HTTP Headers Analysis for https://poppulo.com

Detected Technologies from Headers

See all in URL Inspect 2

Next.js

Vercel

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Weak

frame-ancestors Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

camera=(), microphone=(), geolocation=(*)

Recommendations

• Significantly strengthen CSP directives

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Router-Segment-Prefetch

accept-ranges: bytes
connection: close
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Router-Segment-Prefetch

Caching Headers

Age

Caching

16434

Cache-Control

Caching

public, max-age=0, must-revalidate

Etag

Caching

"1de8b421f23c8d53fe6a4fc32b430da2"

age: 16434
cache-control: public, max-age=0, must-revalidate
etag: "1de8b421f23c8d53fe6a4fc32b430da2"

Content Headers

Content-Disposition

Content

inline

Content-Length

Content

125783

Content-Type

Content

text/html; charset=utf-8

content-disposition: inline
content-length: 125783
content-type: text/html; charset=utf-8

Server Headers

Server

Vercel

server: Vercel

CORS Headers

Access-Control-Allow-Credentials

Cors

true

Access-Control-Allow-Headers

Cors

X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version

Access-Control-Allow-Methods

Cors

GET,OPTIONS,PATCH,DELETE,POST,PUT

Access-Control-Allow-Origin

Cors

https://poppulo.sanity.studio

access-control-allow-credentials: true
access-control-allow-headers: X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
access-control-allow-methods: GET,OPTIONS,PATCH,DELETE,POST,PUT
access-control-allow-origin: https://poppulo.sanity.studio

Cookies Headers

No cookies headers found

Other Headers

Date

Other

Thu, 30 Apr 2026 14:21:55 GMT

X-Dns-Prefetch-Control

Other

on

X-Matched-Path

Other

/

X-Nextjs-Prerender

Other

1

X-Nextjs-Stale-Time

Other

300

X-Vercel-Cache

Other

HIT

X-Vercel-Id

Other

iad1::mjl88-1777558915587-cfde844572b4

date: Thu, 30 Apr 2026 14:21:55 GMT
x-dns-prefetch-control: on
x-matched-path: /
x-nextjs-prerender: 1
x-nextjs-stale-time: 300
x-vercel-cache: HIT
x-vercel-id: iad1::mjl88-1777558915587-cfde844572b4

Recommendations

Enable compression (gzip/brotli) to improve performance