HTTP Headers Analysis for https://airbnb.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=10886400; includeSubdomains

Content-Security-Policy

Basic

child-src; connect-src; default-src; +9 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

2 headers

Connection

Performance

Transfer-Encoding

Performance

chunked

Caching Headers

2 headers

Cache-Control

Caching

no-store, max-age=0, private, must-revalidate

Expires

Caching

Thu, 01 Jan 1970 00:00:00 GMT

Content Headers

1 headers

Content-Type

Content

text/html;charset=utf-8

Server Headers

1 headers

Server

nginx

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

ak_bmsc=7B1EE360687556898EDA100F1E0F3C42~000000000000000000000000000000~YAAQDBchFwQhKC2aAQAAfUD1SB2kEdwjHQb9/4Oakdi4BSnBFEzUFaxLvXGopguQK5GY9bjTiW2rZgr6DO2cqgA8myEYd/Bc+7ukoy7n8dTcY1ZWZ8dYUceNlXQ5SfpYm8sDjFR5W34HuA0HR9QesWxuHVVdp+BQ/6DEp8Av6o5Fa4t5O9wQrlse+yyFVuSXwW6pL8lcjtaryltCYxxwWjcDexwtbVLdMISd//mdrcQ2dsqGPCyTZxoeG//AaFG3VDc05Ar5Ukpd+KGxDp9M1eyy1KekHJ8MMbPtxQ6TXtFxm8QeiyA2xed8gDEn3n7p5u3V0Wz/m9EDru1lE/ramvPySystTVe5TKkh5Q==; Domain=.airbnb.com; Path=/; Expires=Mon, 03 Nov 2025 11:03:43 GMT; Max-Age=7200; HttpOnly

Other Headers

22 headers

Accept-Ch

Other

Sec-CH-Device-Memory, Sec-CH-DPR, ECT, Sec-CH-UA-Platform-Version, Sec-CH-Viewport-Width, Sec-CH-Device-Memory, Sec-CH-DPR, ECT, Sec-CH-UA-Platform-Version, Sec-CH-Viewport-Width

Accept-Ch-Lifetime

Other

31536000

Akamai-Request-Bc

Other

[a=23.33.23.12,b=1237988494,c=g,n=US_IL_CHICAGO,o=20940],[c=c,n=US_VA_STERLING,o=20940],[a=247,c=o]

Alt-Svc

Other

h3=":443"; ma=93600

Cachestatus

Other

on

Date

Other

Mon, 03 Nov 2025 09:03:43 GMT

Link

Other

<https://a0.muscache.com/airbnb/static/packages/web/common/frontend/core-guest-loop/apps/core-guest-spa/client.5baf3cb998.css>;rel=preload;as=style;crossorigin=anonymous;media=print,<https://a0.muscache.com/airbnb/static/airbnb-dls-web/build/fonts/cereal-variable/AirbnbCerealVF_W_Wght.2d9d32865ef1262644c455b3ead871e9.woff2>;rel=preload;as=font;type=font/woff2;crossorigin=anonymous,<https://a0.muscache.com/airbnb>;rel=preconnect;crossorigin=anonymous

Origin-Trial

Other

AkOekvxwprBLSP7I2nhyRn5yZGt9lTJN6UIYziFKVYg5OhlzmlNDciWbBWkEQ5TYPz+aqsuIUT2pPEjPUD5dFAsAAABneyJvcmlnaW4iOiJodHRwczovL2FpcmJuYi5jb206NDQzIiwiZmVhdHVyZSI6IlByaW9yaXR5SGludHNBUEkiLCJleHBpcnkiOjE2NDc5OTM1OTksImlzU3ViZG9tYWluIjp0cnVlfQ==

Server-Timing

Other

cdn-cache; desc=MISS, edge; dur=64, origin; dur=75

Status

Other

200 OK

X-Airbnb-Everest-Device-Id

Other

1762160623.EANjk3Mjk4NmU0OWNkMG.8fEz726IYYIoy3U9ru8llailjE5zMgatHnz9oELeqFI

X-Airbnb-Internal-Trace-Id

Other

janA8acoWu1GRum5GaV0CA==

X-Airbnb-Kraken-Flush-Body

Other

1

X-Airbnb-Sureride

Other

c1a1o.0.0c172117.1762160623.49ca348e%%i1c1o%%t1d1o.janA8acoWu1GRum5GaV0CA==%%h1

X-Browser-Type

Other

unknown

X-Envoy-Upstream-Service-Time

Other

67

X-Erf-Bev-Bev

Other

1762160623_EAM2Q3NjkxNTQ0Nz

X-Erf-Bev-Bev-Is-Generated

Other

1

X-Instrumentation

Other

airbnb

X-Kraken-Loop-Name

Other

core-guest-loop

X-Server-Lifecycle-Phase

Other

running

X-Server-Name

Other

www.airbnb.com

Recommendations

Enable compression (gzip/brotli) to improve performance