HTTP Headers Analysis for https://magic.link

Detected Technologies from Headers

See all in URL Inspect 6

ClearBit

Google Analytics

Google Fonts

HubSpot

HubSpot Forms

Vercel

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000

Content-Security-Policy

Basic

base-uri; child-src; connect-src; +13 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Present

clipboard-read=(), clipboard-write=(), gamepad=(); +27 more

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

RSC, Next-Router-State-Tree, Next-Router-Prefetch

accept-ranges: bytes
connection: close
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch

Caching Headers

Age

Caching

1018428

Cache-Control

Caching

public, max-age=0, must-revalidate

Etag

Caching

"cc545b75b13ed5924971d7f3ad2da19b"

age: 1018428
cache-control: public, max-age=0, must-revalidate
etag: "cc545b75b13ed5924971d7f3ad2da19b"

Content Headers

Content-Disposition

Content

inline

Content-Length

Content

148196

Content-Type

Content

text/html; charset=utf-8

content-disposition: inline
content-length: 148196
content-type: text/html; charset=utf-8

Server Headers

Server

Vercel

server: Vercel

CORS Headers

Access-Control-Allow-Origin

Cors

*

access-control-allow-origin: *

Cookies Headers

No cookies headers found

Other Headers

Date

Other

Sun, 03 May 2026 15:06:16 GMT

Feature-Policy

Other

clipboard-read 'none';clipboard-write 'none';gamepad 'none';speaker-selection 'none';accelerometer 'none';ambient-light-sensor 'none';autoplay 'none';battery 'none';camera 'none';cross-origin-isolated 'none';display-capture 'none';document-domain 'none';encrypted-media 'none';execution-while-not-rendered 'none';execution-while-out-of-viewport 'none';fullscreen 'none';geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';navigation-override 'none';payment 'none';picture-in-picture 'none';publickey-credentials-get 'none';screen-wake-lock 'none';sync-xhr 'none';usb 'none';web-share 'none';xr-spatial-tracking 'none';

X-Content-Security-Policy

Other

base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src 'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self';

X-Matched-Path

Other

/

X-Vercel-Cache

Other

HIT

X-Vercel-Id

Other

iad1::qhnjk-1777820776949-2d5cf91f7814

X-Webkit-Csp

Other

base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src 'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self';

date: Sun, 03 May 2026 15:06:16 GMT
feature-policy: clipboard-read 'none';clipboard-write 'none';gamepad 'none';speaker-selection 'none';accelerometer 'none';ambient-light-sensor 'none';autoplay 'none';battery 'none';camera 'none';cross-origin-isolated 'none';display-capture 'none';document-domain 'none';encrypted-media 'none';execution-while-not-rendered 'none';execution-while-out-of-viewport 'none';fullscreen 'none';geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';navigation-override 'none';payment 'none';picture-in-picture 'none';publickey-credentials-get 'none';screen-wake-lock 'none';sync-xhr 'none';usb 'none';web-share 'none';xr-spatial-tracking 'none';
x-content-security-policy: base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src  'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self';
x-matched-path: /
x-vercel-cache: HIT
x-vercel-id: iad1::qhnjk-1777820776949-2d5cf91f7814
x-webkit-csp: base-uri 'self' about: *;child-src 'none';connect-src 'self' webpack://* *;default-src 'self';font-src 'self' data: fonts.gstatic.com *;form-action 'self' https: *;frame-ancestors 'none';frame-src  'self' data: https:;img-src * 'self' data: https:;manifest-src 'self';media-src 'self' https: *;object-src 'none';prefetch-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.hs-scripts.com *.hsforms.net *.hsforms.com *.clearbit.com www.google-analytics.com;style-src 'self' 'unsafe-inline' https:;worker-src 'self';

Recommendations

Enable compression (gzip/brotli) to improve performance