DNS Gurus
Cached · just now
22 Headers

Detected Technologies from Headers

See all in URL Inspect 10
PayPal logo PayPal Vimeo logo Vimeo YouTube logo YouTube Cloudflare CDN logo Cloudflare CDN Google Analytics logo Google Analytics Google DoubleClick logo Google DoubleClick Google Tag Manager logo Google Tag Manager OneTrust logo OneTrust Segment logo Segment The Trade Desk logo The Trade Desk

HTTP Security Headers

Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Weak
frame-ancestors; report-uri
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Consider adding 'preload' to HSTS for maximum security
  • Significantly strengthen CSP directives
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding, Origin

Caching Headers

3 headers
Cache-Control
Caching
no-cache,must-revalidate,max-age=0,no-store,private
Expires
Caching
Thu, 13 Feb 2025 16:48:41 GMT
Last-Modified
Caching
Thu, 13 Feb 2025 16:48:41 GMT

Content Headers

1 headers
Content-Type
Content
text/html;charset=UTF-8

Server Headers

1 headers
Server
Cloudflare CDN logo
Server
cloudflare

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
_cfuvid=1EG_RRCzHG.rcKNTDqm_zAO6XmVmGAcz3eHyxG1c5lQ-1771001321088-0.0.1.1-604800000; path=/; domain=.onepeloton.com; HttpOnly; Secure; SameSite=None

Other Headers

9 headers
Cf-Cache-Status
Cloudflare CDN logo
Other
DYNAMIC
Cf-Ray
Cloudflare CDN logo
Other
9cd5d08fbad1e76c-IAD
Content-Security-Policy-Report-Only
PayPal logo
Other
img-src https://api.segment.io https://l.clarity.ms *.force.com https://s.amazon-adsystem.com slack-imgs-mil-dev.com 'self' https://stats.g.doubleclick.net https://img.youtube.com https://onepeloton-api.techsee.me https://payments.salesforce.com/icons/ https://cdn.cookielaw.org https://login.salesforce.com/icons/ https://support.onepeloton.com.au https://mp8rwtf7yt9p.statuspage.io https://cdn.segment.com https://www.gstatic.com *.slack-edge-gov.com https://self1.techsee.me *.my-salesforce.com https://www.youtube-nocookie.com *.cloudinary.com https://onepeloton.file.force.com https://techsee.me *.amazonaws.com blob: https://conversions-config.reddit.com https://insight.adsrvr.org https://static.ada.support https://peloton-gen.ada.support https://cdn-api.ethyca.com slack-imgs.com slack-gov-dev.com https://rollout.ada.support https://onepeloton.sf-na.desktop.show *.sfdcstatic.com https://onepeloton.techsee.me *.twimg.com https://8851195.fls.doubleclick.net *.slack.com https://www.paypal.com https://imagebaseurl.techsee.me https://support-cdn.onepeloton.com.au https://recordingbaseurl.techsee.me https://et-agent-ui.ge.onepeloton.com *.slack-imgs.com slack-imgs-gov.com https://i.ytimg.com https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ *.salesforce-experience.com https://usa636.sfdc-lywfpd.salesforce.com/icons/ https://sdk-us.techsee.me https://peloton-support.ada.support https://maps.a.forceusercontent.com slack-imgs-gov-dev.com *.slack-edge.com https://self.techsee.me https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://ad.doubleclick.net https://media-subdomain.cdn.techsee.me https://rec.techsee.me slack-mil-dev.com https://www.gstatic.com/recaptcha/ https://geolocation.onetrust.com https://td.doubleclick.net https://onepeloton.my.salesforce.com https://www.google.com/recaptcha/ https://www.redditstatic.com *.slack-edge.mil https://www.sandbox.paypal.com https://i.vimeocdn.com https://privacyportal.onetrust.com https://alb.reddit.com https://www.googletagmanager.com https://onepeloton.sf-na.techsee.me https://media-onepeloton.cdn-us.techsee.me https://www.google-analytics.com *.salesforce.com https://*.adyen.com slack-imgs.mil https://cmp.onepeloton.com data:; report-to sfdc-csp-ep; report-uri https://onepeloton.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D15000000kWYQ&networkId=0DM6O0000001I6l&type=communities
Date
Other
Fri, 13 Feb 2026 16:48:41 GMT
Link
Other
</s/sfsites/auraFW/javascript/REdtNUF5ejJUNWxpdVllUjQtUzV4UTFLcUUxeUY3ZVB6dE9hR0VheDVpb2cxMy4zMzU1NDQzMi41MDMzMTY0OA/aura_prod.js>;rel=preload;as=script;nopush,</s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22dfs%22%3A%228%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22fwuid%22%3A%22REdtNUF5ejJUNWxpdVllUjQtUzV4UTFLcUUxeUY3ZVB6dE9hR0VheDVpb2cxMy4zMzU1NDQzMi41MDMzMTY0OA%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AcommunityApp%22%3A%221422_wotCJi-4iLy4EgTPC6RQ4g%22%7D%2C%22apce%22%3A1%2C%22apck%22%3A%22JHt0aW1lc3RhbXB9MDAwMDAwMDE4Nzdlbl9VUw%22%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22551347034%22%7D/resources.js?pu=1&pv=17703627560002076093526&rv=1770910440000>;rel=preload;as=script;nopush,</s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22dfs%22%3A%228%22%2C%22app%22%3A%22siteforce%3AcommunityApp%22%2C%22serializationVersion%22%3A%221-13.33554432.50331648-b%22%2C%22parts%22%3A%22f%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AcommunityApp%22%3A%221422_wotCJi-4iLy4EgTPC6RQ4g%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22551347034%22%7D/app.js?3=>;rel=preload;as=script;nopush
Report-To
Other
{"endpoints":[{"url":"https://onepeloton.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D15000000kWYQ&networkId=0DM6O0000001I6l&type=communities"}],"max_age":31536000,"group":"sfdc-csp-ep"}
Reporting-Endpoints
Other
sfdc-csp-ep="https://onepeloton.lightning.force.com/_/ContentDomainCSPNoAuth?tenantId=00D15000000kWYQ&networkId=0DM6O0000001I6l&type=communities"
Server-Timing
Other
Headers;dur=68
Timing-Allow-Origin
Other
*

Recommendations

Enable compression (gzip/brotli) to improve performance