Open
Cached
·
3h ago
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000
Content-Security-Policy
Basic
default-src; script-src; style-src; +9 more
default-src 'self'; script-src 'self' 'nonce-ZjBjYTJhZjAtYjQxMy00Mjc5LTg0YmYtMDYxMzE0MjkxYmM2' 'strict-dynamic' 'wasm-unsafe-eval' https://cdn.vector.co https://widget.intercom.io https://b2bjsstore.s3.us-west-2.amazonaws.com https://cdn.usefathom.com https://*.clerk.accounts.dev https://challenges.cloudflare.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' blob: data: https://img.logo.dev https://*.clerk.com https://*.clerk.accounts.dev https://img.clerk.com https://*.googleusercontent.com https://*.intercomcdn.com https://*.intercom-attachments-1.com https://cdn.usefathom.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.intercomcdn.com; connect-src 'self' https://clerk.logo.dev https://*.clerk.com https://*.clerk.accounts.dev https://clerk-telemetry.com https://api.logo.dev https://formspree.io https://api.intercom.io https://api-iam.intercom.io wss://*.intercom.io https://*.sentry.io https://us.i.posthog.com https://us-assets.i.posthog.com https://cdn.usefathom.com; frame-src 'self' https://challenges.cloudflare.com https://*.clerk.accounts.dev https://js.stripe.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
Caching Headers
2 headers
Age
Caching
0
Cache-Control
Caching
private, no-cache, no-store, max-age=0, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
Vercel
X-Powered-By
Server
Next.js
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
8 headers
Date
Other
Mon, 19 Jan 2026 07:54:17 GMT
Link
Other
</_next/static/media/GeistMono_Variable.p.73882635.woff2>; rel=preload; as="font"; crossorigin=""; nonce="ZjBjYTJhZjAtYjQxMy00Mjc5LTg0YmYtMDYxMzE0MjkxYmM2"; type="font/woff2", </_next/static/media/Geist_Variable-s.p.f19e4721.woff2>; rel=preload; as="font"; crossorigin=""; nonce="ZjBjYTJhZjAtYjQxMy00Mjc5LTg0YmYtMDYxMzE0MjkxYmM2"; type="font/woff2", </logodev-icon.svg>; rel=preload; as="image"
X-Clerk-Auth-Reason
Other
session-token-and-uat-missing
X-Clerk-Auth-Status
Other
signed-out
X-Matched-Path
Other
/login/[[...sign-in]]
X-Nonce
Other
ZjBjYTJhZjAtYjQxMy00Mjc5LTg0YmYtMDYxMzE0MjkxYmM2
X-Vercel-Cache
Other
MISS
X-Vercel-Id
Other
iad1::iad1::5j2cp-1768809257063-23dd08911d05
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology