server metrics for the request.

    • Cfedge

      • dur - 10

    • Cforigin

      • dur - 1762

    Problems were detected with this header

    • Duplicate header. There is another header with this name and this may cause problems.
    Report-To

    {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=wt8posBWX73TGTXlCVM77%2FyjEK3%2F1gnNoif3gChQaX2ANY5ZMGVQCNgLExV%2BD%2FPQFTWWtHW8vUKUG81TWbWPBy3XIE4I7v98aYr%2Fs6u9BQ%3D%3D"}]}

    Report to.

    • Group

      cf-nel

    • Max_age

      604800

    • Endpoints

      • {"url":"https://a.nel.cloudflare.com/report/v4?s=wt8posBWX73TGTXlCVM77%2FyjEK3%2F1gnNoif3gChQaX2ANY5ZMGVQCNgLExV%2BD%2FPQFTWWtHW8vUKUG81TWbWPBy3XIE4I7v98aYr%2Fs6u9BQ%3D%3D"}
    Nel

    {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}

    Configure network request logging.

    • Report_to

      cf-nel

    • Success_fraction

      0

    • Max_age

      604800

    Set-Cookie

    PHPSESSID=juq5rv21fut15doghkhkp58pns; Path=/

    A cookie sent from the server to be set on the client

    • PHPSESSID

      juq5rv21fut15doghkhkp58pns

      Cookie name and value.

    • Path

      /

      The client will only send the cookie when requesting this path, or subdirectories, from the server.

    Cf-Ray

    97efcbcaf86097d5-EWR

    Encoded information about your request from Cloudflare.