Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
RSC, Next-Router-State-Tree, Next-Router-Prefetch
Caching Headers
3 headers
Age
Caching
18256
Cache-Control
Caching
public, max-age=0, must-revalidate
Etag
Caching
"750e52b6dd722c805e13b626cbf4d7ae"
Content Headers
3 headers
Content-Disposition
Content
inline
Content-Length
Content
539848
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Vercel
CORS Headers
1 headers
Access-Control-Allow-Origin
Cors
*
Cookies Headers
0 headers
No cookies headers found
Other Headers
7 headers
Accept-Encoding
Other
gzip, deflate, br
Content-Security-Policy-Report-Only
Other
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://*.calendly.com https://*.bugsnag.com tag.clearbitscripts.com connect.facebook.net https://*.segment.com https://*.segment.io s3-us-west-2.amazonaws.com *.hs-scripts.com app.linkscout.com *.hsadspixel.net *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net snap.licdn.com www.redditstatic.com www.clickcease.com *.clarity.ms scripts.clarity.ms scout-cdn.salesloft.com static.ads-twitter.com tracking-api.g2.com *.posthog.com vercel.live *.intercom.io *.intercomcdn.com *.doubleclick.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://*.calendly.com https://*.bugsnag.com tag.clearbitscripts.com connect.facebook.net https://*.segment.com https://*.segment.io s3-us-west-2.amazonaws.com *.hs-scripts.com app.linkscout.com *.hsadspixel.net *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net snap.licdn.com www.redditstatic.com www.clickcease.com *.clarity.ms scripts.clarity.ms scout-cdn.salesloft.com static.ads-twitter.com tracking-api.g2.com *.posthog.com vercel.live *.intercom.io *.intercomcdn.com *.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.calendly.com; font-src 'self' https://fonts.gstatic.com *.intercomcdn.com; img-src 'self' data: https:; connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.bugsnag.com https://sessions.bugsnag.com app.linkscout.com www.google.com *.hscollectedforms.net *.hs-forms.com px.ads.linkedin.com pixel-config.reddit.com www.redditstatic.com *.posthog.com *.segment.com *.segment.io tracking-api.g2.com k.clarity.ms *.intercom.io wss://*.intercom.io *.hubapi.com raw.githubusercontent.com pro.ip-api.com *.facebook.com *.clarity.ms; frame-src 'self' www.googletagmanager.com vercel.live *.intercom.io *.hs-forms.com *.apideck.com *.doubleclick.net; frame-ancestors 'none'; report-uri /api/csp-report; report-to csp-endpoint;
Date
Other
Fri, 30 Jan 2026 23:08:22 GMT
Report-To
Other
{"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"/api/csp-report"}]}
X-Matched-Path
Other
/
X-Vercel-Cache
Other
HIT
X-Vercel-Id
Other
iad1::75pxz-1769814502123-98debfeae35e
Recommendations
Enable compression (gzip/brotli) to improve performance