HTTP Headers Analysis for https://testconvertflow.herokuapp.com

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

2 headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Etag

Caching

W/"6034fb4789d8729a9f3bb01d0a335643"

Content Headers

2 headers

Content-Length

Content

14077

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

Heroku

X-Runtime

Server

0.280960

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_lead_flow_alpha_session=3xPiI4bljeAgj868CXrWH6kxUhLf9tUfEuiewDXDyY4a%2FhvfnVuWcWGtqh%2BzyJfvHAF9gnsybNbLpMcCo2Aw6k5crRCv%2Bvb7Znzw%2FtMs685CazBkzyNRzq0%2FsPP8tBxfbsUvc76JbjxZSuq5T6Y0KKfl5xruXKzfbEOo1qGy8MsU%2F6nYQoOEx5LAEG4PQP800zP4FA3N9FBuyYJ7SNl79jr6lJipSGurR%2FnNleVx74qYfbqkY3TvnemzOoKPKHfYpUa5w8RoJmW5eF41iLTxjfeNDMeu4eLElJ8X2f7KyaM%3D--SYyKaTMWHgfiEf4f--MFRH3aXFaLPcVm0lceuA5g%3D%3D; path=/; HttpOnly; SameSite=Lax; Secure

Other Headers

8 headers

Date

Other

Fri, 30 Jan 2026 05:08:42 GMT

Link

Other

</packs/js/application-2d79b0e082b03c013847.js>; rel=preload; as=script; nopush,</assets/application-676e0e56544205df02201142e5db53e131abf21d537f0b158b0b5e80c6e46a05.js>; rel=preload; as=script; nopush,</packs/css/application-26281592.css>; rel=preload; as=style; nopush,</assets/application-df8ecbd8eb7655b648577d87ce01a5ea2e11881fe0952c3d70f0cb22671a5182.css>; rel=preload; as=style; nopush,<https://static.filestackapi.com/filestack-js/3.x.x/filestack.min.js>; rel=preload; as=script; nopush

Nel

Other

{"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}

Report-To

Other

{"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=Tscp6QBK9FJqWiTG2VpG5SsFB2UrXcZLDC8%2BH3aGPe0%3D\u0026sid=af571f24-03ee-46d1-9f90-ab9030c2c74c\u0026ts=1769749721"}],"max_age":3600}

Reporting-Endpoints

Other

heroku-nel="https://nel.heroku.com/reports?s=Tscp6QBK9FJqWiTG2VpG5SsFB2UrXcZLDC8%2BH3aGPe0%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1769749721"

Via

Other

1.1 heroku-router

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

62335e2a-e563-c847-a1c6-c0a4d52d1b57