DNS Gurus
Open Cached · just now
16 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
x-fh-requested-host, accept-encoding

Caching Headers

3 headers
Cache-Control
Caching
max-age=3600
Etag
Caching
"bfa2e8d76f560a2df8f9d99d65c604256ca5cb0aa34819351afb86983fa3c70b"
Last-Modified
Caching
Fri, 28 Nov 2025 11:18:12 GMT

Content Headers

2 headers
Content-Length
Content
1844
Content-Type
Content
text/html; charset=utf-8

Server Headers

0 headers
No server headers found

CORS Headers

0 headers
No CORS headers found

Cookies Headers

0 headers
No cookies headers found

Other Headers

7 headers
Alt-Svc
Other
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Content-Security-Policy-Report-Only
Other
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.jsdelivr.net https://edge.marker.io https://lifemd2.chargify.com https://api.stack-ai.com https://lifemd-test.firebaseapp.com https://www.google-analytics.com https://source.zoom.us https://www.datadoghq-browser-agent.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.jsdelivr.net https://fonts.googleapis.com; img-src 'self' data: blob: https://*.s3.us-west-2.amazonaws.com https://concierge-dev-profile-images-9201.s3.us-west-2.amazonaws.com https://concierge-dev-patient-documents-9201.s3.us-west-2.amazonaws.com https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://*.jsdelivr.net; connect-src 'self' https://api.marker.io https://s3.eu-west-1.amazonaws.com https://source.zoom.us https://*.zoom.us wss://*.zoom.us https://*.googleapis.com https://*.twilio.com https://*.google-analytics.com https://region1.google-analytics.com https://api.physician.dev2.lifemd.dev https://dev-api.care.lifemd.com wss://dev-api.care.lifemd.com https://care.dev.lifemd.com https://us.app.unleash-hosted.com https://planex.dev.prm-lfmd.com https://lifemd2.chargify.com https://api.stack-ai.com https://lifemd-test.firebaseapp.com https://www.google-analytics.com https://firebase.googleapis.com https://cognito-idp.us-west-2.amazonaws.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com; frame-src 'self' https://dev-api.care.lifemd.com https://sandbox.elationemr.com https://lifemd2.chargify.com; media-src 'self' blob: https://*.twilio.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.jsdelivr.net https://edge.marker.io https://source.zoom.us https://*.zoom.us https://zoom.us https://www.googletagmanager.com https://*.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.jsdelivr.net https://fonts.googleapis.com; worker-src 'self' blob: https://source.zoom.us; report-uri https://api.physician.dev2.lifemd.dev/csp-violation-report
Date
Other
Sat, 29 Nov 2025 07:32:07 GMT
X-Cache
Other
MISS
X-Cache-Hits
Other
0
X-Served-By
Other
cache-pdk-kfty8610042-PDK
X-Timer
Other
S1764401527.010292,VS0,VE67

Recommendations

Enable compression (gzip/brotli) to improve performance

Analysis completed in 163ms