Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; img-src; script-src; +10 more
default-src 'self' https://api.supabase.com http://localhost:8000 https://auth.supabase.io ws://localhost:8000 wss://localhost:8000 https://*.supabase.co wss://*.supabase.co https://*.hcaptcha.com https://cdn-global.configcat.com https://configcat.supabase.com https://*.stripe.com https://*.stripe.network https://www.cloudflare.com https://*.vercel-insights.com https://api.github.com https://raw.githubusercontent.com https://frontend-assets.supabase.com https://*.usercentrics.eu https://ss.supabase.com https://maps.googleapis.com https://ph.supabase.com https://cdnjs.cloudflare.com wss://*.pusher.com https://*.ingest.sentry.io https://*.ingest.us.sentry.io https://*.ingest.de.sentry.io; img-src 'self' blob: data: http://localhost:8000 https://supabase.com https://*.supabase.co https://avatars.githubusercontent.com https://lh3.googleusercontent.com https://frontend-assets.supabase.com https://app.usercentrics.eu https://ss.supabase.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://js.hcaptcha.com https://js.stripe.com https://frontend-assets.supabase.com https://ss.supabase.com https://ph.supabase.com https://vercel.live https://*.pusher.com https://maps.googleapis.com; frame-src 'self' https://newassets.hcaptcha.com https://js.stripe.com https://ss.supabase.com https://vercel.live; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://frontend-assets.supabase.com https://vercel.live; font-src 'self' https://cdnjs.cloudflare.com https://frontend-assets.supabase.com https://vercel.live; worker-src 'self' blob: data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Present
no-sniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Caching Headers
4 headers
Age
Caching
2701
Cache-Control
Caching
public, max-age=0, must-revalidate
Etag
Caching
"950c093d1e1903f85d1f3a8f9e6dbe72"
Last-Modified
Caching
Mon, 26 Jan 2026 20:43:09 GMT
Content Headers
3 headers
Content-Disposition
Content
inline; filename="org"
Content-Length
Content
32077
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Vercel
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
*
Cookies Headers
0 headers
No cookies headers found
Other Headers
6 headers
Date
Other
Mon, 26 Jan 2026 21:28:10 GMT
X-Matched-Path
Other
/org
X-Nextjs-Rewritten-Path
Other
/dashboard/org
X-Robots-Tag
Other
all
X-Vercel-Cache
Other
HIT
X-Vercel-Id
Other
iad1:iad1:iad1::ktr2d-1769462890767-c7f8891b8ec9
Recommendations
Enable compression (gzip/brotli) to improve performance