HTTP Headers for booking.com

Responds with HTTP 202 Accepted from CloudFront — 1 of 6 security headers present.

Domain to Check

202 Acceptedhttps://booking.com/

Security Headers1/6

HSTS

CSP

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

All Response Headers (17)

accept-chECT

access-control-allow-methodsOPTIONS,GET,POST

access-control-allow-origin*

access-control-expose-headersx-amzn-waf-action

access-control-max-age86400

cache-controlno-store, max-age=0

connectionclose

content-length0

content-typetext/html; charset=UTF-8

dateFri, 24 Apr 2026 15:43:19 GMT

serverCloudFront

strict-transport-securitymax-age=63072000; includeSubDomains; preload

via1.1 790dd2637efddd54756eabb102d0e234.cloudfront.net (CloudFront)

x-amz-cf-idhm1Lu6wmDErQBLtEZehR8q4RGuIAmSCSRKL-NR3joCoxSxRQMze4UA==

x-amz-cf-popIAD61-P10

x-amzn-waf-actionchallenge

x-cacheError from cloudfront

Check any domain's SSL/TLS certificate — issuer, expiry, SANs, and cipher.

Searchable reference of all HTTP status codes with descriptions and use cases.

Look up WHOIS details for any domain or IP address.