DNS Gurus
Cached · just now
12 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked

Caching Headers

2 headers
Cache-Control
Caching
no-cache, no-store
Pragma
Caching
no-cache

Content Headers

1 headers
Content-Type
Content
text/html; charset=utf-8

Server Headers

2 headers
Server
Server
Microsoft-IIS/10.0
X-Powered-By
Server
ASP.NET

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
.AspNetCore.Antiforgery.N2oQLmC5RQs=CfDJ8E3B4dRVNaJIi04sOZ2fx4TDPjBB57YIEHjymiI59AxxRweeY52sTPi7_SFIQOFaE_sM3jRNBr4iqDOFV-S5eoxOyr4E7JfNquAvoZnLR3j8A8cShmSQeepyGmlq8U8bhAbtSdF_i9TWldIwU7gEmxw; path=/; samesite=strict; httponly

Other Headers

2 headers
Content-Security-Policy-Report-Only
Other
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://acc.locaties.partou.nl https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://fpp.partou.nl https://googleads.g.doubleclick.net https://locaties.partou.nl https://projects.elitechnology.com https://www.googleadservices.com https://www.googletagmanager.com; style-src 'report-sample' 'self' 'unsafe-inline' https://acc.locaties.partou.nl https://locaties.partou.nl; object-src 'none'; base-uri 'self'; connect-src 'self' https://backoffice-api.acc.locaties.partou.nl https://backoffice-api.locaties.partou.nl wss://backoffice-api.acc.locaties.partou.nl wss://backoffice-api.locaties.partou.nl wss://cxcomlive-webconvwa-weu.azurewebsites.net https://bat.bing.com https://consentcdn.cookiebot.com https://fpp.partou.nl https://*.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://region1.analytics.google.com; font-src 'self' data: https://acc.locaties.partou.nl https://locaties.partou.nl https://www.cm.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com; img-src 'self' data: https://bat.bing.com https://img.youtube.com https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://tiles.stadiamaps.com https://www.facebook.com https://www.googletagmanager.com https://www.google.com https://www.google.nl; manifest-src 'self'; media-src 'self'; worker-src blob:;
Date
Other
Wed, 24 Dec 2025 14:57:42 GMT

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology

Analysis completed in 553ms