DNS Gurus
Cached · just now
29 Headers

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=2628000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Vary
Performance
Accept-Encoding, User-Agent

Caching Headers

2 headers
Cache-Control
Caching
private, no-cache, no-store, max-age=0, must-revalidate
Etag
Caching
"24r2t1cl48ak0q"

Content Headers

1 headers
Content-Type
Content
text/html; charset=utf-8

Server Headers

0 headers
No server headers found

CORS Headers

0 headers
No CORS headers found

Cookies Headers

1 headers
Set-Cookie
Cookies
bm_sz=156288FAB5D0BD18AE3887654F935D7A~YAAQhYEyF1NEfwqcAQAA3daaCx5l3t3EDwUrl7DKhfSisXMfGAcRarG+fHZncUXftFSIrPrRWit10GvLbb8HWRROUaOrbQQ52kpstSDgMr+2TQ8DamxruFCKM5FF6DrQrfSvxeYFxeEzwqMCjKROJhNtmVNmsZmfSLWU89a+S9FL4EZG4V/M9UqwCvA3/tXaBbQm9iFavV333//ErzcOKVhkQB8oBVmLu7vTkuEdzvhbGlAXPqCQ4kTpm4MqJU3QrpncyQs5iO2bfffpoaEMs8Tz7GrlPnVUa+XOyQ1zXsyH8x7GCYqTU+zXxf+LelbrwUwIKUHIiYRn6CXxclXu/FhGuFlyRbEzAWwbP/0t~3486263~3355440; Domain=.groupon.de; Path=/; Expires=Fri, 30 Jan 2026 01:13:40 GMT; Max-Age=14398

Other Headers

19 headers
Date
Other
Thu, 29 Jan 2026 21:13:42 GMT
Server-Timing
Other
rReq;dur=1341, rCon;dur=0, rHdr;dur=1342, hbi;dur=1326, mdlw;dur=175,gIP;dur=1,gSSP;dur=627,rndr;dur=381,total;dur=1211
X-Akamai-Transformed
Other
0 - 0 -
X-B-Cookie
Other
4bb00601-2016-44ab-b006-012016a4abb3
X-B3-Traceid
Other
5b4701f2b11e4ebd96d63a9e95c8f24c
X-Destination
Other
tls_conveyor_next
X-Envoy-Upstream-Service-Time
Other
1342
X-External-Request-Id
Other
true
X-Forwarded-Proto
Other
https
X-Grpn-Served-By-Pod
Other
next-pwa-app--itier--default-5585d59879-45vlh
X-Mtls-Upstream-Time
Other
1326
X-Original-Request-Id
Other
5b4701f2-b11e-4ebd-96d6-3a9e95c8f24c
X-Permitted-Cross-Domain-Policies
Other
none
X-Request-Id
Other
5b4701f2-b11e-4ebd-96d6-3a9e95c8f24c,5b4701f2-b11e-4ebd-96d6-3a9e95c8f24c
X-Request-Originated-From
Other
envoy-tls-side-car--ingress-https
X-Response-Served-From
Other
routing-service--public--eu-west-1--conveyor-production49
X-S-Cookie
Other
66b39a85-230b-4e87-b39a-85230b5e879c
X-Signifyd-Cookie
Other
a64ac698-b226-4652-8ac6-98b226e6525e
X-Ua-Compatible
Other
IE=edge,chrome=1

Recommendations

Enable compression (gzip/brotli) to improve performance