DNS Gurus
Cached · just now
24 Headers

Detected Technologies from Headers

See all in URL Inspect 6
AWS CloudFront logo AWS CloudFront Amazon Advertising logo Amazon Advertising AWS logo AWS Active incidents Amazon S3 logo Amazon S3 Branch logo Branch Express logo Express

HTTP Security Headers

Status
Strict-Transport-Security
Excellent
max-age=47474747; includeSubDomains; preload
Content-Security-Policy
Missing
Not configured Analyze
Content-Security-Policy-Report-Only
AWS CloudFront logo
Basic
default-src; script-src; style-src; +3 more Analyze
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding,User-Agent,Accept-Encoding,User-Agent

Caching Headers

Cache-Control
Caching
no-cache, no-store, must-revalidate, max-age=0
Etag
Caching
W/"2c18-oSUFQo9VXsqhqFz2XrmwA2JYGS8"
Expires
Caching
-1
Pragma
Caching
no-cache

Content Headers

Content-Language
Content
en-US
Content-Type
Content
text/html; charset=utf-8

Server Headers

Server
Server
Server
X-Powered-By
Express logo
Server
Express

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie
Cookies

Other Headers

Date
Other
Fri, 15 May 2026 18:45:13 GMT
Via
AWS CloudFront logo
Other
1.1 f59b3062f68d7021076f3a62fe261882.cloudfront.net (CloudFront)
X-Amz-Cf-Id
AWS CloudFront logo
Other
FvJWzNqWjb9UuYhPbaKGPEwfp8GfReDIsOU3c__bQTZDqJHR45EbHg==
X-Amz-Cf-Pop
AWS CloudFront logo
Other
IAD12-P5
X-Amz-Rid
Amazon S3 logo
Other
SDKKKDFE8YNSD21QRCF7
X-Cache
AWS CloudFront logo
Other
Miss from cloudfront
X-Ua-Compatible
Other
IE=edge,chrome=1

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology