HTTP Headers Analysis for https://myob.lithium.com

Detected Technologies from Headers

See all in URL Inspect 2

Apache

AWS CloudFront

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Add Content-Security-Policy header to prevent XSS attacks
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

Accept-Encoding

connection: close
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

private, no-cache, no-store, max-age=0, must-revalidate

Etag

Caching

"5dlg6dyeu696ge"

cache-control: private, no-cache, no-store, max-age=0, must-revalidate
etag: "5dlg6dyeu696ge"

Content Headers

Content-Length

Content

428292

Content-Type

Content

text/html; charset=utf-8

content-length: 428292
content-type: text/html; charset=utf-8

Server Headers

Server

Apache

server: Apache

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: AWSALB=JfcGpFuqOWbzqeM2HU0Q1nSC2gSrHOIVlupUc7v2tfIrI/HMFFOhbl8Ru7S6tiNZaju3PIqYf4gs1k51F1m6J2a5VyILhIX6cBpejNz1H+C/A6edXgCN0dOzpa3/; Expires=Sat, 18 Apr 2026 20:57:12 GMT; Path=/
AWSALBCORS=JfcGpFuqOWbzqeM2HU0Q1nSC2gSrHOIVlupUc7v2tfIrI/HMFFOhbl8Ru7S6tiNZaju3PIqYf4gs1k51F1m6J2a5VyILhIX6cBpejNz1H+C/A6edXgCN0dOzpa3/; Expires=Sat, 18 Apr 2026 20:57:12 GMT; Path=/; SameSite=None; Secure
LiSESSIONID=6B71EDB5698DFA198D8D710BEFDED588; Path=/; Secure; HttpOnly;SameSite=None;SameSite=None
LithiumVisitor=~20KcfAVre9nikbZmh~P27RAdUpQIZEEtooT5ebhDpx_R3wBLmXcmGWwMW4f0lHFB7CdvDhjTGWAhSR5B65YdVld6BUFQGYkVy2CmsS9A..; Path=/; HttpOnly; Max-Age=15780000; Secure; SameSite=None
LithiumTimezonePreferences=US%2FPacific; Path=/; Expires=Sun, 12 Apr 2026 20:57:12 GMT; SameSite=Lax
csrf-aurora=f265c249a10b2c0aeafebdfad1415b57368655e9552db7878d17300d7fec610a368dc844a0cf3dba1e4b7bddf94d833d820dac75fa847623357f8fb091133e80%7C80d891a1f22f1fcba590ffe012065d8cce94b5bae0033103770423ee9966d1fc; Path=/; HttpOnly; Secure; SameSite=Strict

Other Headers

Date

Other

Sat, 11 Apr 2026 20:57:13 GMT

Via

Other

1.1 e192a0c00645fc183da32770a14cec54.cloudfront.net (CloudFront)

X-Amz-Cf-Id

Other

xORRxE8XibRVo3J9bUA2oXi58ke9oJKPOVO8cAdfQXXUkNJZi_EEog==

X-Amz-Cf-Pop

Other

IAD61-P11

X-Cache

Other

Miss from cloudfront

X-Dns-Prefetch-Control

Other

off

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

date: Sat, 11 Apr 2026 20:57:13 GMT
via: 1.1 e192a0c00645fc183da32770a14cec54.cloudfront.net (CloudFront)
x-amz-cf-id: xORRxE8XibRVo3J9bUA2oXi58ke9oJKPOVO8cAdfQXXUkNJZi_EEog==
x-amz-cf-pop: IAD61-P11
x-cache: Miss from cloudfront
x-dns-prefetch-control: off
x-download-options: noopen
x-permitted-cross-domain-policies: none

Recommendations

Enable compression (gzip/brotli) to improve performance