DNS Gurus
Open Cached · just now
23 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
default-src; child-src; connect-src; +8 more
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Improve CSP by adding more specific directives and removing 'unsafe-inline'
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked
Vary
Performance
Origin

Caching Headers

1 headers
Cache-Control
Caching
max-age=0, private, must-revalidate

Content Headers

1 headers
Content-Type
Content
text/html; charset=utf-8

Server Headers

2 headers
Server
Server
cloudflare
X-Runtime
Server
0.018513

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
_gumroad_app_session=inH5FwIu5ptG4pILcNjAltjUDjSzD1XOPX%2FcyZHRKXmVpAOSd%2Bj0vbxRWutkQpZP0tPucBwnZfYewgatv%2FeZgzwHkeRGRy1d0KzMeI6Pi0vrfVmrpgpGiMufnEna2k6xqSzdzvw9bItbY%2FAj9foN6dcLjA2Y%2BmkeLru0KEMLlv0A4u%2FCaNPQAh8L46zbWf9j0xGHOyEyxSgYt6JSz12vyljJOB%2Bckn5LSFP%2Bmig7tK8yRRN2ZvpG6qRwoAL%2BRX%2F1Ncg04uKEyFwZwaXKVwWGzeWZEFc7MBiwotJ7SN2YOLZc8SC%2BDlFbIkRYw3RKYdeth7qsvvelJL35jih6w160x%2FzpgNCRT0t9jehIAQkCdFT3XorauuGwa%2FCuC2Yi0Q%3D%3D--2lOHOzJ7EyHJD5nV--qG03GPWYydCnKNmFQiY34g%3D%3D; domain=gumroad.com; path=/; expires=Sun, 14 Dec 2025 05:04:36 GMT; secure; httponly; samesite=lax

Other Headers

11 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
99e3f8151b7cd641-IAD
Date
Other
Fri, 14 Nov 2025 05:04:36 GMT
Link
Other
<https://assets.gumroad.com/packs/css/design-57372471.css>; rel=preload; as=style; crossorigin=anonymous; nopush,<https://assets.gumroad.com/assets/application-cbf244e9109e70d7b04497041636f00173a1e588f9b879b3a3ef11f8dfb86e5c.js>; rel=preload; as=script; nopush
X-Download-Options
Other
noopen
X-Gr
Other
PROD
X-Original-Headers-Class
Other
Hash
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
288a1bfb-165f-402f-9c6b-77ed2bed2539
X-Revision
Other
a2934837f23e

Recommendations

Enable compression (gzip/brotli) to improve performance

Analysis completed in 73ms