HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
200
Total Requests
1
Total Time
3213 ms
  • IP
    147.79.79.89
    View Map

  • Timing

    Wait

    0 ms

    DNS

    73 ms

    TCP

    12 ms

    Request

    1 ms

    First Byte

    3110 ms

    Download

    1 ms

    Total

    3213 ms

  • HTTP Headers

    Date

    Tue, 26 May 2026 06:46:12 GMT

    The date and time that the message was sent.

    Content-Type

    text/html; charset=UTF-8

    The MIME type of this content.

    Problems were detected with this header

    • Unknown MIME type.
    Connection

    keep-alive

    Control options for the current connection and list of hop-by-hop response fields.

    keep-alive - The client would like to keep the connection open.

    Vary

    Accept-Encoding

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • Accept-Encoding
    X-Powered-By

    PHP/8.2.30

    The software powering this site.

    X-Xss-Protection

    1; mode=block

    Cross-site scripting (XSS) filter.

    • 1

      Enable XSS filtering.

    • Mode

      Filtering mode.

      • block - Block page if XSS is detected.
    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    Strict-Transport-Security

    max-age=31536000; includeSubDomains

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      31536000 (1 year)

      The time a browser should remember a site can only be accessed with https (seconds).

    • includesubdomains

      max-age applies to subdomains as well.

    Referrer-Policy

    strict-origin-when-cross-origin

    Controls what referrer information is sent with requests.

    strict-origin-when-cross-origin - Send the full referrer for a same origin request. Send the origin only for cross-domain requests where the protocol level is the same. Otherwise do not send the referrer.

    X-Frame-Options

    sameorigin

    Clickjacking protection.

    sameorigin - No rendering if origin mismatch.

    Link

    <https://www.thekeylab.co.uk/wp-json/>; rel="https://api.w.org/"

    Used to express a typed relationship with another resource.

    Link

    <https://www.thekeylab.co.uk/wp-json/wp/v2/pages/5013>; rel="alternate"; title="JSON"; type="application/json"

    Used to express a typed relationship with another resource.

    Link

    <https://www.thekeylab.co.uk/?p=5013>; rel=shortlink

    Used to express a typed relationship with another resource.

    Platform

    hostinger

    Panel

    hpanel

    Content-Security-Policy

    upgrade-insecure-requests

    The content security policy allows the server to determine what resources the user is allowed to load.

    upgrade-insecure-requests - Treat insecure URLs as though they are secure.

    Server

    hcdn

    A name for the server.

    hcdn - Description of the server software.

    Alt-Svc

    h3=":443"; ma=86400

    Indicate a resource should be loaded from a different server while still appearing to be loaded from this server.

    • Service

      • h3 - :443

    • Service

      • ma - 86400 (1 day)

        Max age for the alternative (seconds).

    X-Hcdn-Request-Id

    c581efd915aa5a280c6969d8561ab6e4-bos-edge5

    X-Hcdn-Cache-Status

    DYNAMIC

    X-Hcdn-Upstream-Rt

    3.099