Open
Cached
·
just now
22
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
default-src; script-src; style-src; +11 more
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://clerk.com https://*.clerk.com https://clerk.generate.folderly.com https://challenges.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://b2bjsstore.s3.us-west-2.amazonaws.com; style-src 'self' 'unsafe-inline' https://clerk.com https://*.clerk.com https://clerk.generate.folderly.com https://fonts.googleapis.com; img-src 'self' data: https: blob:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://api.clerk.com https://*.clerk.com https://clerk.generate.folderly.com https://*.supabase.co https://api.openai.com https://api.stripe.com https://www.google-analytics.com https://region1.analytics.google.com https://api-iam.intercom.io https://api.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; media-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self' https://accounts.clerk.dev https://clerk.com https://clerk.generate.folderly.com; frame-src 'self' https://clerk.com https://*.clerk.com https://clerk.generate.folderly.com https://challenges.cloudflare.com; frame-ancestors 'self' https://*.hubspot.com https://app.hubspot.com; worker-src 'self' blob:; upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
camera=(), microphone=(), geolocation=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
Caching Headers
2 headers
Age
Caching
0
Cache-Control
Caching
private, no-cache, no-store, max-age=0, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Vercel
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
8 headers
Date
Other
Thu, 15 Jan 2026 13:12:37 GMT
Link
Other
</_next/static/media/4cf2300e9c8272f7-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2"
X-Clerk-Auth-Reason
Other
session-token-and-uat-missing
X-Clerk-Auth-Status
Other
signed-out
X-Dns-Prefetch-Control
Other
on
X-Matched-Path
Other
/
X-Vercel-Cache
Other
MISS
X-Vercel-Id
Other
iad1::iad1::r74rc-1768482757383-013aae682cd3
Recommendations
Enable compression (gzip/brotli) to improve performance