HTTP Headers Analysis for https://app.fireworks.ai

Detected Technologies from Headers

See all in URL Inspect 35

AWS CloudFront

Bugcrowd

HubSpot Video

Google Tag Manager

Sanity

Heroku

HubSpot Forms

HubSpot Feedback & Surveys

Google DoubleClick

Google Analytics

Pusher

Firebase

Google Cloud Storage

Google Fonts

Twitter

Cloudflare Web Analytics

HubSpot CMS

Cloudflare Turnstile

Stripe

HubSpot Analytics

Slack

Google Search

Amazon S3

bunny.net Active incidents

GitHub

CookieYes

AWS Active incidents

Vercel

HubSpot

YouTube

HubSpot Live Chat

Sentry

jsDelivr

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; base-uri; frame-src; +8 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Present

camera=(), microphone=(self), geolocation=(); +3 more

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch

connection: close
transfer-encoding: chunked
vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch

Caching Headers

Age

Caching

0

Cache-Control

Caching

private, no-cache, no-store, max-age=0, must-revalidate

age: 0
cache-control: private, no-cache, no-store, max-age=0, must-revalidate

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

Vercel

server: Vercel

CORS Headers

Access-Control-Allow-Origin

Cors

https://fireworks-frontend-5j1ld92i1.preview.fireworks.ai

access-control-allow-origin: https://fireworks-frontend-5j1ld92i1.preview.fireworks.ai

Cookies Headers

No cookies headers found

Other Headers

Date

Other

Sun, 17 May 2026 16:00:21 GMT

Link

Other

URL /_next/static/media/06b9ca65a65a3b06-s.p.woff2

rel=preload as=font crossorigin type=font/woff2

URL /_next/static/media/68180864d7f93f02-s.p.woff2

rel=preload as=font crossorigin type=font/woff2

URL /_next/static/media/e4af272ccee01ff0-s.p.woff2

rel=preload as=font crossorigin type=font/woff2

X-Auto-Login

Other

false

X-Current-Path

Other

/account/home

X-Dns-Prefetch-Control

Other

on

X-Fireworks-Nonce

Other

c63c04a6-b0d3-40e2-ab51-ffd068963715

X-Matched-Path

Other

/account/home

X-Permitted-Cross-Domain-Policies

Other

none

X-Vercel-Cache

Other

MISS

X-Vercel-Id

Other

iad1::iad1::vhswf-1779033621704-01c527aaf677

date: Sun, 17 May 2026 16:00:21 GMT
link: </_next/static/media/06b9ca65a65a3b06-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/68180864d7f93f02-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/e4af272ccee01ff0-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2"
x-auto-login: false
x-current-path: /account/home
x-dns-prefetch-control: on
x-fireworks-nonce: c63c04a6-b0d3-40e2-ab51-ffd068963715
x-matched-path: /account/home
x-permitted-cross-domain-policies: none
x-vercel-cache: MISS
x-vercel-id: iad1::iad1::vhswf-1779033621704-01c527aaf677

Recommendations

Enable compression (gzip/brotli) to improve performance