HTTP Headers Analysis for https://dev.fireworks.ai

Detected Technologies from Headers

See all in URL Inspect 35

AWS CloudFront

Bugcrowd

HubSpot Video Active incidents

Google Tag Manager

Sanity

Heroku

HubSpot Forms Active incidents

HubSpot Feedback & Surveys Active incidents

Google DoubleClick

Google Analytics

Pusher

Firebase

Google Cloud Storage

Google Fonts

Twitter

Cloudflare Web Analytics

HubSpot CMS Active incidents

Cloudflare Turnstile

Stripe

HubSpot Analytics Active incidents

Slack

Google Search

Amazon S3

bunny.net Active incidents

GitHub

CookieYes

AWS

Vercel

HubSpot Active incidents

YouTube

HubSpot Live Chat Active incidents

Sentry

jsDelivr

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; base-uri; frame-src; +8 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Present

camera=(), microphone=(self), geolocation=(); +3 more

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch

connection: close
transfer-encoding: chunked
vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch

Caching Headers

Age

Caching

0

Cache-Control

Caching

private, no-cache, no-store, max-age=0, must-revalidate

age: 0
cache-control: private, no-cache, no-store, max-age=0, must-revalidate

Content Headers

Content-Type

Content

text/html; charset=utf-8

content-type: text/html; charset=utf-8

Server Headers

Server

Vercel

server: Vercel

CORS Headers

Access-Control-Allow-Origin

Cors

*

access-control-allow-origin: *

Cookies Headers

No cookies headers found

Other Headers

Date

Other

Sat, 02 May 2026 17:15:42 GMT

Link

Other

URL /_next/static/media/06b9ca65a65a3b06-s.p.woff2

rel=preload as=font crossorigin type=font/woff2

URL /_next/static/media/68180864d7f93f02-s.p.woff2

rel=preload as=font crossorigin type=font/woff2

URL /_next/static/media/e4af272ccee01ff0-s.p.woff2

rel=preload as=font crossorigin type=font/woff2

X-Auto-Login

Other

false

X-Current-Path

Other

/account/home

X-Dns-Prefetch-Control

Other

on

X-Fireworks-Nonce

Other

849a3e40-0547-4bc4-b96e-247399e1eac8

X-Matched-Path

Other

/account/home

X-Permitted-Cross-Domain-Policies

Other

none

X-Robots-Tag

Other

noindex

X-Vercel-Cache

Other

MISS

X-Vercel-Id

Other

iad1::iad1::8l9jk-1777742141884-8ae33670545a

date: Sat, 02 May 2026 17:15:42 GMT
link: </_next/static/media/06b9ca65a65a3b06-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/68180864d7f93f02-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/e4af272ccee01ff0-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2"
x-auto-login: false
x-current-path: /account/home
x-dns-prefetch-control: on
x-fireworks-nonce: 849a3e40-0547-4bc4-b96e-247399e1eac8
x-matched-path: /account/home
x-permitted-cross-domain-policies: none
x-robots-tag: noindex
x-vercel-cache: MISS
x-vercel-id: iad1::iad1::8l9jk-1777742141884-8ae33670545a

Recommendations

Enable compression (gzip/brotli) to improve performance