DNS Gurus
Cached · just now
24 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers
Connection
Performance
close
Vary
Performance
Accept-Encoding

Caching Headers

4 headers
Cache-Control
Caching
private,no-cache,no-store,pre-check=0,post-check=0,must-revalidate
Etag
Caching
W/"d6cb-/17CPdKhTw1GrRwfTUk3qHbj6mc"
Expires
Caching
-1
Pragma
Caching
no-cache

Content Headers

2 headers
Content-Length
Content
54987
Content-Type
Content
text/html;charset=utf-8

Server Headers

2 headers
Server
Server
istio-envoy
X-Powered-By
Server
Express

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
hosted-shell=%7B%22clientId%22%3A%22523b888b-4e42-475f-9287-1a5088b69928%22%7D; Path=/; Expires=Wed, 23 Jan 2036 17:25:38 GMT; HttpOnly; Secure

Other Headers

10 headers
Content-Security-Policy-Report-Only
Other
child-src https://www.intuitlabs.com; connect-src 'self' https://*.intuit.com https://*.intuit.com:* https://*.intuitcdn.net:* https://*.intuitlabs.com:* https://hosted-shell-assets-us-west-2.s3.us-west-2.amazonaws.com wss://plugin-localhost.intuitcdn.net:* wss://plugin.intuitcdn.net:* https://*.intuit.net https://www.intuitlabs.com; default-src 'self' https://*.intuit.com https://*.intuitcdn.net:* https://*.intuitlabs.com https://www.intuitlabs.com; font-src 'self' https://*.intuit.com https://*.intuitcdn.net:* https://*.intuitlabs.com https://www.intuitlabs.com; frame-src https://*.intuitcdn.net https://*.intuit.com https://*.intuitlabs.com https://www.intuitlabs.com; img-src 'self' https://*.intuit.com https://*.intuitcdn.net:* https://*.intuitlabs.com https://www.intuitlabs.com; object-src 'self' https://*.intuitcdn.net https://*.intuit.com https://*.intuitlabs.com https://www.intuitlabs.com; report-uri https://csp.intuit.com/v1/6275783674071652652; script-src 'self' https://*.intuit.com https://*.intuitcdn.net:* https://*.intuitlabs.com https://www.intuitlabs.com 'nonce-VubhwGotMBaKWdCvRvOD0Q=='; style-src 'self' https://*.intuitcdn.net:* https://*.intuit.com https://*.intuitlabs.com https://www.intuitlabs.com; worker-src 'self' blob:;
Date
Other
Sun, 25 Jan 2026 17:25:38 GMT
Intuit_tid
Other
1-69765212-5675355626d97f5759a941de
Server-Timing
Other
pluginConfigs;dur=0.75,appMw;dur=0.02,ixpAssignments;dur=0.02,appPostAuthMw;dur=0.01,shellServiceMw;dur=1.20,totalMwExecTime;dur=12.26
X-Amzn-Trace-Id
Other
Root=1-69765212-5675355626d97f5759a941de
X-Dns-Prefetch-Control
Other
off
X-Download-Options
Other
noopen
X-Envoy-Upstream-Service-Time
Other
16
X-Request-Id
Other
1-69765212-5675355626d97f5759a941de
X-Spanid
Other
ec9a57b8-1e6e-42e0-5227-54a33de124c9

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology