HTTP Headers Analysis for https://app.convertflow.co

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

1 headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

cloudflare

X-Runtime

Server

0.019502

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_lead_flow_alpha_session=mXlJwd66hkaB2dm%2BuZeXnWHgO3hMxqdaFQGVpKcJqaEr6UJAu%2FTCGc3svSeL5dtDSLCd6wZzs%2Bx3H9OY6AQxuryo2xRX8S%2B2SZpTI1akhDJDCBzcUz%2BGANBkxyZ0KhPGtSXJFeaRgc17hCM37hFfpW9JNQSIW1v8fhokQAVxpq3onTvg8FW2YsPq%2BK7J1qjGWfLonjBawo54%2BECmZqNpA3p4uZocIDCKiR8G5vJ990dTmP5Xk7%2BXDPhBbRo3e9j7nKPEgeaVdzaqEz3H93TgBGVRIUE5tdZBSbmjBkdSRsY%3D--BO4bSzvGO2ldVPde--qKtWq%2B%2BjTYopSQ7ggf9QKw%3D%3D; path=/; HttpOnly; SameSite=Lax; Secure

Other Headers

10 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9bdeb8e8fb133b17-IAD

Date

Other

Wed, 14 Jan 2026 17:06:09 GMT

Link

Other

</packs/js/application-0629d486ef66d7b600a4.js>; rel=preload; as=script; nopush,</assets/application-021a6aea8fdf1af799b1f487af0c45c3c65d3f1eb11930a2bdddb84f84735ef9.js>; rel=preload; as=script; nopush,</packs/css/application-fbccfe23.css>; rel=preload; as=style; nopush,</assets/application-324ccfe98de1048916e21ac9d684ffa47303e93641ed6be95be3362fac3423c8.css>; rel=preload; as=style; nopush,<https://static.filestackapi.com/filestack-js/3.x.x/filestack.min.js>; rel=preload; as=script; nopush

Nel

Other

{"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}

Report-To

Other

{"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=9XSO4iU0%2BFgR6Fd6Jz39H7G9cTBtEYz5iUwfWRIBS%2B4%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1768410369"}],"max_age":3600}

Reporting-Endpoints

Other

heroku-nel="https://nel.heroku.com/reports?s=9XSO4iU0%2BFgR6Fd6Jz39H7G9cTBtEYz5iUwfWRIBS%2B4%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1768410369"

Via

Other

2.0 heroku-router

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

92578a2f-da67-eec5-4422-e833a0927f14

Recommendations

Enable compression (gzip/brotli) to improve performance