DNS Gurus
Cached · just now
13 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Add Strict-Transport-Security header with max-age of at least 1 year
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked

Caching Headers

2 headers
Cache-Control
Caching
s-maxage=31536000, stale-while-revalidate
Etag
Caching
"17cs7tz7ag6oo9u"

Content Headers

1 headers
Content-Type
Content
text/html; charset=utf-8

Server Headers

1 headers
X-Powered-By
Server
Next.js

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
bm_sz=7111E55E344966CD99D7AB6D44B35D9F~YAAQp2QwF/K3UuSbAQAAjPjaDh54yc5OiVfef1tPP7S0AdBPO5J/k+1DphYxUXlqOwhUGNANQh6PKmqpP9FcccbecfAwfxEQIAgd3LSi5jGZDBE+ATCj+tiyErRQo7KmVQ7qD1ssWU8gjRkge7dmVPC4DAVid4YszA5kCSc/EsN/ccm+F9fOwrlJaA5stPLQvWZ3EXRcOBQi84zFEnBMVPGi38QncBHQw4UfplJD78njZbvs7imvXVtPT5edNbY5Ts5XfrEqHCmQPQ601fn4DMX5yrXrvq1Iins0rW7lVWIei7F34DoTPjpZ1pi5O32ArBnXGfsPG3OdC6omA+eFY4j98/VI8gmGQeH61K0=~4277557~4273990; Domain=.staples.com; Path=/; Expires=Fri, 30 Jan 2026 16:22:37 GMT; Max-Age=14400

Other Headers

6 headers
Date
Other
Fri, 30 Jan 2026 12:22:37 GMT
Request-Context
Other
appId=cid-v1:
Server-Timing
Other
ak_p; desc="1769775757250_389047463_2560798957_16554_9987_1_5_-";dur=1
X-Akamai-Transformed
Other
0 - 0 -
X-Nextjs-Cache
Other
HIT
Zipcodedebug
Other
Cookie=absent_BestGuess=present

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology