HTTP Headers for vercel.com

Responds with HTTP 200 OK from Vercel — 5 of 6 security headers present.

URL to Check

200 OKhttps://vercel.com/

Security Headers5/6

HSTS

CSP

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

All Response Headers (27)

accept-chSec-CH-Prefers-Color-Scheme

age22

cache-controlpublic, max-age=0, must-revalidate

connectionclose

content-length952173

content-security-policydefault-src 'self' vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com https://risk.clearbit.com https://react-tweet.vercel.app/*;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'inline-speculation-rules' https://snap.licdn.com https://www.youtube.com cdn.vercel-insights.com va.vercel-scripts.com vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com https://risk.clearbit.com https://react-tweet.vercel.app/* cdp.vercel.com;style-src 'self' 'unsafe-inline' vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com https://risk.clearbit.com https://react-tweet.vercel.app/*;img-src 'self' blob: data: *.github.io avatars.githubusercontent.com user-images.githubusercontent.com vercel.com vercel.live *.vercel.sh assets.vercel.com cdn.raster.app https://images.ctfassets.net https://www.google.com https://i.ytimg.com https://s3.amazonaws.com pbs.twimg.com https://www.gravatar.com https://lishhsx6kmthaacj.public.blob.vercel-storage.com;media-src 'self' blob: data: vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com https://risk.clearbit.com https://react-tweet.vercel.app/*;connect-src 'self' data: *.ingest.sentry.io *.ingest.us.sentry.io wss://ws-us3.pusher.com sockjs-use3.pusher.com react-tweet.vercel.app https://*.contentful.com www.vercel-status.com unpkg.com vercel.com *.vercel.com assets.vercel.com *.vercel.sh vercel.live wss://*.vercel.com *.codesandbox.io localhost:* chrome-extension://* https://www.youtube-nocookie.com https://risk.clearbit.com https://react-tweet.vercel.app/* cdp.vercel.com;font-src 'self' vercel.com assets.vercel.com vercel.live fonts.gstatic.com *.vercel.sh;frame-ancestors 'self' https://messaging.haus https://vercel.com https://app.contentful.com https://*.contentful.com https://*.vercel.sh https://*.vercel.com

content-typetext/html; charset=utf-8

critical-chSec-CH-Prefers-Color-Scheme

dateFri, 24 Apr 2026 10:08:33 GMT

etag"n37d1gxcs2keiw"

feature-policyfullscreen 'self'; camera 'none'

referrer-policyorigin-when-cross-origin

serverVercel

set-cookie_v-anonymous-id-renewed=1; Path=/; Max-Age=86400; SameSite=Lax; Secure; Domain=.vercel.com

strict-transport-securitymax-age=31536000; includeSubDomains; preload

varyrsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch

x-content-type-optionsnosniff

x-dns-prefetch-controlon

x-download-optionsnoopen

x-frame-optionsDENY

x-matched-path/precomputed/[experimentCode]/home/[homeFlagsCode]/regular

x-nextjs-prerender1

x-nextjs-stale-time300

x-powered-byNext.js, Payload

x-vercel-cacheHIT

x-vercel-idcle1:iad1::iad1::v67fj-1777025336999-8971e2ecaac9

x-xss-protection0

SSL Certificate Checker

Check any domain's SSL/TLS certificate — issuer, expiry, SANs, and cipher.

→

HTTP Status Codes

Searchable reference of all HTTP status codes with descriptions and use cases.

→

WHOIS Lookup

Look up WHOIS details for any domain or IP address.

→