DNS Gurus
Open Cached · just now
19 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
  • Consider adding 'preload' to HSTS for maximum security
  • Add Content-Security-Policy header to prevent XSS attacks
  • Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked

Caching Headers

2 headers
Cache-Control
Caching
max-age=0, private, must-revalidate
Etag
Caching
W/"935b8f34c5ed218a3827a84d28c4c304"

Content Headers

1 headers
Content-Type
Content
text/html; charset=utf-8

Server Headers

3 headers
Server
Server
nginx/1.24.0 + Phusion Passenger(R) 6.0.26
X-Powered-By
Server
Phusion Passenger(R) 6.0.26
X-Runtime
Server
0.085492

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
_pledge_session=DcMgrWKC3%2B1uV8R6S3fa8GBuAZC6MFFxATS3%2BCPF%2F0I%2BdMvc2MTxKqlg6Y1L51%2BGj1hBm1jMPo1EtsoxWVIbmh%2BvjTNrjFK%2F3vZlNaJYskJNAEDw1nIRGgNTH3EdehhvhncWhlBA4eCXXCSU6H9R3FOmpRTCZCQWWa0%2BGK%2By108R3RKCszR5pR7JkRbUDQaBhsg33N0aJftUDp%2BYOUCk7U%2BvrxrHmfacaJ4GjmjlnXSZpfpDPk1qIHBsa6raGCvDlYtVcPF58Lp8hXL3Y%2FolRaWh50JmMIs%3D--ajBN8wbVV0ulAF3W--VwlJlOfp%2BtxF0pTzun0xlA%3D%3D; domain=pledge.to; path=/; secure; HttpOnly; SameSite=Lax

Other Headers

5 headers
Date
Other
Wed, 26 Nov 2025 14:05:38 GMT
Link
Other
<https://hop.pledge.to/assets/home/impact-3e855c9ea1a87dfe1f6c3bcf780c850a1d9a0d3b0207c9c839e5fbacf6f286c2.js>; rel=preload; as=script; crossorigin=anonymous; integrity=sha256-PoVcnqGoff4fbDvPeAyFCh2aDTsCB8nIOeX7rPbyhsI=; nopush,<https://hop.pledge.to/assets/bootstrap5/application-638fa65e5f9ab76c52dd70d7db5a4b8b1f4a6a339d47611039a0622f7128fdd0.css>; rel=preload; as=style; crossorigin=anonymous; integrity=sha256-Y4+mXl+at2xS3XDX21pLix9KajOdR2EQOaBiL3Eo/dA=; nopush,<https://hop.pledge.to/assets/honeybadger-34bb18f0a299bb6f48df0531e45e39570678b46724b178478c95ded556bdbd62.js>; rel=preload; as=script; crossorigin=anonymous; integrity=sha256-NLsY8KKZu29I3wUx5F45VwZ4tGcksXhHjJXe1Va9vWI=; nopush,<https://hop.pledge.to/assets/scrollbarWidth-404b27dcecefbc62e883c0585f4b2adb02ba2cbb700b13764ac63544d9bf2941.js>; rel=preload; as=script; crossorigin=anonymous; integrity=sha256-QEsn3OzvvGLog8BYX0sq2wK6LLtwCxN2SsY1RNm/KUE=; nopush
Status
Other
200 OK
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
942c9378-3e3c-458c-8f07-b80447c467d3

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology

Analysis completed in 916ms