DNS Gurus
Open Cached · just now
24 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
script-src; object-src; base-uri; +8 more
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
accelerometer=self, attribution-reporting=*, autoplay=self, bluetooth=self, browsing-topics=*, camera=self, compute-pressure=self, display-capture=self, encrypted-media=self, fullscreen=self, gamepad=self, geolocation=self, gyroscope=self, hid=self, identity-credentials-get=self, idle-detection=self, local-fonts=self, magnetometer=self, microphone=self, midi=self, otp-credentials=self, picture-in-picture=*, publickey-credentials-create=self, publickey-credentials-get=self, screen-wake-lock=self, serial=self, storage-access=*, usb=self, web-share=self, window-management=self, xr-spatial-tracking=self
Recommendations
  • Improve CSP by adding more specific directives and removing 'unsafe-inline'
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

Performance Headers

3 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked
Vary
Performance
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch

Caching Headers

1 headers
Cache-Control
Caching
private, no-cache, no-store, max-age=0, must-revalidate

Content Headers

1 headers
Content-Type
Content
text/html; charset=utf-8

Server Headers

2 headers
Server
Server
cloudflare
X-Powered-By
Server
Next.js

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
__cf_bm=aEj2MWOOBwNC1gt9nv_w6L8n61UupQzGMaGuz9uZw8w-1762136573-1.0.1.1-m0ikPN97ETw1aN_DkvoYGew6X97hRSe21SBNLoW_VpDaK6I.ndX1XPvo3M2ScJ1lf4xN1pj_zbUZ3N3WWez1nF.dfSQAQHxt2cghad6M30E; path=/; expires=Mon, 03-Nov-25 02:52:53 GMT; domain=.claude.ai; HttpOnly; Secure; SameSite=None

Other Headers

8 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
998868115e29b41c-IAD
Date
Other
Mon, 03 Nov 2025 02:22:53 GMT
Link
Other
</_next/static/media/18f7e26d8fc3ca09-s.p.woff2>; rel=preload; as="font"; crossorigin=""; nonce="/jV/LGC4dKm1Dg4hUT2VDw=="; type="font/woff2", </_next/static/media/202112071e5d7466-s.p.woff2>; rel=preload; as="font"; crossorigin=""; nonce="/jV/LGC4dKm1Dg4hUT2VDw=="; type="font/woff2", </_next/static/media/54e05bce7a25fe9c-s.p.woff2>; rel=preload; as="font"; crossorigin=""; nonce="/jV/LGC4dKm1Dg4hUT2VDw=="; type="font/woff2", </_next/static/media/73af0ef16113246e-s.p.woff2>; rel=preload; as="font"; crossorigin=""; nonce="/jV/LGC4dKm1Dg4hUT2VDw=="; type="font/woff2", </_next/static/media/a0eafab536ffd221-s.p.woff2>; rel=preload; as="font"; crossorigin=""; nonce="/jV/LGC4dKm1Dg4hUT2VDw=="; type="font/woff2", </_next/static/media/a72997480c14a9d4-s.p.woff2>; rel=preload; as="font"; crossorigin=""; nonce="/jV/LGC4dKm1Dg4hUT2VDw=="; type="font/woff2", </_next/static/media/b8c97ebabd0473a4-s.p.woff2>; rel=preload; as="font"; crossorigin=""; nonce="/jV/LGC4dKm1Dg4hUT2VDw=="; type="font/woff2", </_next/static/media/b96accb76593e50d-s.p.woff2>; rel=preload; as="font"; crossorigin=""; nonce="/jV/LGC4dKm1Dg4hUT2VDw=="; type="font/woff2", </_next/static/media/d4ad98ce6ee578c0-s.p.woff2>; rel=preload; as="font"; crossorigin=""; nonce="/jV/LGC4dKm1Dg4hUT2VDw=="; type="font/woff2", </_next/static/css/b3152fa1bdafab10.css>; rel=preload; as="style"; nonce="/jV/LGC4dKm1Dg4hUT2VDw==", </_next/static/css/3ed1fd6af7fd36eb.css>; rel=preload; as="style"; nonce="/jV/LGC4dKm1Dg4hUT2VDw==", </_next/static/css/d6bd087f08a7f52f.css>; rel=preload; as="style"; nonce="/jV/LGC4dKm1Dg4hUT2VDw==", </_next/static/css/da25616fcf863192.css>; rel=preload; as="style"; nonce="/jV/LGC4dKm1Dg4hUT2VDw==", </_next/static/css/4679f5511a5b0b9e.css>; rel=preload; as="style"; nonce="/jV/LGC4dKm1Dg4hUT2VDw=="
Via
Other
1.1 google
X-Activity-Session-Id
Other
69e899c3-4032-4e63-9ba9-6cbaa4c2a2f6
X-Request-Pathname
Other
/

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology

Analysis completed in 452ms