DNS Gurus
Cached · just now
29 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=2628000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding, User-Agent

Caching Headers

1 headers
Cache-Control
Caching
private, max-age=0, no-cache, no-store, must-revalidate

Content Headers

1 headers
Content-Type
Content
text/html; charset=utf-8

Server Headers

1 headers
X-Powered-By
Server
Express

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
bm_sz=F22D84723ABF1FC60C7086C1CFE0D2F9~YAAQLGQwF5D6pMGbAQAAi92kBR5Vgiq406REPXtL8+1lUnwuw8l4FGY4kgwjFD3TS89TtPdLN2jKIwgvyfZEIzeGIm9bBQd4kvLcAXUsj4YfgySoFhfml+DhjDmPJVXDNCwmw+b5IJ/5TAPmm9lX+hPCOJhNCa69bguuWZWeLgyaRyspA/80+0yONf+IjRGLqBPbVv5UgJ4rg24ktlt6MSLlWnvDWcodUPSTSc9Md0xl1Y/XzlFovIxnycT0VDGaNSTfCpzYeTszlbWMX/Q7I3h5hcl2Q87hWERz/VCvwHCAtNwDNOiWZ3Y4iaiA+TLf1kXaIrZjoVi72Q2Oq7tmBttqVzRrS+6b+kAg4jt9~3487046~3748403; Domain=.groupon.de; Path=/; Expires=Wed, 28 Jan 2026 21:26:54 GMT; Max-Age=14398

Other Headers

20 headers
Date
Other
Wed, 28 Jan 2026 17:26:56 GMT
Link
Other
<https://www2.grouponcdn.com/browse/assets/home_desktop-f7805b283e.css>; rel=preload; as=style, <https://www2.grouponcdn.com/browse/assets/home_desktop-7509b6ffb1.js>; rel=preload; as=script
Server-Timing
Other
rReq;dur=1692, rCon;dur=0, rHdr;dur=1692, hbi;dur=1653
X-Akamai-Transformed
Other
0 - 0 -
X-Application
Other
Pull-Itier
X-B-Cookie
Other
e2f0bc2c-07b1-4717-b0bc-2c07b1c717e2
X-B3-Traceid
Other
d00c08b89d244e0e83bf6bd66ea88616
X-Destination
Other
tls_conveyor_pull_itier
X-Envoy-Upstream-Service-Time
Other
1694
X-External-Request-Id
Other
true
X-Forwarded-Proto
Other
https
X-Mtls-Upstream-Time
Other
1653
X-Original-Request-Id
Other
d00c08b8-9d24-4e0e-83bf-6bd66ea88616
X-Page-Id
Other
ef0c4d41-631a-41b5-8c4d-41631aa1b543-1769621214898-TH0
X-Request-Id
Other
d00c08b8-9d24-4e0e-83bf-6bd66ea88616,d00c08b8-9d24-4e0e-83bf-6bd66ea88616
X-Request-Originated-From
Other
envoy-tls-side-car--ingress-https
X-Response-Served-From
Other
routing-service--public--eu-west-1--conveyor-production49
X-S-Cookie
Other
ef0c4d41-631a-41b5-8c4d-41631aa1b543
X-Signifyd-Cookie
Other
c5939f92-4e14-471c-939f-924e14d71c29
X-Ua-Compatible
Other
IE=edge,chrome=1

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology