DNS Gurus
Cached · just now
15 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=15552000; includeSubDomains
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers
Connection
Performance
close
Vary
Performance
Accept-Encoding

Caching Headers

2 headers
Cache-Control
Caching
private, no-cache, no-store, max-age=0, must-revalidate
Etag
Caching
"iqme6dujat2tr0"

Content Headers

2 headers
Content-Length
Content
131868
Content-Type
Content
text/html; charset=utf-8

Server Headers

1 headers
X-Powered-By
Server
Next.js

CORS Headers

0 headers
No CORS headers found

Cookies Headers

0 headers
No cookies headers found

Other Headers

4 headers
Content-Security-Policy-Report-Only
Other
default-src 'self' app-assets.springhealth.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com springhealth.com *.springhealth.com demo.springhealth.com *.demo.springhealth.com amazonaws.com *.amazonaws.com zoom.us *.zoom.us livekit.io *.livekit.io livekit.cloud *.livekit.cloud effectssdk.ai *.truste.com *.trustarc.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com gstatic.com cdn.jsdelivr.net springhealth.com *.springhealth.com demo.springhealth.com *.demo.springhealth.com amazonaws.com *.amazonaws.com zoom.us *.zoom.us livekit.io *.livekit.io livekit.cloud *.livekit.cloud effectssdk.ai *.truste.com *.trustarc.com; img-src 'self' blob: data: maps.gstatic.com fonts.gstatic.com maps.googleapis.com maps.google.com translate.google.com lh3.ggpht.com streetviewpixels-pa.googleapis.com khms0.googleapis.com khms1.googleapis.com res.cloudinary.com d1pwskn5bvutk0.cloudfront.net cdn.branch.io spring-cdn.s3.amazonaws.com spring-cdn.springhealth.com spring-cdn.springtest.us *.trustarc.com *.truste.com embed-ssl.wistia.com *.wistia.com springhealth.com *.springhealth.com demo.springhealth.com *.demo.springhealth.com amazonaws.com *.amazonaws.com zoom.us *.zoom.us livekit.io *.livekit.io livekit.cloud *.livekit.cloud effectssdk.ai *.truste.com *.trustarc.com; connect-src 'self' events.launchdarkly.com clientstream.launchdarkly.com app.launchdarkly.com api-js.mixpanel.com browser-intake-datadoghq.com browser-http-intake.logs.datadoghq.com csp-report.browser-intake-datadoghq.com rum.browser-intake-us5-datadoghq.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com app.retently.com api2.branch.io maps.googleapis.com storage.googleapis.com api.iconify.design api.simplesvg.com api.unisvg.com maps.google.com ekr.zdassets.com api.stripe.com cdn.jsdelivr.net *.production.livekit.cloud *.trustarc.com cdn.oursprivacy.com springhealth.com *.springhealth.com demo.springhealth.com *.demo.springhealth.com amazonaws.com *.amazonaws.com zoom.us *.zoom.us livekit.io *.livekit.io livekit.cloud *.livekit.cloud effectssdk.ai *.truste.com *.trustarc.com wss://springhealth.com wss://*.springhealth.com wss://springtest.us wss://*.springtest.us wss://widget-mediator.zopim.com wss://*.livekit.cloud wss://*.zoom.us; font-src 'self' data: fonts.gstatic.com *.trustarc.com *.truste.com springhealth.com *.springhealth.com demo.springhealth.com *.demo.springhealth.com amazonaws.com *.amazonaws.com zoom.us *.zoom.us livekit.io *.livekit.io livekit.cloud *.livekit.cloud effectssdk.ai *.truste.com *.trustarc.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn.retently.com cdn.branch.io app.link maps.googleapis.com static.zdassets.com js.stripe.com cdn.jsdelivr.net browser-update.org maps.google.com decagon.ai *.trustarc.com fast.wistia.com *.wistia.com springhealth.com *.springhealth.com demo.springhealth.com *.demo.springhealth.com amazonaws.com *.amazonaws.com zoom.us *.zoom.us livekit.io *.livekit.io livekit.cloud *.livekit.cloud effectssdk.ai *.truste.com *.trustarc.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: app.link cdn.retently.com js.stripe.com maps.google.com maps.googleapis.com decagon.ai *.trustarc.com springhealth.com *.springhealth.com demo.springhealth.com *.demo.springhealth.com amazonaws.com *.amazonaws.com zoom.us *.zoom.us livekit.io *.livekit.io livekit.cloud *.livekit.cloud effectssdk.ai *.truste.com *.trustarc.com; frame-src 'self' js.stripe.com hooks.stripe.com decagon.ai *.trustarc.com spring-cdn.springhealth.com spring-cdn.springtest.us fast.wistia.com *.wistia.com *.wistia.net; media-src 'self' blob: ssl.gstatic.com spring-cdn.springhealth.com spring-cdn.springtest.us spring-cdn.s3.amazonaws.com es-moments-audio.s3.amazonaws.com moments-videos.springhealth.com provider-profile-videos.springhealth.com springhealth.com *.springhealth.com springtest.us *.springtest.us; worker-src 'self' blob: data:; frame-ancestors 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub48370445d3b58a3e5f4e0f9bb93529c0&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production
Date
Other
Sat, 27 Dec 2025 19:08:28 GMT
X-Dns-Prefetch-Control
Other
off
X-Download-Options
Other
noopen

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology

Analysis completed in 428ms