HTTP Headers Analysis for https://quiz.theoriginway.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31556926; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

browsing-topics=()

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

Performance Headers

2 headers

Connection

Performance

close

Vary

Performance

Accept-Encoding,Cookie

Caching Headers

2 headers

Cache-Control

Caching

public, max-age=60

Expires

Caching

Sat, 03 Jan 2026 01:05:54 GMT

Content Headers

2 headers

Content-Length

Content

54982

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

Server

Heroku

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

fs_flow_session=JTdCJTIyc2Vzc2lvblRva2VuJTIyJTNBJTIyZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNkltRmhPbUk0T2pJeU9tWXhPbVV3T2pSa09qRmhPbU5sT21Wa09qQm1PbVZsT2psak9qQmpPbUZsT21Wa09qRTVPbU5tT2pKbU9tUXhPbVZtSW4wLmV5SjBlWEFpT2lKVFJWTlRTVTlPSWl3aWFXRjBJam9pTVRjMk56UXdNakk1TlNJc0ltVjRjQ0k2SWpFM05qYzBNRFU0T1RVaUxDSnpkV0lpT2lKelpYTnphVzl1ZkRKaE1UUTRZV1ZpTFRKbU1EVXRORGRrTlMxaU1XTmxMV1ZsWVRObE9XVmtOR013TkNJc0ltTnNhV1Z1ZEY5c1lXSmxiQ0k2SW5WM1dVMU9iWFZxYTA0aUxDSm1iRzkzWDJ4aFltVnNJam9pYm1WM0xXWnNiM2NpTENKbGJuWnBjbTl1YldWdWRGOXNZV0psYkNJNkluQnliMlIxWTNScGIyNGlMQ0p5WlhOd2IyNWtaWEpmZFhWcFpDSTZJakZtTnpjeU5URXlMVGt6TlRndE5ETTBOaTFoTmpneExXUTRaR0kxTm1RellUUm1aU0lzSW5ObGMzTnBiMjVmZFhWcFpDSTZJakpoTVRRNFlXVmlMVEptTURVdE5EZGtOUzFpTVdObExXVmxZVE5sT1dWa05HTXdOQ0lzSW5KdmJHVnpJam93ZlEuRHRSNnV1XzdUeGppX3hicjVuMk9PcDFOU09QWERGVHdaTVRkTThBUGJvd3hoekdRUDdHcWlFTGlMd0FsNG5Xd0RHeVFSQ1o0QkZ2ZGtzdU5ETWFaVC0wNGpuZjlyd05SYlNmcFl5WTJQTTUwb3BYUXd0cTF6OVlhUWVtN0JadGIwS0tYTUk5TXhxbEEwaFJqcmhLdG5yMVRfbmRlalZ4dnBOWkdMWUlJUVM1V0QzcHNBQzZCSkowNDBycl9xR0Z4VUQ3RG5hQmJUNVBxdjllNlVzVUZGTWlLa2RMSzN3MzM0dFlZSjN4aG5kOTlXSzhMVV9YTjBRTkFrV1AxWmVIQWVubzJrYzZmWlhrb2p4dDNfcE5ZN2lGYTlXWjE4YXRHUjAwZTNEWWtGWHVid00wQnRqaUdrU1JWOEdIOGxCRmZ6TUJJdEtKSThKbktzZFNmZlg3SS1nJTIyJTJDJTIyc2Vzc2lvblV1aWQlMjIlM0ElMjIyYTE0OGFlYi0yZjA1LTQ3ZDUtYjFjZS1lZWEzZTllZDRjMDQlMjIlN0Q=; path=/; SameSite=None; Secure; Partitioned;

Other Headers

11 headers

Date

Other

Sat, 03 Jan 2026 01:04:54 GMT

Nel

Other

{"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}

Report-To

Other

{"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=t6TkpWX6CdUq5BdOPNdkJUGFD%2BR1bGlxo9blkkb6w0M%3D\u0026sid=67ff5de4-ad2b-4112-9289-cf96be89efed\u0026ts=1767402294"}],"max_age":3600}

Reporting-Endpoints

Other

heroku-nel="https://nel.heroku.com/reports?s=t6TkpWX6CdUq5BdOPNdkJUGFD%2BR1bGlxo9blkkb6w0M%3D&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&ts=1767402294"

Timing-Allow-Origin

Other

https://assets.formsort.com, https://quiz.theoriginway.com/

Via

Other

1.1 heroku-router, 1.1 f40ef15b69787e0ef910a83a639d263a.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

_clmSjiT7Yi-U4mRN1F-jeZxKL2-BtDn9lh4LmzsejfNWhzZWGFPFA==

X-Amz-Cf-Pop

Other

IAD61-P11

X-Cache

Other

Miss from cloudfront

X-Formsort-Version

Other

a31ca92abe4345ad73c2b4a3888ff7bf74ddbf7a

X-Robots-Tag

Other

noindex, nofollow

Recommendations

Enable compression (gzip/brotli) to improve performance