Skip to content
D1
EN
EnglishРусскийEspañolFrançaisPortuguêsDeutsch

Web response audit

github.com HTTP headers

SEO page with a cached HTTP response header and security signals check.

Check another URL

Results

Status

200

Final URL

https://github.com

Accept-Ranges

bytes

Cache-Control

max-age=0, private, must-revalidate

Content-Language

en-US

Content-Security-Policy

default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net productionresultssa1.blob.core.windows.net productionresultssa2.blob.core.windows.net productionresultssa3.blob.core.windows.net productionresultssa4.blob.core.windows.net productionresultssa5.blob.core.windows.net productionresultssa6.blob.core.windows.net productionresultssa7.blob.core.windows.net productionresultssa8.blob.core.windows.net productionresultssa9.blob.core.windows.net productionresultssa10.blob.core.windows.net productionresultssa11.blob.core.windows.net productionresultssa12.blob.core.windows.net productionresultssa13.blob.core.windows.net productionresultssa14.blob.core.windows.net productionresultssa15.blob.core.windows.net productionresultssa16.blob.core.windows.net productionresultssa17.blob.core.windows.net productionresultssa18.blob.core.windows.net productionresultssa19.blob.core.windows.net github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube-nocookie.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com user-images.githubusercontent.com private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com explore-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com images.ctfassets.net/8aevphvgewt8/; manifest-src 'self'; media-src github.com user-images.githubusercontent.com secured-user-images.githubusercontent.com private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com assets.ctfassets.net/8aevphvgewt8/ videos.ctfassets.net/8aevphvgewt8/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/

Content-Type

text/html; charset=utf-8

Date

Thu, 11 Jun 2026 12:26:47 GMT

Etag

W/"37dd329369e666f3a1b85f7de3cbc108"

Referrer-Policy

origin-when-cross-origin, strict-origin-when-cross-origin

Server

github.com

Set-Cookie

_gh_sess=6RxGOtNZBI%2FZHuJpLhkWKSfwj7%2FWoZmbC3iLskOb%2Fy82C7xp5HgSl6%2FvyEdmv%2FKjqRy1DUzHkUfmzdcfErCXxb0hpbNmgQK1NcLM%2Fl3F5vHfcB5GU9iwV1hLluz%2FweT0zzF2KxeVUQb%2B71q%2BXo9npJOXy4WZAyNSzguMaXrfM2ZzBW%2BDCOXUFI8LT%2Bp8Zc6lFJHT96RXXuNTvFM8fhSA7vGeW9tkr7mPuJHavuyDoSD%2FjblANp8wuPAhY5JkhY2zHXUikq6r9XBO4Ml0IXhYMQ%3D%3D--VYY3ln1u1h26d7Yh--LW5aL1h5vkao5Unqa9qbPQ%3D%3D; path=/; HttpOnly; secure; SameSite=Lax, _octo=GH1.1.2111437739.1781180809; expires=Fri, 11 Jun 2027 12:26:49 GMT; domain=.github.com; path=/; secure; SameSite=Lax, logged_in=no; expires=Fri, 11 Jun 2027 12:26:49 GMT; domain=.github.com; path=/; HttpOnly; secure; SameSite=Lax

Strict-Transport-Security

max-age=31536000; includeSubdomains; preload

Vary

X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With, Accept-Language, Sec-Fetch-Site,Accept-Encoding, Accept, X-Requested-With

X-Content-Type-Options

nosniff

X-Frame-Options

deny

X-Github-Request-Id

D5E0:161A70:128B36:F544D:6A2AA989

X-Xss-Protection

0

Tool switcher

Continue with another check

Same target (github.com) — open the next tool without retyping.

Full tool catalog

Study notes

Related articles

Short guides for common searches around HTTP Header Checker. Written like lab notes, not marketing.

Back to HTTP Header Checker