DNS Gurus
Cached · 3h ago
20 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=2592000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
Accept-Encoding

Caching Headers

4 headers
Cache-Control
Caching
no-cache
Etag
Caching
"696aafab-7c3"
Expires
Caching
Thu, 01 Jan 1970 00:00:01 GMT
Last-Modified
Caching
Fri, 16 Jan 2026 21:37:47 GMT

Content Headers

2 headers
Content-Length
Content
1987
Content-Type
Content
text/html

Server Headers

1 headers
Server
Server
nginx

CORS Headers

0 headers
No CORS headers found

Cookies Headers

0 headers
No cookies headers found

Other Headers

4 headers
Content-Security-Policy-Report-Only
Other
connect-src 'self' wss://www.domainspot.com https://www.google-analytics.com/; default-src 'none'; font-src 'report-sample' 'self' https://fonts.gstatic.com; form-action 'report-sample' 'self'; frame-ancestors 'self'; frame-src 'self' https://js.stripe.com https://www.google.com https://td.doubleclick.net/; img-src 'report-sample' 'self' data: https://www.google.com; report-to default; report-uri https://www.tierra.net/special/report/csp; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://js.stripe.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com
Date
Other
Sat, 24 Jan 2026 15:44:24 GMT
Feature-Policy
Other
sync-xhr 'self'
Report-To
Other
{'group':'default','max_age':10886400,'endpoints':[{'url':'https://www.tierra.net/special/report/csp'}],'include_subdomains':true}

Recommendations

Enable compression (gzip/brotli) to improve performance