Open
Cached
·
just now
19
Headers
Detected Technologies from Headers
ClearBit
Cloudflare Turnstile
Decagon
Facebook
Firebase
Giscus
GitHub
Google API JS Client
Google Cloud Functions
Google Conversion Tracking
Google DoubleClick
Google Fonts
Google reCAPTCHA
Google Search
Google Static File Front End
Google Sign-In
Google Tag Manager
G Workspace
HubSpot
HubSpot Analytics
HubSpot Forms
HubSpot Live Chat
jsDelivr
LinkedIn
Next.js
Stripe
TikTok Analytics
Twitter
Vercel
YouTube
Google Cloud
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
camera=(), microphone=(), geolocation=()
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
Performance Headers
Connection
close
Transfer-Encoding
chunked
Vary
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
connection: close transfer-encoding: chunked vary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
Caching Headers
Age
0
Cache-Control
private, no-cache, no-store, max-age=0, must-revalidate
age: 0 cache-control: private, no-cache, no-store, max-age=0, must-revalidate
Content Headers
Content-Type
text/html; charset=utf-8
content-type: text/html; charset=utf-8
Server Headers
Server
Vercel
X-Powered-By
Next.js
server: Vercel x-powered-by: Next.js
CORS Headers
No CORS headers found
Cookies Headers
Other Headers
Date
Wed, 06 May 2026 23:11:50 GMT
Link
URL
/_next/static/media/0e96d314a90a6138-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/13971731025ec697-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/3ecc75a922018515-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/586b5b51f77f1493-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/0e96d314a90a6138-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/13971731025ec697-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/3ecc75a922018515-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/586b5b51f77f1493-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/72cd3833e928425c-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/ab3b7cd5d780c3d4-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/b7ea2ab4a8ad1f81-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
URL
/_next/static/media/d7df244fe7b07b95-s.p.woff2
rel=preload
as=font
crossorigin
type=font/woff2
X-Dns-Prefetch-Control
on
X-Matched-Path
/
X-Vercel-Cache
MISS
X-Vercel-Id
iad1::iad1::wphpg-1778109110383-68c72ad9bd53
date: Wed, 06 May 2026 23:11:50 GMT link: </_next/static/media/0e96d314a90a6138-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/13971731025ec697-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/3ecc75a922018515-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/586b5b51f77f1493-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/72cd3833e928425c-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/ab3b7cd5d780c3d4-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/b7ea2ab4a8ad1f81-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/media/d7df244fe7b07b95-s.p.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2" x-dns-prefetch-control: on x-matched-path: / x-vercel-cache: MISS x-vercel-id: iad1::iad1::wphpg-1778109110383-68c72ad9bd53
Recommendations
Enable compression (gzip/brotli) to improve performance
Consider removing X-Powered-By header to hide server technology