DNS Gurus
Cached · just now
23 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Weak
frame-ancestors
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), gyroscope=(), magnetometer=(), screen-wake-lock=()
Recommendations
  • Consider adding 'preload' to HSTS for maximum security
  • Significantly strengthen CSP directives

Performance Headers

2 headers
Connection
Performance
close
Vary
Performance
Accept-Encoding, host

Caching Headers

4 headers
Cache-Control
Caching
public, stale-while-revalidate=900, max-age=900
Etag
Caching
"Wa4ZxwTOOAJF"
Expires
Caching
Tue, 30 Dec 2025 23:47:00 GMT
Last-Modified
Caching
Tue, 30 Dec 2025 23:29:00 GMT

Content Headers

2 headers
Content-Length
Content
529651
Content-Type
Content
text/html; charset=utf-8

Server Headers

0 headers
No server headers found

CORS Headers

1 headers
Access-Control-Allow-Origin
Cors
*

Cookies Headers

1 headers
Set-Cookie
Cookies
browserId=cf09b4f6-7d19-4baa-b40b-e97a39636581; domain=intune.microsoft.us; path=/; secure; HttpOnly; SameSite=None

Other Headers

6 headers
Content-Security-Policy-Report-Only
Other
report-to csp-endpoint; default-src 'none'; base-uri 'self'; form-action https:; object-src 'none'; img-src https: data: blob: http:; font-src https: data:; media-src https: data: blob: https://www.youtube-nocookie.com; connect-src https: wss: http: data: https://graph.microsoft.com; manifest-src 'self' https://*.azure.com https://*.microsoft.com; child-src 'none'; frame-src https: http: blob: data: mailto: storageexplorer: vscode: azuredatastudio: vstfs: ftp: ftps: sftp: adlalink: adl: asalink: vsweb: bfcomposer: ms-quick-assist: ms-remote-help:; worker-src 'self' blob:; style-src 'unsafe-inline' https: 'report-sample'; style-src-elem 'unsafe-inline' https: 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; script-src 'unsafe-eval' 'report-sample'; script-src-elem 'unsafe-inline' https: blob: 'report-sample' https://*.azure.com https://*.microsoft.com https://*.msftauth.net; script-src-attr 'unsafe-inline' 'report-sample'
Date
Other
Tue, 30 Dec 2025 23:30:18 GMT
Reporting-Endpoints
Other
csp-endpoint="https://csp.microsoft.com/report/AzurePortal"
Timing-Allow-Origin
Other
*
X-Ms-Content-Source
Other
Runtime
X-Ms-Version
Other
16.192.4.1

Recommendations

Enable compression (gzip/brotli) to improve performance