HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
403
Total Requests
1
Total Time
33 ms

  • https://www.panorays.com/

    Status
    403
    Message
    Forbidden
    Time
    33 ms
  • IP
    104.20.21.131
    View Map

  • Timing

    Wait

    1 ms

    DNS

    11 ms

    TCP

    2 ms

    Request

    1 ms

    First Byte

    10 ms

    Download

    0 ms

    Total

    33 ms

  • HTTP Headers

    Date

    Thu, 11 Dec 2025 13:12:36 GMT

    The date and time that the message was sent.

    Content-Type

    text/html; charset=UTF-8

    The MIME type of this content.

    • Type

      text/html

    • Description

      HTML file

    • Charset

      UTF-8

    Connection

    keep-alive

    Control options for the current connection and list of hop-by-hop response fields.

    keep-alive - The client would like to keep the connection open.

    Cache-Control

    private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0

    Inform all caching mechanisms from server to client whether they may cache this object.

    • private

      May only be stored by a browser cache.

    • Max-Age

      0

      The time a browser should remember a site can only be accessed with https (seconds).

    • no-store

      May not be stored by any cache.

    • no-cache

      May be stored by any cache but must be validated by the server.

    • must-revalidate

      Stale caches must not be used.

    • post-check

      0

      Problems were found.

      • Option is not one of known values.

    • pre-check

      0

      Problems were found.

      • Option is not one of known values.
    Expires

    Thu, 01 Jan 1970 00:00:01 GMT

    The time at which the response is considered stale.

    Referrer-Policy

    same-origin

    Controls what referrer information is sent with requests.

    same-origin - Send the full referrer for same origin requests, and nothing for cross-origin.

    X-Frame-Options

    SAMEORIGIN

    Clickjacking protection.

    SAMEORIGIN - No rendering if origin mismatch.

    Strict-Transport-Security

    max-age=15552000

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      15552000 (180 days)

      The time a browser should remember a site can only be accessed with https (seconds).

    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    Expect-Ct

    max-age=86400, enforce

    Used by a server to indicate that UAs should evaluate connections to the host emitting the header field for CT compliance.

    • Max-Age

      86400 (1 day)

      The time after receiving this header that the client should use the header value (seconds).

    • enforce

      Tell client to refuse future connections that violate the CT policy.

    X-Xss-Protection

    1; mode=block

    Cross-site scripting (XSS) filter.

    • 1

      Enable XSS filtering.

    • Mode

      Filtering mode.

      • block - Block page if XSS is detected.
    Server

    cloudflare

    A name for the server.

    cloudflare - Description of the server software.

    Cf-Ray

    9ac53c0bdb0142e3-EWR

    Encoded information about your request from Cloudflare.