instagram.com | Analytics by SecurityHeaders

HTTP Headers report for instagram.com

Header Name Header Data
HTTP status code 200
Content-Type text/html; charset="utf-8"
Set-Cookie csrftoken=3_UwFAwEmBjj7OSWocKgCx; expires=Fri, 03-Apr-2026 22:05:00 GMT; Max-Age=31449600; path=/; domain=.instagram.com; secure; SameSite=None
Accept-Ch viewport-width,dpr,Sec-CH-Prefers-Color-Scheme,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
Pragma no-cache
Cache-Control private, no-cache, no-store, must-revalidate
X-Frame-Options DENY
Cross-Origin-Opener-Policy same-origin-allow-popups
Vary Sec-Fetch-Site, Sec-Fetch-Mode
X-Fb-Debug HEssIWtiC2ClRQW9E5qF/lLqhTxVKcU/mTcnEnbq1uTGVYxsoe6muAd85nz/trh+wwQ1trKqdTVx3kTVcRnjdg==
Date Fri, 04 Apr 2025 22:05:00 GMT
Reporting-Endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.instagram.com/error/ig_web_error_reports/?device_level=unknown&cpp=C3&cv=1021588570&st=1743804300875"
Origin-Agent-Cluster ?1
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Stack www
X-Fb-Connection-Quality UNKNOWN; q=-1, rtt=-1, rtx=0, c=13, mss=1380, tbw=3495, tp=-1, tpl=-1, uplat=197, ullat=0
Connection keep-alive
Accept-Ch-Lifetime 4838400
Cross-Origin-Embedder-Policy-Report-Only require-corp;report-to="coep_report"
X-Xss-Protection 0
Report-To {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.instagram.com\/error\/ig_web_error_reports\/?device_level=unknown&cpp=C3&cv=1021588570&st=1743804300875"}]}
Expires Sat, 01 Jan 2000 00:00:00 GMT
Content-Security-Policy default-src *.facebook.com *.fbcdn.net *.instagram.com blob:;script-src *.instagram.com static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-rFfasGJL' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src *.instagram.com static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com;connect-src *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self';font-src *.instagram.com static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: *.cdninstagram.com *.whatsapp.net blob: *.fbsbx.com android-webview-video-poster: *.oculuscdn.com *.giphy.com www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk https://www.gstatic.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;child-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data: www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk;manifest-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;object-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
Alt-Svc h3=":443"; ma=86400

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar