DNS Gurus
Cached · just now
18 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=300; includeSubDomains
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers
Connection
Performance
close
Vary
Performance
Cookie, Accept-Language

Caching Headers

2 headers
Cache-Control
Caching
max-age=0, no-cache, no-store, must-revalidate, private
Expires
Caching
Sun, 25 Jan 2026 17:25:10 GMT

Content Headers

3 headers
Content-Language
Content
en-us
Content-Length
Content
14401
Content-Type
Content
text/html; charset=utf-8

Server Headers

1 headers
Server
Server
gunicorn

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
sessionid=djmfy3kfx21g7ep9z4gj2v9se4bayfcr; expires=Sun, 25 Jan 2026 19:25:10 GMT; HttpOnly; Max-Age=7200; Path=/; SameSite=Lax

Other Headers

5 headers
Content-Security-Policy-Report-Only
Other
style-src-elem 'self' 'unsafe-inline' blob: https://www.gstatic.com fonts.googleapis.com https://www.google-analytics.com https://cdn.heapanalytics.com https://cdn.segment.com s3.amazonaws.com/prod-manage-5.6.107/static/; img-src 'self' https://heapanalytics.com https://hexagon-analytics.com s3.amazonaws.com/prod-manage-5.6.107/static/; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com s3.amazonaws.com/prod-manage-5.6.107/static/; style-src 'self' 'unsafe-inline' 'unsafe-eval' s3.amazonaws.com/prod-manage-5.6.107/static/; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.segment.com https://www.gstatic.com scripts.kissmetrics.com www.google-analytics.com https://www.google.com cdn.heapanalytics.com ajax.googleapis.com maps.googleapis.com https://sdk.us.heap-api.com https://cdn.datatables.net s3.amazonaws.com/prod-manage-5.6.107/static/; default-src 'self'; connect-src 'self' https://cdn.segment.com https://api.segment.io trc.kissmetrics.com https://www.google-analytics.com https://maps.googleapis.com/ https://api.flowroute.com
Date
Other
Sun, 25 Jan 2026 17:25:10 GMT
Loadingtime
Other
0.03
Multihost
Other
flowroute.urls
X-Request-Id
Other
c7dddbf0-8057-48fc-81a1-6826f8f55281

Recommendations

Enable compression (gzip/brotli) to improve performance