DNS Gurus
Open Cached · just now
19 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Weak
upgrade-insecure-requests
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Significantly strengthen CSP directives
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding

Caching Headers

0 headers
No caching headers found

Content Headers

1 headers
Content-Type
Content
text/html; charset=utf-8

Server Headers

2 headers
Server
Server
cloudflare
X-Powered-By
Server
Express

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
_cfuvid=r3VgAF6EhLbPxNwzemraV6ZtgMcjxm9_k26zS1iqxic-1762943874262-0.0.1.1-604800000; path=/; domain=.airasia.com; HttpOnly; Secure; SameSite=None

Other Headers

9 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
99d5658018d13994-IAD
Content-Security-Policy-Report-Only
Other
default-src 'self'; base-uri 'self'; block-all-mixed-content; object-src 'none'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagservices.com https://*.google-analytics.com https://*.airasia.com https://*.apiairasia.com https://*.airasia.cn https://*.google.com https://www.gstatic.com https://www.recaptcha.net https://*.widerplanet.com http://*.widerplanet.com https://d2r1yp2w7bby2u.cloudfront.net https://sg1.clevertap-prod.com https://static.cloudflareinsights.com https://*.clarity.ms https://*.doubleclick.net https://*.googlesyndication.com http://static.clevertap.com https://*.adtrafficquality.google https://cdn.moengage.com https://cdn.ampproject.org https://www.gstatic.com https://ajax.googleapis.com https://js.hcaptcha.com https://cdn-ima.33across.com https://oa.openxcdn.net https://static.criteo.net https://invstatic101.creativecdn.com https://tags.crwdcntrl.net https://cdnjs.cloudflare.com https://websdk.appsflyer.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.airasia.com https://*.airasia.cn https://www.gstatic.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data:; connect-src 'self' https://*.apiairasia.com https://*.airasia.com https://*.airasia.cn https://airasia.ck123.io https://airasia.gw-dv.vip https://ls.cdn-gw-dv.vip https://*.google-analytics.com https://*.googletagmanager.com https://*.clarity.ms https://sg1.clevertap-prod.com https://*.doubleclick.net https://*.googlesyndication.com https://*.google.com https://api.34.8.215.20.nip.io https://ingestfnt-us.dsp-api.moloco.com https://api.vidi.co https://*.adtrafficquality.google https://www.recaptcha.net wss://chatbot.airasia.com https://bcp.crwdcntrl.net https://oajs.openx.net/ https://pixelfnt-us.dsp-api.moloco.com/ https://rc.conviva.com/ https://3e89bbb8ef74ef58e62f5df202a002d76aa3d9bf.appgw.conviva.com/ https://rcg.conviva.com/ https://websdk.appsflyer.com; frame-src 'self' https://*.google.com https://www.recaptcha.net https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.googletagmanager.com https://*.widerplanet.com https://*.adtrafficquality.google https://pixelfnt-us.dsp-api.moloco.com https://ls.cdn-gw-dv.vip https://gumi.criteo.com/ https://google-bidout-d.openx.net/ https://newassets.hcaptcha.com/ https://*.airasia.cn https://*.airasia.com; worker-src 'self' blob:;
Date
Other
Wed, 12 Nov 2025 10:37:54 GMT
X-Cdn-Geo-City
Other
Ashburn
X-Cdn-Geo-Country
Other
US
X-Cloud-Trace-Context
Other
2fffb3bd29ab2bf473468e5f3c1c1823
X-Envoy-Upstream-Service-Time
Other
1954

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching

Consider removing X-Powered-By header to hide server technology

Analysis completed in 3878ms