DNS Gurus
Open Cached · just now
26 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Weak
frame-ancestors
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Significantly strengthen CSP directives
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers
Connection
Performance
keep-alive
Vary
Performance
accept-encoding

Caching Headers

3 headers
Age
Caching
858016
Etag
Caching
W/"b262-eYtKHP6DzKBlk1gcJt9V5LWaJXU"
Last-Modified
Caching
Tue, 04 Nov 2025 19:25:35 GMT

Content Headers

2 headers
Content-Length
Content
45666
Content-Type
Content
text/html; charset=utf-8

Server Headers

2 headers
Server
Server
Heroku
X-Powered-By
Server
Express

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
_cfuvid=wINcBtVrTOK6fn.AAVnkldWLtLdlm.6qQlGvvtf9QcQ-1763142352270-0.0.1.1-604800000; path=/; domain=.b65c2c88-getintheloop-can-webflow.getintheloop.ca; HttpOnly; Secure; SameSite=None

Other Headers

13 headers
Cf-Cache-Status
Other
HIT
Cf-Ray
Other
99e85335484dad34-IAD
Date
Other
Fri, 14 Nov 2025 17:45:52 GMT
Nel
Other
{"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
Report-To
Other
{"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=ftQ4kGmrho%2BJXTzKqbU%2FvlL1e9ZRWAB8DgVmE0kXaug%3D\u0026sid=af571f24-03ee-46d1-9f90-ab9030c2c74c\u0026ts=1763142352"}],"max_age":3600}
Reporting-Endpoints
Other
heroku-nel="https://nel.heroku.com/reports?s=ftQ4kGmrho%2BJXTzKqbU%2FvlL1e9ZRWAB8DgVmE0kXaug%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1763142352"
Surrogate-Control
Other
max-age=2147483647
Surrogate-Key
Other
b65c2c88-getintheloop-can-webflow.getintheloop.ca 615f6caea1659fda94c0006a pageId:663e57546c448a1264dd2e34
Via
Other
1.1 heroku-router, 1.1 cf7e8b3887a490b60a55be14eb004b54.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Other
wa0xSKFvi5U_A9o5hO2OEsbTxoOnouhG9Q86fptSQT8e9pV-VgGhzQ==
X-Amz-Cf-Pop
Other
IAD55-P5
X-Cache
Other
Miss from cloudfront
X-Lambda-Id
Other
534e394f-5696-44e9-a56e-b1344aa6cd75

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching

Consider removing X-Powered-By header to hide server technology

Analysis completed in 214ms