HTTP Headers Analysis for https://now.sh

Detected Technologies from Headers

See all in URL Inspect 17

GitHub

Gravatar

YouTube

Amazon S3

ClearBit

CodeSandbox

Contentful

Google Fonts

Google Search

Next.js

Pusher

Raster

Sentry

Twitter

unpkg

Vercel

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; style-src; +5 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch

connection: close
vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch

Caching Headers

Age

Caching

54

Cache-Control

Caching

public, max-age=0, must-revalidate

Etag

Caching

"uelfdr56c8kpy1"

age: 54
cache-control: public, max-age=0, must-revalidate
etag: "uelfdr56c8kpy1"

Content Headers

Content-Length

Content

966980

Content-Type

Content

text/html; charset=utf-8

content-length: 966980
content-type: text/html; charset=utf-8

Server Headers

Server

Vercel

X-Powered-By

Server

Next.js, Payload

server: Vercel
x-powered-by: Next.js, Payload

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _v-consent=%7B%22essential%22%3Atrue%2C%22analytics%22%3Atrue%2C%22marketing%22%3Atrue%2C%22functional%22%3Atrue%2C%22version%22%3A1%7D; Path=/; Max-Age=31536000; SameSite=Lax; Secure; Domain=.vercel.com
_v-anonymous-id=PCsum5_CuUtJC3EOFyXKn; Path=/; Max-Age=7776000; SameSite=Lax; Secure; Domain=.vercel.com
_v-anonymous-id-renewed=1; Path=/; Max-Age=86400; SameSite=Lax; Secure; Domain=.vercel.com

Other Headers

Accept-Ch

Other

Sec-CH-Prefers-Color-Scheme

Critical-Ch

Other

Sec-CH-Prefers-Color-Scheme

Date

Other

Sun, 03 May 2026 22:40:09 GMT

Feature-Policy

Other

fullscreen 'self'; camera 'none'

X-Dns-Prefetch-Control

Other

on

X-Download-Options

Other

noopen

X-Matched-Path

Other

/precomputed/[experimentCode]/home/[homeFlagsCode]/regular

X-Nextjs-Prerender

Other

1

X-Nextjs-Stale-Time

Other

300

X-Vercel-Cache

Other

HIT

X-Vercel-Id

Other

iad1::iad1::sxw6w-1777848066617-7235b484f90d

accept-ch: Sec-CH-Prefers-Color-Scheme
critical-ch: Sec-CH-Prefers-Color-Scheme
date: Sun, 03 May 2026 22:40:09 GMT
feature-policy: fullscreen 'self'; camera 'none'
x-dns-prefetch-control: on
x-download-options: noopen
x-matched-path: /precomputed/[experimentCode]/home/[homeFlagsCode]/regular
x-nextjs-prerender: 1
x-nextjs-stale-time: 300
x-vercel-cache: HIT
x-vercel-id: iad1::iad1::sxw6w-1777848066617-7235b484f90d

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology