Open
Cached
·
just now
20
Headers
Detected Technologies from Headers
YouTube
Google AdSense
Google Maps
Microsoft 365
Google Tag Manager
Bing
Google reCAPTCHA
Google Cloud Run
AppsFlyer
Tapad
Cookiebot
Plaid
Google DoubleClick
Google Analytics
Google Conversion Tracking
Mixpanel
Greenhouse
Typeform
Google Static File Front End
TikTok Analytics
Google Fonts
Contentful
Stripe
Google Search
Facebook
Snapchat
Adobe Fonts (Typekit)
TikTok
Persona
Microsoft Clarity
Sentry
Google Cloud
Next.js
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
origin-when-cross-origin
Permissions-Policy
Present
payment=(self "https://js.stripe.com" "https://hooks.stripe.com"), camera=(), microphone=(); +2 more
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
Connection
close
Vary
Origin
connection: close vary: Origin
Caching Headers
Age
1
Cache-Control
public, s-maxage=0, max-age=0, must-revalidate
Etag
"rwcl80os9046ak"
age: 1 cache-control: public, s-maxage=0, max-age=0, must-revalidate etag: "rwcl80os9046ak"
Content Headers
Content-Length
194845
Content-Type
text/html; charset=utf-8
content-length: 194845 content-type: text/html; charset=utf-8
Server Headers
No server headers found
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Alt-Svc
h3=":443"; ma=2592000
Back-Forward-Cache
1
Date
Fri, 10 Apr 2026 15:55:06 GMT
Via
1.1 google
X-Download-Options
noopen
X-Nextjs-Cache
HIT
alt-svc: h3=":443"; ma=2592000
back-forward-cache: 1
date: Fri, 10 Apr 2026 15:55:06 GMT
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"/api/csp-report"}]}
via: 1.1 google
x-download-options: noopen
x-nextjs-cache: HIT
Recommendations
Enable compression (gzip/brotli) to improve performance