HTTP Headers
Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.
Summary
- Response
- Total Requests
- 1
- Total Time
- 42 ms
https://www.niceoo.com/flower-girl-dresses/- Status
- 403
- Message
- Forbidden
- Time
- 42 ms
- IP
- 172.67.211.43
Timing
Wait
0 ms
DNS
4 ms
TCP
2 ms
Request
0 ms
First Byte
28 ms
Download
0 ms
Total
42 ms
HTTP Headers
- Date
Thu, 17 Jul 2025 16:31:06 GMT
The date and time that the message was sent.
- Content-Type
text/html; charset=UTF-8
The MIME type of this content.
Type
text/html
Description
HTML file
Charset
UTF-8
- Connection
close
Control options for the current connection and list of hop-by-hop response fields.
close - The client or server would like to close the connection.
- Accept-Ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Specify what client hints should be included in subsequent requests.
sec-ch-ua-bitness
Problems were found.
- Option is not one of known values.
sec-ch-ua-arch
Problems were found.
- Option is not one of known values.
sec-ch-ua-full-version
Problems were found.
- Option is not one of known values.
sec-ch-ua-mobile
Problems were found.
- Option is not one of known values.
sec-ch-ua-model
Problems were found.
- Option is not one of known values.
sec-ch-ua-platform-version
Problems were found.
- Option is not one of known values.
sec-ch-ua-full-version-list
Problems were found.
- Option is not one of known values.
sec-ch-ua-platform
Problems were found.
- Option is not one of known values.
sec-ch-ua
Problems were found.
- Option is not one of known values.
ua-bitness
Problems were found.
- Option is not one of known values.
ua-arch
Problems were found.
- Option is not one of known values.
ua-full-version
Problems were found.
- Option is not one of known values.
ua-mobile
Problems were found.
- Option is not one of known values.
ua-model
Problems were found.
- Option is not one of known values.
ua-platform-version
Problems were found.
- Option is not one of known values.
ua-platform
Problems were found.
- Option is not one of known values.
ua
Problems were found.
- Option is not one of known values.
- Cf-Mitigated
challenge
- Critical-Ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
- Cross-Origin-Embedder-Policy
require-corp
- Cross-Origin-Opener-Policy
same-origin
Isolate the document from cross-origin windows.
same-origin - Isolated the browsing context to same-origin.
- Cross-Origin-Resource-Policy
same-origin
The cross-origin policy.
same-origin - Allow same origin requests only.
- Origin-Agent-Cluster
?1
- Permissions-Policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Enable and disable browser features.
accelerometer
Control access to accelerometer.
- () - Feature is disabled.
autoplay
Allow access to autoplay media.
- () - Feature is disabled.
browsing-topics
Problems were found.
- Unknown option
- () - Feature is disabled.
camera
Control access to camera.
- () - Feature is disabled.
clipboard-read
Control access to clipboard reading.
- () - Feature is disabled.
clipboard-write
Control access to clipboard writing.
- () - Feature is disabled.
geolocation
Control access to geo location API.
- () - Feature is disabled.
gyroscope
Control access to gyroscope API.
- () - Feature is disabled.
hid
Problems were found.
- Unknown option
- () - Feature is disabled.
interest-cohort
Control access to Federated Learning of Cohorts.
- () - Feature is disabled.
magnetometer
Control access to magnetometer API.
- () - Feature is disabled.
microphone
Control access to microphone device.
- () - Feature is disabled.
payment
Control access to payment request API.
- () - Feature is disabled.
publickey-credentials-get
Control access to web authentication API.
- () - Feature is disabled.
screen-wake-lock
Control access to screen wake lock API.
- () - Feature is disabled.
serial
Problems were found.
- Unknown option
- () - Feature is disabled.
sync-xhr
Control access to XMLHttpRequests.
- () - Feature is disabled.
usb
Control access to web USB API.
- () - Feature is disabled.
- Referrer-Policy
same-origin
Controls what referrer information is sent with requests.
same-origin - Send the full referrer for same origin requests, and nothing for cross-origin.
- Server-Timing
chlray;desc="960b20afef73c466"
Server metrics for the request.
Chlray
960b20afef73c466
- Server-Timing
cfEdge;dur=23,cfOrigin;dur=0
Server metrics for the request.
Cfedge
- dur - 23
Cforigin
- dur - 0
Problems were detected with this header
- Duplicate header. There is another header with this name and this may cause problems.
- X-Content-Type-Options
nosniff
Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
nosniff - Block requests if type 'style' or 'script'.
- X-Frame-Options
SAMEORIGIN
Clickjacking protection.
SAMEORIGIN - No rendering if origin mismatch.
- Cache-Control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Inform all caching mechanisms from server to client whether they may cache this object.
private
May only be stored by a browser cache.
Max-Age
0
The time a browser should remember a site can only be accessed with https (seconds).
no-store
May not be stored by any cache.
no-cache
May be stored by any cache but must be validated by the server.
must-revalidate
Stale caches must not be used.
post-check
0
Problems were found.
- Option is not one of known values.
pre-check
0
Problems were found.
- Option is not one of known values.
- Expires
Thu, 01 Jan 1970 00:00:01 GMT
The time at which the response is considered stale.
- Speculation-Rules
"/cdn-cgi/speculation"
- Expect-Ct
max-age=86400, enforce
Used by a server to indicate that UAs should evaluate connections to the host emitting the header field for CT compliance.
Max-Age
86400 (1 day)
The time after receiving this header that the client should use the header value (seconds).
enforce
Tell client to refuse future connections that violate the CT policy.
- X-Xss-Protection
1; mode=block
Cross-site scripting (XSS) filter.
1
Enable XSS filtering.
Mode
Filtering mode.
- block - Block page if XSS is detected.
- Report-To
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pieftyiGTpnKHUKcciECMekJEA9c3hMEFG3NDEWDtokgMcMl2AlZ4FS4l3yeJDLqbauFYERiriR20o2104IWxHrXh8HwnAK0YEht0Mox"}]}
Report to.
Group
cf-nel
Max_age
604800
Endpoints
- {"url":"https://a.nel.cloudflare.com/report/v4?s=pieftyiGTpnKHUKcciECMekJEA9c3hMEFG3NDEWDtokgMcMl2AlZ4FS4l3yeJDLqbauFYERiriR20o2104IWxHrXh8HwnAK0YEht0Mox"}
- Nel
{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Configure network request logging.
Report_to
cf-nel
Success_fraction
0Max_age
604800
- Server
cloudflare
A name for the server.
cloudflare - Description of the server software.
- Cf-Ray
960b20afef73c466-EWR
Encoded information about your request from Cloudflare.
- Alt-Svc
h3=":443"; ma=86400
Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.
Service
- h3 - :443
Service
- ma - 86400 (1 day)
Max age for the alternative (seconds).
- ma - 86400 (1 day)