DNS Gurus
Cached · just now
27 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Weak
frame-ancestors
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
  • Significantly strengthen CSP directives
  • Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding, Origin

Caching Headers

3 headers
Age
Caching
73298
Cache-Control
Caching
max-age=0, private, must-revalidate
Last-Modified
Caching
Fri, 02 Jan 2026 19:59:15 GMT

Content Headers

1 headers
Content-Type
Content
text/html

Server Headers

2 headers
Server
Server
cloudflare
X-Runtime
Server
0.171211

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
__cf_bm=1DM6ya6QZYzdhKcl2.jozmgSO.8HDB5br.oxoZe9qXE-1767457253-1.0.1.1-FnBafUtyPA08eTw3Kh12A0a4ETQSnDARmN1As644Fz4YbwgFBnPk98_ErPVwJpbMoCRQAAB365GOhtCTTR4697NR3LUKMyeEl.5nX6ux6hs; path=/; expires=Sat, 03-Jan-26 16:50:53 GMT; domain=.rootly.com; HttpOnly; Secure; SameSite=None

Other Headers

11 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9b83d37a6dda05b3-IAD
Content-Security-Policy-Report-Only
Other
default-src 'none'; base-uri 'self'; child-src 'self' https:; connect-src 'self' https: https://*.usepylon.com wss://*.pusher.com wss://*.collab.tiptap.cloud; font-src 'self' https: data: https://*.usepylon.com; form-action 'self' https:; frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com teams.cloud.microsoft *.datadoghq.com; frame-src 'self' https:; img-src 'self' https: data: blob: https://*.usepylon.com https://pylon-avatars.s3.us-west-1.amazonaws.com https://d3vl36l12sfx26.cloudfront.net; manifest-src 'self'; media-src 'self' https: data:; script-src 'self' https: https://widget.usepylon.com unpkg.com cdn.tailwindcss.com www.googletagmanager.com *.rootly.com cdn.jsdelivr.net *.rootly.net.cn api.segment.io cdn.segment.com 'nonce-BdsKxaro7T7OvlQSVWWRYQ=='; script-src-elem www.googletagmanager.com; style-src 'self' https: 'unsafe-inline' https://*.usepylon.com; worker-src 'self' https:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubcc1b8f1c2f10afdc6b082eb2129d0b40&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=environment:production&service:rootly-api
Date
Other
Sat, 03 Jan 2026 16:20:53 GMT
Surrogate-Control
Other
max-age=432000
Surrogate-Key
Other
webflow.rootly.com 65eb28a668c15a253c5417a6 pageId:68aac9a4fb7e86bf4cfd2caf 65eead504a77785f4df7dca4 65f0353e536fb555d0e6eed5 66600c304354301e7cb1f505 661e53cbc8ac093dfc5e0d73
X-Cluster-Name
Other
us-east-1-prod-hosting-red
X-Lambda-Id
Other
37c6b00b-3f57-4dcd-a821-d74e3820b979
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
8349a860-aa65-4757-9c0e-bf047d1beaf5

Recommendations

Enable compression (gzip/brotli) to improve performance