HTTP Headers Analysis for https://hello.theoriginway.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31556926; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

browsing-topics=()

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding,Cookie

Caching Headers

2 headers

Cache-Control

Caching

public, max-age=60

Expires

Caching

Fri, 02 Jan 2026 04:02:05 GMT

Content Headers

2 headers

Content-Length

Content

55001

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

Heroku

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

fs_flow_session=JTdCJTIyc2Vzc2lvblRva2VuJTIyJTNBJTIyZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNkltRmhPbUk0T2pJeU9tWXhPbVV3T2pSa09qRmhPbU5sT21Wa09qQm1PbVZsT2psak9qQmpPbUZsT21Wa09qRTVPbU5tT2pKbU9tUXhPbVZtSW4wLmV5SjBlWEFpT2lKVFJWTlRTVTlPSWl3aWFXRjBJam9pTVRjMk56TXlOalEyTlNJc0ltVjRjQ0k2SWpFM05qY3pNekF3TmpVaUxDSnpkV0lpT2lKelpYTnphVzl1ZkRSa1ptRm1aalk1TFdRd05XSXROREkzTVMxaU56azJMVFU0T1dJMk56RmlaV1kyTmlJc0ltTnNhV1Z1ZEY5c1lXSmxiQ0k2SW5WM1dVMU9iWFZxYTA0aUxDSm1iRzkzWDJ4aFltVnNJam9pWW05dmEybHVaeTFtYkc5M0xYUmxjM1FpTENKbGJuWnBjbTl1YldWdWRGOXNZV0psYkNJNkluQnliMlIxWTNScGIyNGlMQ0p5WlhOd2IyNWtaWEpmZFhWcFpDSTZJak0zT1RBek1HSTFMV0UxTkRVdE5HVTVaUzA1TkRabExUZ3pZbVE0WmpneU1qbGxOeUlzSW5ObGMzTnBiMjVmZFhWcFpDSTZJalJrWm1GbVpqWTVMV1F3TldJdE5ESTNNUzFpTnprMkxUVTRPV0kyTnpGaVpXWTJOaUlzSW5KdmJHVnpJam93ZlEuZTRlQWw5Q1QxdVVaaFJOcjFHRnRZeURQdHVuRTBpUE80c2Q3VE9raDBqRVBVOGpQc2MyOU5SeU00Z2tpUjBENmM4dGZjM3JYN1BSRkhTMjlDeGZoT2QtOXFhOGQyZDhmRkp5U09hMmVIeVdrN3FnOVFScy1tUHc5OTZpTmo4Q19qRWhvdHlvNWRvaDE2VFhOZ3g3LW9lTEkyMTNzV3c5Q20wOF9YSjdRcC14QjhWYXdwTjdSY0hUM3ZyM3FEMDYxaFdia1lfeDJRNlFfQXRFU3VqcnBGUEpGN0hqbVNGS3RyOGhqdEU0cVdJSm1GRllDU25uTjNCYzJyZmtsbFF0Q0paZjl5QnRfX2ZUZU1TUUljTmt2dFJSNmQ5MTFXaG5VaEg0Qy1PWTJZMER4d3N2dnJzblJ4RHVQRTBuQlpIaTRXR2R5b0JoanJrRURCYTZUYy11THlnJTIyJTJDJTIyc2Vzc2lvblV1aWQlMjIlM0ElMjI0ZGZhZmY2OS1kMDViLTQyNzEtYjc5Ni01ODliNjcxYmVmNjYlMjIlN0Q=; path=/; SameSite=None; Secure; Partitioned;

Other Headers

11 headers

Date

Other

Fri, 02 Jan 2026 04:01:05 GMT

Nel

Other

{"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}

Report-To

Other

{"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=qaTKqXltidF38Ci%2BPVVw4uwaaHW6VfHdwkjsomUQUOg%3D\u0026sid=67ff5de4-ad2b-4112-9289-cf96be89efed\u0026ts=1767326465"}],"max_age":3600}

Reporting-Endpoints

Other

heroku-nel="https://nel.heroku.com/reports?s=qaTKqXltidF38Ci%2BPVVw4uwaaHW6VfHdwkjsomUQUOg%3D&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&ts=1767326465"

Timing-Allow-Origin

Other

https://assets.formsort.com, https://hello.theoriginway.com/

Via

Other

1.1 heroku-router, 1.1 f40ef15b69787e0ef910a83a639d263a.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

iZzxjIw_J008qHCPDphOMjPZScK-3IpiFArzeqxL8zvgjg45rtgOmQ==

X-Amz-Cf-Pop

Other

IAD61-P11

X-Cache

Other

Miss from cloudfront

X-Formsort-Version

Other

a31ca92abe4345ad73c2b4a3888ff7bf74ddbf7a

X-Robots-Tag

Other

noindex, nofollow

Recommendations

Enable compression (gzip/brotli) to improve performance