DNS Gurus
Cached · just now
22 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
  • Consider adding 'preload' to HSTS for maximum security
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding, Accept-Encoding

Caching Headers

3 headers
Cache-Control
Caching
no-store
Expires
Caching
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
Caching
no-cache

Content Headers

1 headers
Content-Type
Content
text/html; charset=UTF-8

Server Headers

2 headers
Server
Server
cloudflare
X-Powered-By
Server
SEOmatic

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
__cf_bm=Kod8Inhx.jd5rVSIhHmMEl7zNP3bWS7WKniLmg1TwBI-1769273572-1.0.1.1-U0Dc.HtbY_6dA2n1OZDbDplIC7kolaGuMRfY7GgoWi1nlaSgucRQzQuUEkgMHlC.uIFidj.CY1K5ZjsScxqAsvwAsDD.W7NA_hetfsLJo4s; path=/; expires=Sat, 24-Jan-26 17:22:52 GMT; domain=.www.matillion.com; HttpOnly; Secure; SameSite=None

Other Headers

8 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Cache-Status
Other
DYNAMIC
Cf-Ray
Other
9c310b2ad8a6c5e9-IAD
Content-Security-Policy-Report-Only
Other
base-uri 'none'; default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://cdn.heapanalytics.com https://distillery.wistia.com/x https://matillion.ddev.site:3000/ wss://matillion.ddev.site:3000 https://fast.wistia.com https://www.googletagmanager.com https://cdn.heapanalytics.com/js/heap-1873293713.js https://cdn.iubenda.com/cs/iubenda_cs.js https://connect.facebook.net/en_US/fbevents.js https://content.cdntwrk.com/components/website-widget/v1/118604/widget.js https://fast.wistia.com/assets/external/E-v1.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/848565924/ https://in.ml314.com/ud.ashx https://js.driftt.com/include/1688577300000/vh948h8ntehg.js https://js.intercomcdn.com/vendor-modern.255c4d36.js https://lift-ai-js.marketlinc.com/www.matillion.com/deployment.js https://ml314.com/tag.aspx https://munchkin.marketo.net/munchkin.js https://okt.to/ping https://pages.matillion.com/js/forms2/js/forms2.min.js https://script.hotjar.com/modules.832d10fb416834285523.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/c/hotjar-2386626.js https://static.oktopost.com/oktrk.js https://tag.demandbase.com/00a4b81bfa345e5b.min.js https://tracking.g2crowd.com/attribution_tracking/conversions/5351.js https://widget.intercom.io/widget/rjk6vrpn https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion/848565924/ https://www.googletagmanager.com/gtag/js https://www.iubenda.com/cookie-solution/confs/js/48216078.js https://www.redditstatic.com/ads/pixel.js; style-src 'self' 'unsafe-inline' https://p.typekit.net https://pages.matillion.com https://use.typekit.net; img-src 'self' data: 'self' data: https://alb.reddit.com https://analytics.twitter.com https://embed-ssl.wistia.com https://fast.wistia.com https://googleads.g.doubleclick.net https://heapanalytics.com https://id.rlcdn.com https://insight.adsrvr.org https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com; connect-src 'self' https://992-uiw-731.mktoresp.com https://analytics.google.com https://api-iam.intercom.io https://api.company-target.com https://content.hotjar.io https://distillery.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://google.com https://hits-i.iubenda.com https://in.hotjar.com https://metrics.hotjar.io https://stats.g.doubleclick.net https://tag-logger.demandbase.com https://v2.api.uberflip.com https://visitor-scoring-c.marketlinc.com https://www.google-analytics.com https://www.google.com wss://nexus-websocket-a.intercom.io wss://ws.hotjar.com; font-src 'self' 'self' data: https://fast.wistia.com https://use.typekit.net; media-src 'self' blob:; frame-src 'self' 'self' https://12420912.fls.doubleclick.net https://js.driftt.com https://pages.matillion.com https://s.company-target.com https://www.facebook.com;
Date
Other
Sat, 24 Jan 2026 16:52:52 GMT
Hx-Push-Url
Other
?page=1&sort=postDate%20DESC
Link
Other
<https://www.matillion.com/trust-center>; rel='canonical'
X-Robots-Tag
Other
all

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology