DNS Gurus
Cached · just now
26 Headers

Detected Technologies from Headers

See all in URL Inspect 41
PayPal logo PayPal AWS CloudFront logo AWS CloudFront Google AdSense logo Google AdSense Google Tag Manager logo Google Tag Manager Google Translate logo Google Translate Webflow logo Webflow CDN77 logo CDN77 Envoy logo Envoy Google DoubleClick logo Google DoubleClick Google Analytics logo Google Analytics Dropbox logo Dropbox Baidu Analytics logo Baidu Analytics Segment logo Segment Google Static File Front End logo Google Static File Front End LaunchDarkly logo LaunchDarkly Google API JS Client logo Google API JS Client Google Fonts logo Google Fonts Perplexity AI logo Perplexity AI Algolia logo Algolia Qualtrics logo Qualtrics unpkg logo unpkg Google Search logo Google Search Yandex logo Yandex Microsoft SharePoint logo Microsoft SharePoint Facebook logo Facebook Amazon S3 logo Amazon S3 OneTrust logo OneTrust GitHub logo GitHub Adobe Fonts (Typekit) logo Adobe Fonts (Typekit) Cloudflare CDNJS logo Cloudflare CDNJS AWS logo AWS Active incidents Vimeo logo Vimeo TrustArc logo TrustArc ipify logo ipify Zoho Mail logo Zoho Mail HubSpot logo HubSpot YouTube logo YouTube Font Awesome logo Font Awesome jsDelivr logo jsDelivr Google Cloud logo Google Cloud Express logo Express

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Missing
Not configured Analyze
Content-Security-Policy-Report-Only
AWS CloudFront logo
Basic
base-uri; block-all-mixed-content; connect-src; +10 more Analyze
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

Connection
Performance
close
Vary
Performance
Accept-Encoding

Caching Headers

Cache-Control
Caching
private,no-cache,no-store,pre-check=0,post-check=0,must-revalidate
Etag
Caching
W/"3f8a9-FVC428Nw+DM2oM89aTo8UoULmYQ"
Expires
Caching
-1
Pragma
Caching
no-cache

Content Headers

Content-Length
Content
260265
Content-Type
Content
text/html; charset=utf-8

Server Headers

Server
Envoy logo
Server
istio-envoy
X-Powered-By
Express logo
Server
Express

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie
Cookies

Other Headers

Date
Other
Mon, 01 Jun 2026 10:32:18 GMT
Intuit_tid
Other
1-6a1d5fb2-644629b10b8ecc644103b56e
Server-Timing
Other
pluginConfigs;dur=1.03,appMw;dur=0.02,ixpAssignments;dur=0.03,appPostAuthMw;dur=0.02,shellServiceMw;dur=3.19,totalMwExecTime;dur=50.16
X-Amzn-Trace-Id
AWS logo
Other
Root=1-6a1d5fb2-644629b10b8ecc644103b56e
X-Dns-Prefetch-Control
Other
off
X-Download-Options
Other
noopen
X-Envoy-Upstream-Service-Time
Envoy logo
Other
70
X-Intuit-Upstream-Locality-Region
Other
us-west-2
X-Request-Id
Other
1-6a1d5fb2-644629b10b8ecc644103b56e
X-Spanid
Other
b8989595-01d7-cbc7-bf2a-4da98559ba94

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology