Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
base-uri; child-src; connect-src; +13 more
base-uri 'self'; child-src *.hsforms.com; connect-src 'self' *.incident.io https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk stats.g.doubleclick.net googleads.g.doubleclick.net *.segment.com *.segment.io *.linkedin.com cdn.linkedin.oribi.io *.iubenda.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbit.com wss://*.qualified.com *.qualified.com conversions-config.reddit.com www.redditstatic.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.greenhouse.io https://*.api.sanity.io wss://*.api.sanity.io https://*.vanta.com https://*.chilipiper.com vitals.vercel-insights.com website-15j7mes9f-incident-io-team.vercel.app; default-src 'self'; font-src 'self' https: data: fonts.gstatic.com fonts.googleapis.com; form-action 'self' *.hsforms.com; frame-ancestors 'self' https://incident.sanity.studio https://www.sanity.io; frame-src 'self' https: *.googletagmanager.com *.twitter.com *.iubenda.com app.qualified.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com https://incident.navattic.com https://capture.navattic.com; img-src 'self' blob: data: https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleusercontent.com stats.g.doubleclick.net *.linkedin.com *.iubenda.com *.clearbitjs.com *.clearbit.com *.qualified.com alb.reddit.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://cdn.sanity.io https://*.chilipiper.com; manifest-src 'self'; media-src 'self' https: data: blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: api.twitter.com platform.twitter.com; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com *.iubenda.com *.hubspotusercontent00.net cdn2.hubspot.net; worker-src 'self'; report-uri https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
fullscreen=(self "https://*.youtube.com" "https://*.vimeo.com"), autoplay=(self "https://*.youtube.com" "https://*.vimeo.com"), encrypted-media=(self "https://*.spotify.com"), clipboard-write=(self), picture-in-picture=(self "https://*.youtube.com" "https://*.vimeo.com")
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
3 headers
Connection
Performance
close
Transfer-Encoding
Performance
chunked
Vary
Performance
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
Caching Headers
2 headers
Age
Caching
0
Cache-Control
Caching
private, no-cache, no-store, max-age=0, must-revalidate
Content Headers
1 headers
Content-Type
Content
text/html; charset=utf-8
Server Headers
1 headers
Server
Server
Vercel
CORS Headers
0 headers
No CORS headers found
Cookies Headers
0 headers
No cookies headers found
Other Headers
6 headers
Date
Other
Sun, 01 Feb 2026 07:20:46 GMT
Link
Other
</_next/static/media/83afe278b6a6bb3c-s.p.3a6ba036.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/GeistMono_Variable.p.73882635.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/chunks/d131a999e82d4f6b.css?dpl=dpl_GpYDn37c5dVBChmAb8vt4WVyXFPA>; rel=preload; as="style", </_next/static/chunks/f79cc3d3e2ce5fdb.css?dpl=dpl_GpYDn37c5dVBChmAb8vt4WVyXFPA>; rel=preload; as="style", </_next/static/chunks/ce83637bf9957e0d.css?dpl=dpl_GpYDn37c5dVBChmAb8vt4WVyXFPA>; rel=preload; as="style", </_next/static/chunks/1e7d378b1aefa094.css?dpl=dpl_GpYDn37c5dVBChmAb8vt4WVyXFPA>; rel=preload; as="style"
X-Matched-Path
Other
/status-pages
X-Permitted-Cross-Domain-Policies
Other
none
X-Vercel-Cache
Other
MISS
X-Vercel-Id
Other
iad1::lhr1::h2q6k-1769930446680-ac6b22187f4d
Recommendations
Enable compression (gzip/brotli) to improve performance