Open
Cached
·
just now
15
Headers
Detected Technologies from Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
Vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
connection: close vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
Caching Headers
Cache-Control
s-maxage=31536000, stale-while-revalidate
Etag
"10x86yjxrc22gvi"
cache-control: s-maxage=31536000, stale-while-revalidate etag: "10x86yjxrc22gvi"
Content Headers
Content-Length
115343
Content-Type
text/html; charset=utf-8
content-length: 115343 content-type: text/html; charset=utf-8
Server Headers
Server
envoy
X-Powered-By
Next.js
server: envoy x-powered-by: Next.js
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Date
Sat, 09 May 2026 10:44:10 GMT
Link
URL
/docs
/docs
rel=service-doc
type=text/html
title=Confidence Documentation
URL
/sitemap.xml
/sitemap.xml
rel=sitemap
type=application/xml
URL
/.well-known/api-catalog
/.well-known/api-catalog
rel=api-catalog
type=application/linkset+json
rel=oauth-authorization-server
type=application/json
URL
/docs
/docs
rel=service-doc
type=text/html
title=Confidence Documentation
URL
/sitemap.xml
/sitemap.xml
rel=sitemap
type=application/xml
URL
/.well-known/api-catalog
/.well-known/api-catalog
rel=api-catalog
type=application/linkset+json
rel=oauth-authorization-server
type=application/json
URL
/.well-known/mcp/server-card.json
/.well-known/mcp/server-card.json
rel=mcp-server-card
type=application/json
Via
HTTP/2 edgeproxy, 1.1 google
X-Nextjs-Cache
HIT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date: Sat, 09 May 2026 10:44:10 GMT link: </docs>; rel="service-doc"; type="text/html"; title="Confidence Documentation", </sitemap.xml>; rel="sitemap"; type="application/xml", </.well-known/api-catalog>; rel="api-catalog"; type="application/linkset+json", <https://auth.confidence.dev/.well-known/oauth-authorization-server>; rel="oauth-authorization-server"; type="application/json", </.well-known/mcp/server-card.json>; rel="mcp-server-card"; type="application/json" via: HTTP/2 edgeproxy, 1.1 google x-nextjs-cache: HIT
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology