HTTP Headers Analysis for https://help.xero.com

Detected Technologies from Headers

See all in URL Inspect 1

Akamai

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=63072000; includeSubDomains

Content-Security-Policy

Weak

frame-ancestors; report-uri Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close, Transfer-Encoding

Transfer-Encoding

Performance

chunked

connection: close, Transfer-Encoding
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

max-age=0,must-revalidate,private

Etag

Caching

"5E0F32EEDEFE5DB6EDE2DC13B9674AC4--gzip"

cache-control: max-age=0,must-revalidate,private
etag: "5E0F32EEDEFE5DB6EDE2DC13B9674AC4--gzip"

Content Headers

Content-Language

Content

en-US

Content-Type

Content

text/html; charset=utf-8

content-language: en-US
content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: CookieConsentPolicy=0:1; path=/; expires=Thu, 06-May-2027 08:51:13 GMT; Max-Age=31536000; secure
LSKey-c$CookieConsentPolicy=0:1; path=/; expires=Thu, 06-May-2027 08:51:13 GMT; Max-Age=31536000; secure
XCREGION=US; path=/; secure
_abck=BA93D60712AE95778F8F61894172B965~-1~YAAQUWrcFzcffOydAQAAOu57/A8/ApvXPa8K0cAD/v5gUhlc2PCn3h7rkU0GkAh+nLY2GQxnzmfnKBS8/UL7cMIkT/JMdVbETrviYE/YmFxYdctb2UmNa/1jGVfGHoWJ3PFMwFY2fp5HQ39mSTNLRQqYon0WXjJ3oYxDZLzOByibs72xySFMFLv16lVfcGIJGzhcJizZXRuOwdEZ7/CG932AQTn6IaPW7YpN55ZVNSPQdzT+0RaAQoM943HTCsgWofFh2hFLMrXzsvb2nVO6oPVZYLSBxiPYS7mmC/M7vhw012mqGKhSFm9uc47SYHBdMu+69Z9PI2eAR6+e9Fd450Xff1TkyXXfxp6zsxWaicyYzZOW5GvffC77gx1OikyW9wKvBt9+CeXbaEVReewlOdKt1P3/H2NlxtvWMWQydDydx469aeH/GI5yPcaVjkC8lKnL~-1~-1~-1~-1~-1; Domain=.xero.com; Path=/; Expires=Thu, 06 May 2027 08:51:13 GMT; Max-Age=31536000; SameSite=None; Secure
bm_sz=2F7209342433E7DEC0B752005527CE8C~YAAQUWrcFzgffOydAQAAOu57/B/0dae3xAbN9ytoq+EdoF5F4oQhzzp5/7G84p609a6vOrD5Ail/jPMenmayKekLsmJaNfUSs9u0gOyjtuSFpZ1/kSaXTfooakXKOBLBYIGDt4/XZQ+V4UuaA63DmhjonSmL/Ft5rWh1pu3wfckpR0SSdeE47mE2HFj3ukwwHfeocceRUwyZfduBx/iOb09d9MXaLxUUrLKk+r2s4V589sDsJynx8o8t8mv8jMAW/zc/iMy0CSohsSiYArpPmdMJCiQAhaS3yoQpYz6oCBjvvDVK0m6XET5oVtfMQvcYWmK+vERSQYXekPoDK5YOZto9PTqcP12omWM=~3158337~3748420; Domain=.xero.com; Path=/; Expires=Wed, 06 May 2026 12:51:13 GMT; Max-Age=14400; SameSite=None; Secure

Other Headers

Date

Other

Wed, 06 May 2026 08:51:13 GMT

Link

Other

URL /0/webruntime/framework/1e7fb74fd8/prod/lwr_loader

rel=preload as=script nopush

URL /0/webruntime/framework/e8a9391bd2/prod/lwr_bootstrap_locker

rel=preload as=script nopush

URL /0/webruntime/framework/744f7852ef/prod/lwr_app_bootstrap_hook

rel=preload as=script nopush

URL /0/webruntime/framework/9faac7844c/prod/lwr_lwc

rel=preload as=script nopush

URL /0/webruntime/framework/1e7fb74fd8/prod/lwr_loader

rel=preload as=script nopush

URL /0/webruntime/framework/e8a9391bd2/prod/lwr_bootstrap_locker

rel=preload as=script nopush

URL /0/webruntime/framework/744f7852ef/prod/lwr_app_bootstrap_hook

rel=preload as=script nopush

URL /0/webruntime/framework/9faac7844c/prod/lwr_lwc

rel=preload as=script nopush

URL /0/webruntime/framework/267c7bc833/prod/lwr_app

rel=preload as=script nopush

URL /0/webruntime/view/55d5b3fcec606f7983ad0498dcca25c2/prod/en-US/home_view