Open
Cached
·
just now
13
Headers
Detected Technologies from Headers
AWS CloudFront
Akamai
Active incidents
AppsFlyer
AWS
Cloudflare
Active incidents
Cloudflare CDN
Cloudflare CDNJS
Cloudinary
Facebook
Google Analytics
Google API JS Client
Google Conversion Tracking
Google DoubleClick
Google Fonts
Google Search
Google Static File Front End
Google Tag Manager
Nginx
Report URI
Sendbird
YouTube
Google Cloud
Next.js
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
connection: close
Caching Headers
Cache-Control
max-age=0, no-cache, no-store
Etag
"gzsixoyzx0u2n"
Expires
Sat, 11 Apr 2026 23:53:35 GMT
Pragma
no-cache
cache-control: max-age=0, no-cache, no-store etag: "gzsixoyzx0u2n" expires: Sat, 11 Apr 2026 23:53:35 GMT pragma: no-cache
Content Headers
Content-Length
39053
Content-Type
text/html; charset=utf-8
content-length: 39053 content-type: text/html; charset=utf-8
Server Headers
Server
nginx
server: nginx
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Date
Sat, 11 Apr 2026 23:53:35 GMT
X-Nextjs-Cache
HIT
date: Sat, 11 Apr 2026 23:53:35 GMT x-nextjs-cache: HIT
Recommendations
Enable compression (gzip/brotli) to improve performance