HTTP Headers Analysis for https://community.myob.com

Detected Technologies from Headers

See all in URL Inspect 2

Apache

AWS CloudFront

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

connection: close
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

private, no-cache, no-store, max-age=0, must-revalidate

Etag

Caching

"ub4negb07m96ge"

cache-control: private, no-cache, no-store, max-age=0, must-revalidate
etag: "ub4negb07m96ge"

Content Headers

Content-Length

Content

428292

Content-Type

Content

text/html; charset=utf-8

content-length: 428292
content-type: text/html; charset=utf-8

Server Headers

Server

Apache

server: Apache

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: AWSALB=jUPnv2rBLfPt36gH0bhXHZtd0G+soNlcvkjjgrZoQKKyO3fcv6omiL7AfrPiqKr/TsHaDPR4rlWwTUtGssx49pzkTtH20/9pYqHRSp0qM7NMuHjnpSz8ObmTIys/; Expires=Sat, 18 Apr 2026 21:49:47 GMT; Path=/
AWSALBCORS=jUPnv2rBLfPt36gH0bhXHZtd0G+soNlcvkjjgrZoQKKyO3fcv6omiL7AfrPiqKr/TsHaDPR4rlWwTUtGssx49pzkTtH20/9pYqHRSp0qM7NMuHjnpSz8ObmTIys/; Expires=Sat, 18 Apr 2026 21:49:47 GMT; Path=/; SameSite=None; Secure
LiSESSIONID=BFB544FDF9A08CE23F876C6BDB91EFAA; Path=/; Secure; HttpOnly;SameSite=None;SameSite=None
LithiumVisitor=~2cKqzzgva6qm6IMuL~MdMM3i10RRsjDLEpl6rIpx7ctPxd75yFViEW65afEgzketdYe7hb-CZVFI8B20lqRYCHufWafT04gRkfSqmauA..; Path=/; HttpOnly; Max-Age=15780000; Secure; SameSite=None
LithiumTimezonePreferences=US%2FPacific; Path=/; Expires=Sun, 12 Apr 2026 21:49:47 GMT; SameSite=Lax
csrf-aurora=69c5be93a1f7a59ac2f66d3ca5178e0fa14bca5eb4fabcb2f1dbfa1b9d8cf384b04a9a2c9c46e7cd30f7917f024afd963ff5e7bcd0795aa3df3a7200ecf96295%7C37f8c5fdbca34b56e0b233c99ec0879606df29bf5877b48edde2e89bd66411c4; Path=/; HttpOnly; Secure; SameSite=Strict

Other Headers

Date

Other

Sat, 11 Apr 2026 21:49:48 GMT

Via

Other

1.1 08e93cef931ce6eebaa92903f91c120a.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

oN2XneaV5IIvC-zmiZX5Q_Lk2jmE2UDyrdGpoDZAe0HLUQ-A3VBx5A==

X-Amz-Cf-Pop

Other

IAD61-P11

X-Cache

Other

Miss from cloudfront

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

date: Sat, 11 Apr 2026 21:49:48 GMT
via: 1.1 08e93cef931ce6eebaa92903f91c120a.cloudfront.net (CloudFront)
x-amz-cf-id: oN2XneaV5IIvC-zmiZX5Q_Lk2jmE2UDyrdGpoDZAe0HLUQ-A3VBx5A==
x-amz-cf-pop: IAD61-P11
x-cache: Miss from cloudfront
x-dns-prefetch-control: off
x-download-options: noopen
x-permitted-cross-domain-policies: none

Recommendations

Enable compression (gzip/brotli) to improve performance