Today I tackled some long-overdue cleanup and security improvements on my personal site, waytootall.com.

---

Problem #1: Stale /v2 Routes

After cleaning up old pages and deploying a new layout, I noticed that /v2 links were still appearing in the live source code—even though the files were deleted. The issue turned out to be a combination of:

• Stale .next build output left over from previous builds
• A hardcoded /v2/projects link buried in a shared header component
• A failed Vercel deploy that quietly left the old version in production

---

Fixes

• Removed .next, out, and .vercel/output from Git tracking
• Added those folders to .gitignore
• Deleted stale cache files and rebuilt clean
• Replaced the hardcoded link with the correct path

---

Problem #2: Missing Security Headers

A friend ran a scan on securityheaders.com and flagged that the site was missing key HTTP headers. Vercel doesn't set these by default, so I added them directly in next.config.js. After a redeploy and promoting it to production, the site scored an A.

---

Takeaways

• Vercel won’t promote broken deployments, but it also won’t tell you clearly unless you check
• You need to manually clean and rebuild if stale assets slip through
• Don’t forget about security headers if you’re managing your own Next.js setup
• Use Ctrl+Shift+F in VS Code to hunt down rogue paths quickly
• Never track .next or out folders in Git

This was a small but satisfying win. It cleared the way for more focused dev work going forward—now with a faster, more secure site.