Open
Cached
·
just now
25
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
default-src; script-src; style-src; +5 more
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zohopublic.com https://*.zohocdn.com https://va.vercel-scripts.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.zohocdn.com; img-src 'self' data: https: blob:; font-src 'self' https://fonts.gstatic.com https://*.zohocdn.com; connect-src 'self' https://*.zohopublic.com https://*.zoho.com https://*.vercel-storage.com https://vitals.vercel-insights.com wss://*.zohopublic.com; frame-src https://*.zohopublic.com https://*.zoho.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self';
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
origin-when-cross-origin
Permissions-Policy
Present
camera=(), microphone=(), geolocation=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
2 headers
Connection
Performance
close
Vary
Performance
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
Caching Headers
3 headers
Age
Caching
10568
Cache-Control
Caching
public, max-age=86400, stale-while-revalidate=604800
Etag
Caching
"12go2nmz1eu6vvg"
Content Headers
2 headers
Content-Length
Content
321393
Content-Type
Content
text/html; charset=utf-8
Server Headers
2 headers
Server
Server
Vercel
X-Powered-By
Server
Next.js
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
NEXT_LOCALE=en; Path=/; SameSite=lax
Other Headers
8 headers
Date
Other
Sat, 31 Jan 2026 17:58:00 GMT
Link
Other
<https://klikit.io/en>; rel="alternate"; hreflang="en", <https://klikit.io/id>; rel="alternate"; hreflang="id", <https://klikit.io/th>; rel="alternate"; hreflang="th", <https://klikit.io/ja>; rel="alternate"; hreflang="ja", <https://klikit.io/zh>; rel="alternate"; hreflang="zh", <https://klikit.io/ms>; rel="alternate"; hreflang="ms", <https://klikit.io/>; rel="alternate"; hreflang="x-default"
X-Dns-Prefetch-Control
Other
on
X-Matched-Path
Other
/en
X-Nextjs-Prerender
Other
1
X-Nextjs-Stale-Time
Other
300
X-Vercel-Cache
Other
HIT
X-Vercel-Id
Other
iad1::sin1::694v8-1770065829251-1c9423652250
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology