Web-Antwort-Audit
nextjs.org HTTP headers
SEO page with a cached HTTP response header and security signals check.
Ergebnisse
Status
200
Final URL
https://nextjs.org
Age
325
Cache-Control
public, max-age=0, must-revalidate
Content-Security-Policy
default-src 'self' nextjs.org *.nextjs.org vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com wss://*.nextjs.org localhost:*;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.google-analytics.com www.googleadservices.com www.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com cdn.ampproject.org www.googletagmanager.com *.googleapis.com *.fides-cdn.ethyca.com *.ethyca.com cdn.ethyca.com cdn.vercel-insights.com va.vercel-scripts.com app.cal.com *.cr-relay.com vercel.com *.vercel.com *.vercel.sh vercel.live nextjs.org *.nextjs.org localhost:* chrome-extension://*;child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com td.doubleclick.net github.com calendly.com vercel.cal.com *.vercel.app *.vercel.dev nextjs.org *.nextjs.org vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com wss://*.nextjs.org localhost:*;style-src 'self' 'unsafe-inline' *.googleapis.com nextjs.org *.nextjs.org vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com wss://*.nextjs.org localhost:*;img-src * blob: data:;media-src 'self' videos.ctfassets.net user-images.githubusercontent.com replicate.delivery *.public.blob.vercel-storage.com blob: data: nextjs.org *.nextjs.org vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com wss://*.nextjs.org localhost:*;connect-src 'self' data: vercel.com *.vercel.com *.vercel.sh vercel.live wss://*.vercel.com wss://*.nextjs.org nextjs.org *.nextjs.org localhost:* cdn.vercel-insights.com va.vercel-scripts.com cdp.vercel.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.cr-relay.com *.ethyca.com cdn.ethyca.com risk.clearbit.com *.ingest.sentry.io *.ingest.us.sentry.io *.public.blob.vercel-storage.com;font-src 'self' *.nextjs.org *.vercel.com *.gstatic.com vercel.live *.vercel.sh;worker-src 'self' *.nextjs.org *.vercel.com blob:
Content-Type
text/html; charset=utf-8
Date
Thu, 11 Jun 2026 10:10:24 GMT
Feature-Policy
fullscreen 'self'; camera 'none'
Link
</_next/static/immutable/media/GeistMono_Variable.p.1bcgm0qa26ixg.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/immutable/media/caa3a2e1cccd8315.p.0wgildi0cnwt9.woff2>; rel=preload; as="font"; crossorigin=""; type="font/woff2", </_next/static/immutable/media/logo-github-light.0j2vz9_zw2uex.svg>; rel=preload; as="image", </_next/static/immutable/media/logo-github-dark.3cps0n_-l5sia.svg>; rel=preload; as="image", </_next/static/immutable/media/logo-twitter-x-light.3lfl0ys_vh_gz.svg>; rel=preload; as="image", </_next/static/immutable/media/logo-twitter-x-dark.2ms8a02663zmn.svg>; rel=preload; as="image", </_next/static/immutable/media/logo-bluesky-light.0oj6yf53-gzbh.svg>; rel=preload; as="image", </_next/static/immutable/media/logo-bluesky-dark.1vnxp7olsp0zg.svg>; rel=preload; as="image"
Referrer-Policy
origin-when-cross-origin
Server
Vercel
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Vary
rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
X-Content-Type-Options
nosniff
X-Dns-Prefetch-Control
on
X-Download-Options
noopen
X-Frame-Options
DENY
X-Matched-Path
/home/none
X-Nextjs-Prerender
1
X-Nextjs-Stale-Time
300
X-Powered-By
Next.js
X-Vercel-Cache
HIT
X-Vercel-Id
cdg1::sfo1::sbchs-1781173854477-0696219c4d91
X-Xss-Protection
0