DNS Gurus
Open Cached · just now
21 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Weak
upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Significantly strengthen CSP directives
  • Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers
Connection
Performance
keep-alive
Transfer-Encoding
Performance
chunked

Caching Headers

2 headers
Age
Caching
419
Last-Modified
Caching
Tue, 11 Nov 2025 11:31:38 GMT

Content Headers

1 headers
Content-Type
Content
text/html; charset=UTF-8

Server Headers

1 headers
Server
Server
cloudflare

CORS Headers

0 headers
No CORS headers found

Cookies Headers

0 headers
No cookies headers found

Other Headers

9 headers
Alt-Svc
Other
h3=":443"; ma=86400
Cf-Apo-Via
Other
tcache
Cf-Cache-Status
Other
HIT
Cf-Edge-Cache
Other
cache,platform=wordpress
Cf-Ray
Other
99ce954d0d5b084b-IAD
Content-Security-Policy-Report-Only
Other
script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' *.google-analytics.com go.trustpayments.com *.onetrust.com *.fontawesome.com *.gstatic.com *.googleapis.com *.cloudflareinsights.com *.trustpilot.com *.zdassets.com *.google.com *.omniconvert.com *.googletagmanager.com *.licdn.com *.facebook.net *.hotjar.com *.cloudflare.com *.yoast.com *.dropbox.com *.live.net ; style-src 'self' 'unsafe-inline' *.onetrust.com *.fontawesome.com *.gstatic.com *.googleapis.com; style-src-elem * 'self' 'unsafe-inline'; img-src 'self' data: 'unsafe-inline' *.linkedin.com *.google.com *.google.co.uk *.onetrust.com *.gstatic.com *.gravatar.com *.trustpayments.com *.zdassets.com *.facebook.com *.google-analytics.com *.google.com.mt; font-src 'self' data: 'unsafe-inline' *.gstatic.com *.trustpayments.com *.fontawesome.com; connect-src 'self' 'unsafe-inline' *.onetrust.com *.google.com *.zendesk.com *.clarity.ms *.omniconvert.com *.fontawesome.com *.cloudflareinsights.com *.zdassets.com *.yoast.com *.linkedin.com *.doubleclick.net *.hotjar.io *.google-analytics.com; media-src 'self' 'unsafe-inline' data:; object-src 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' *.trustpilot.com *.google.com; worker-src 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; base-uri 'self'; manifest-src 'self' 'unsafe-inline'; report-uri https://www.trustpayments.com/csp-violation-report/
Date
Other
Tue, 11 Nov 2025 14:47:09 GMT
Link
Other
<https://www.trustpayments.com/wp-json/>; rel="https://api.w.org/", <https://www.trustpayments.com/wp-json/wp/v2/pages/19302>; rel="alternate"; title="JSON"; type="application/json", <https://www.trustpayments.com/>; rel=shortlink
X-Clacks-Overhead
Other
GNU Terry Pratchett

Recommendations

Enable compression (gzip/brotli) to improve performance

Add Cache-Control header to optimize caching

Analysis completed in 2341ms