DNS Gurus
Cached · just now
17 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
connect-src; default-src; font-src; +8 more
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin
Permissions-Policy
Present
accelerometer=(self),autoplay=(self),camera=(self),clipboard-read=(self),clipboard-write=(self),cross-origin-isolated=(self),display-capture=(self),encrypted-media=(self),fullscreen=(self),gamepad=(self),geolocation=(self),gyroscope=(self),hid=(self),idle-detection=(self),interest-cohort=(self),keyboard-map=(self),magnetometer=(self),microphone=(self),midi=(self),payment=(self),picture-in-picture=(*),publickey-credentials-get=(self),screen-wake-lock=(self),serial=(self),sync-xhr=(self),usb=(self),web-share=(self),xr-spatial-tracking=(self)
Recommendations
  • Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

2 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked

Caching Headers

2 headers
Cache-Control
Caching
no-cache, no-store
Pragma
Caching
no-cache

Content Headers

1 headers
Content-Type
Content
text/html; charset=utf-8

Server Headers

2 headers
Server
Server
Microsoft-IIS/10.0
X-Powered-By
Server
ASP.NET

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
SERVERID=corpweb01; httponly; secure; SameSite=Strict; path=/

Other Headers

2 headers
Date
Other
Mon, 19 Jan 2026 12:09:11 GMT
X-Permitted-Cross-Domain-Policies
Other
none

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology