Open
Cached
·
just now
15
Headers
Detected Technologies from Headers
AWS CloudFront
AWS
Active incidents
Cloudflare Web Analytics
Facebook
Firebase
Google Analytics
Google API JS Client
Google DoubleClick
Google Maps
Google Search
Google Static File Front End
Google Tag Manager
Intercom
Mixpanel
Active incidents
Next.js
PostHog
Pusher
Stripe
Svix
Vercel
Vimeo
Wistia
YouTube
Google Cloud
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
Transfer-Encoding
chunked
Vary
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
connection: close transfer-encoding: chunked vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
Caching Headers
Age
0
Cache-Control
private, no-cache, no-store, max-age=0, must-revalidate
age: 0 cache-control: private, no-cache, no-store, max-age=0, must-revalidate
Content Headers
Content-Type
text/html; charset=utf-8
content-type: text/html; charset=utf-8
Server Headers
Server
Vercel
X-Powered-By
Next.js
server: Vercel x-powered-by: Next.js
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Date
Wed, 13 May 2026 19:12:59 GMT
Link
URL
/_next/static/media/21350d82a1f187e9-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/e4af272ccee01ff0-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/8a59df7bd7059e9b-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/css/ccd25be3be842a15.css?dpl=dpl_B1V1vq5x1qQBYvAMff9aq1EH8eJ4
rel=preload
as=style
URL
/_next/static/media/21350d82a1f187e9-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/e4af272ccee01ff0-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/8a59df7bd7059e9b-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/css/ccd25be3be842a15.css?dpl=dpl_B1V1vq5x1qQBYvAMff9aq1EH8eJ4
rel=preload
as=style
URL
/_next/static/css/3ab1abec17a20427.css?dpl=dpl_B1V1vq5x1qQBYvAMff9aq1EH8eJ4
rel=preload
as=style
X-Matched-Path
/login
X-Vercel-Cache
MISS
X-Vercel-Id
iad1::dub1::zkpwq-1778699579751-f39d49935824
date: Wed, 13 May 2026 19:12:59 GMT link: </_next/static/media/21350d82a1f187e9-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/e4af272ccee01ff0-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/8a59df7bd7059e9b-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/css/ccd25be3be842a15.css?dpl=dpl_B1V1vq5x1qQBYvAMff9aq1EH8eJ4>; rel=preload; as="style", </_next/static/css/3ab1abec17a20427.css?dpl=dpl_B1V1vq5x1qQBYvAMff9aq1EH8eJ4>; rel=preload; as="style" x-matched-path: /login x-vercel-cache: MISS x-vercel-id: iad1::dub1::zkpwq-1778699579751-f39d49935824
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology