Open
Cached
·
just now
17
Headers
Detected Technologies from Headers
Instagram
YouTube
Google AdSense
Chili Piper
Google Tag Manager
Google Sign-In
Cometly
Amplitude
Mux
Fullstory
Google DoubleClick
Google Analytics
Microsoft Advertising
Google Conversion Tracking
Pusher
Sprig
New Relic
Cloudflare CDN
Typeform
Google Cloud Storage
Next.js
Google API JS Client
Google Fonts
Twitter
G Workspace
LinkedIn
Zendesk
Contentful
Cloudinary
Stripe
Drift
unpkg
Fastly
Google Search
Facebook
OneTrust
Customer.io
Pinterest
Cloudflare CDNJS
MNTN
Akamai
Active incidents
FirstPromoter
Sentry
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
Performance Headers
Connection
close
Transfer-Encoding
chunked
Vary
Accept-Encoding
connection: close transfer-encoding: chunked vary: Accept-Encoding
Caching Headers
Cache-Control
private, no-cache, no-store, max-age=0, must-revalidate
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
Content Headers
Content-Type
text/html; charset=utf-8
content-type: text/html; charset=utf-8
Server Headers
Server
cloudflare
X-Powered-By
Next.js
server: cloudflare x-powered-by: Next.js
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Cf-Cache-Status
MISS
Cf-Ray
9f4e79a87dda0cef-IAD
Date
Fri, 01 May 2026 11:34:07 GMT
Via
1.1 google
X-Permitted-Cross-Domain-Policies
none
cf-cache-status: MISS cf-ray: 9f4e79a87dda0cef-IAD date: Fri, 01 May 2026 11:34:07 GMT via: 1.1 google x-permitted-cross-domain-policies: none
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology