HTTP Headers Analysis for https://activity.xero.com

Detected Technologies from Headers

See all in URL Inspect 14

Akamai

Algolia

Amazon S3

Google Fonts

Intercom

LaunchDarkly

Mixpanel

New Relic

Pendo

Salesforce Cloud

Sentry

Vimeo

Wistia

YouTube

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Good

default-src; connect-src; font-src; +9 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Strengthen CSP by removing 'unsafe-eval'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

max-age=288

Etag

Caching

"520ec3cb76f98448d4ea9ab409c1db06"

Expires

Caching

Thu, 07 May 2026 05:18:01 GMT

Last-Modified

Caching

Wed, 29 Apr 2026 22:18:29 GMT

cache-control: max-age=288
etag: "520ec3cb76f98448d4ea9ab409c1db06"
expires: Thu, 07 May 2026 05:18:01 GMT
last-modified: Wed, 29 Apr 2026 22:18:29 GMT

Content Headers

Content-Length

Content

8766

Content-Type

Content

text/html

content-length: 8766
content-type: text/html

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _abck=C6D7BC14D65D28D6B0891759E1469DA7~-1~YAAQUA80F1iek/adAQAAa7PaAA/9opK+5/ZWMf63xoWGyeqPjpW6wgVb4u6SbD8kowElNo/jpaxnme+2uc9S3KwUm61C5KRvcQMWk9++Df1OMFTuqeqXOu6nK+tYUAYTiVdlBZfz53khj4Q8wM1cTsTHi3Q+jwBnwGd8B4+JMKpuyjSSWJudxpYkZ5I8EXILSHVaUlNwOP7BJWMRGUt1WHKTLP37FtyNxk/BXKwAM7LMR+tCH3lUWw+xfCQP+xcMmzCP65Tso9XBta0lt4nI3/ixXWaP7ZMI//YL4r6S8IJfIDKQjKVsqDGcDB4WO1suPh946Nz4KXwiCY3yyBYUmzPFOy9nx2LlHjLixR+VIc3MFZS0uozDfuTOnpkjAT+ndqOf5zMQlGbhUOyDJLdSoBWU7bpUMY5oYYP7o2BFj3/VPXO6Uhur30bxkP21k/zAc6oK~-1~-1~-1~-1~-1; Domain=.xero.com; Path=/; Expires=Fri, 07 May 2027 05:13:13 GMT; Max-Age=31536000; SameSite=None; Secure
bm_sz=8FF26880E13540ED2DD4C5C654A41621~YAAQUA80F1mek/adAQAAa7PaAB8G/4Tn++KO/gkIQ6JaFCvpqlJ7zyJM0+6vBIOMA3FA+zeT5isUylXAS1VZmuxR4o+gl4DvXgTL8zka2juCZ2jWmFZmfNWkA0BklP54n8jIFXWdiJN6kPX+40Lrgg/XHKZGEda1kmub8b1s522H4t8aS3e9nYFJ+NLH05WNxNeQh33OPvL5987jWdcK9c9M2NbZLYO9cBZaDZM5O9dzvSDD1kp52dfRlZkw06xu/T9BeMp9Rx7deggJHX/WqKLq+07yZqNH61Uotl7Behap4rCmiMgjTL6WmoX72DjF1sr6YpRlbyKfvSpPyecEQ5aY4iB3JALgRpVekNc=~3291188~3293495; Domain=.xero.com; Path=/; Expires=Thu, 07 May 2026 09:13:13 GMT; Max-Age=14400; SameSite=None; Secure

Other Headers

Akamai-Grn

Other

0.500f3417.1778130793.26c09adb

Date

Other

Thu, 07 May 2026 05:13:13 GMT

X-Akamai-Transformed

Other

0 - 0 -

X-Amz-Server-Side-Encryption

Other

AES256

akamai-grn: 0.500f3417.1778130793.26c09adb
date: Thu, 07 May 2026 05:13:13 GMT
x-akamai-transformed: 0 - 0 -
x-amz-server-side-encryption: AES256

Recommendations

Enable compression (gzip/brotli) to improve performance