HTTP Headers Analysis for https://dashboard.convertflow.com

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Caching Headers

1 headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

cloudflare

X-Runtime

Server

0.007287

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_lead_flow_alpha_session=c%2FrsZXIyVAETG7ADTt7%2B2vOX1Olyl6fQxqf8OW4yOQFOYpUO%2B5IEYn96v%2Bn30Zj9s%2Fv0430rEXlJhDsuzZhuodZcCQFNgxkcZSKpLxtTOlhJuBvE9RGzxBx6aJwq0t85TDvlt6pzhBuKghPgjSGdEdRCAHP77KnxQ7nEuVGLhAHHv1mURcPgy%2F1QS2oc34upi8dmCnnv1KUU5Q4AeXC%2FEyK7YSkhqSedBepgcoxkP5vtmbtWQuGDfJSMMhoFetfMBZOnMf%2BhCwKOjLqSUBJycHgeUmYYGsVFHj5jG2IyKgE%3D--4O%2FA79TXoorVeK2g--YrL2P7IaFMZrbVAV7XGNzg%3D%3D; path=/; HttpOnly; SameSite=Lax; Secure

Other Headers

10 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9bf1a6f47da8d88a-IAD

Date

Other

Sat, 17 Jan 2026 00:14:23 GMT

Link

Other

</packs/js/application-a8562356f523687b13c9.js>; rel=preload; as=script; nopush,</assets/application-021a6aea8fdf1af799b1f487af0c45c3c65d3f1eb11930a2bdddb84f84735ef9.js>; rel=preload; as=script; nopush,</packs/css/application-693a5ef9.css>; rel=preload; as=style; nopush,</assets/application-52cc90bec5a73fdd93a733b296f204bcf4c2f2980996c5c176d1e845b95e54ce.css>; rel=preload; as=style; nopush,<https://static.filestackapi.com/filestack-js/3.x.x/filestack.min.js>; rel=preload; as=script; nopush

Nel

Other

{"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}

Report-To

Other

{"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=X16LHe4qRwRFFV6wRmP6VosxOpieIyGzpdjEBQm7oIs%3D\u0026sid=1b10b0ff-8a76-4548-befa-353fc6c6c045\u0026ts=1768608863"}],"max_age":3600}

Reporting-Endpoints

Other

heroku-nel="https://nel.heroku.com/reports?s=X16LHe4qRwRFFV6wRmP6VosxOpieIyGzpdjEBQm7oIs%3D&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&ts=1768608863"

Via

Other

2.0 heroku-router

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

92913d31-24f5-aef0-2090-846de3d97d69