DNS Gurus
Open Cached · just now
24 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Weak
upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Significantly strengthen CSP directives
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

4 headers
Accept-Ranges
Performance
bytes
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding,Cookie

Caching Headers

4 headers
Age
Caching
1702
Cache-Control
Caching
no-store, no-cache, must-revalidate, max-age=0
Expires
Caching
Sat, 22 Nov 2025 07:37:02 GMT
Pragma
Caching
cache

Content Headers

1 headers
Content-Type
Content
text/html; charset=UTF-8

Server Headers

0 headers
No server headers found

CORS Headers

0 headers
No CORS headers found

Cookies Headers

0 headers
No cookies headers found

Other Headers

10 headers
Content-Security-Policy-Report-Only
Other
font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.iubenda.com *.criteo.com *.klaviyo.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.thron.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.iubenda.com *.klaviyo.com *.criteo.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com *.klarna.com *.thron.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.roeye.com *.iubenda.com *.criteo.com *.klaviyo.com *.thron.com *.cloudfront.net https://cdn.clerk.io int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://rum.hlx.page *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.jsdelivr.net *.chervo.com *.iubenda.com *.criteo.com *.klaviyo.com *.thron.com *.zdassets.com *.zendesk.com *.hotjar.com https://api.clerk.io https://cdn.clerk.io int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.chervo.com *.iubenda.com *.criteo.com *.klaviyo.com https://api.clerk.io https://cdn.clerk.io *.klarnacdn.net https://static.klaviyo.com maxcdn.bootstrapcdn.com *.thron.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.thron.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.iubenda.com *.criteo.com *.klaviyo.com *.thron.com *.zdassets.com *.zendesk.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.chervo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
Date
Other
Fri, 21 Nov 2025 08:05:25 GMT
Traceresponse
Other
00-1879f57769c4f954959719848b1b2068-c5f7a4eed6efd9cc-01
X-Cache
Other
MISS, HIT, MISS
X-Cache-Hits
Other
0, 7, 0
X-Debug-Info
Other
eyJyZXRyaWVzIjowfQ==
X-Esi
Other
1
X-Platform-Server
Other
i-0f6788829dc649d07
X-Served-By
Other
cache-fra-eddf8230123-FRA, cache-fra-eddf8230130-FRA, cache-pdk-kfty8610088-PDK
X-Timer
Other
S1763710622.315618,VS0,VE897

Recommendations

Enable compression (gzip/brotli) to improve performance

Analysis completed in 2523ms