Open
Cached
·
just now
33
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=10886400; includeSubdomains
Content-Security-Policy
Basic
child-src; connect-src; default-src; +9 more
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com wss://ws.airbnb.de https://netverify.com https://*.netverify.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net https:; frame-src * https://*.cardinalcommerce.com; img-src 'self' https: data: https://*.mapbox.com blob:; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://ethn.io https://s.yimg.jp https://api.geetest.com https://monitor.geetest.com https://api.geevisit.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com https://songbird.cardinalcommerce.com/ https://www.recaptcha.net https://www.gstatic.cn https://airbnb-api.arkoselabs.com https://h.online-metrix.net 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-vPvbF7mM9h+nViyD8PeacaGLf/01gc9mAlxGpxiPENs=' 'sha256-CZnW0hvLQpXhjRl/rvattFn8GcIhxi8fcsCstVugtsI=' 'sha256-9jboJcALeftUTV/MuGjkJB5HDvqsPbm7/gTjfpkHiYc=' 'sha256-7iOeuhYWetmb7cQ6YkWP/dl6+42fdYNS6vYA3b9swPY=' 'sha256-dEQLydru3z2yuRGS/8VzaalU2wY48xuXdoO1zDPmT/A=' 'sha256-jhpHTyypc46kfr10/bvvFfjxyJNZcDvM0XsDAD5PJ2k=' 'sha256-sM4TCqADHMBZKYgE9fgtWACAry8C6tqaPljxMeTJ+w4=' https: 'sha256-Pcv2b119EfA2d9srQIybqpROFmUDvU4clVboyA7fdMc=' 'sha256-5Tl1cMvpowm216MNWitZcm6dh1Ufik1QFyA6KadNiAY=' 'sha256-rvARxjbuUxilxb9RkOEv8RtqGIsmGYKyxv2IIH4MsrA=' 'sha256-hlaumtWL6YXbATpvURLyKaWUWs/apEDvcs19lYsGwsU=' 'sha256-I3KSOxEd7FNCSiwgo9cLSb5NZ6prRmGwGuPQ9oUimoM=' 'sha256-QrtzfXzemhvC/0Mz4p5MTgyHZ11cOMx/iKBQ2QfQoYU=' 'sha256-7+uU2shyspIWHc+TA7HvywyRY0VtX6z6gJTXzxUAW2Q=' 'sha256-RAgBnM0wf+EU6GLC4DAwrlPlxaWbSFOv9fEZHb22Zqc=' 'sha256-q7LfTX8CemAjvalJEQZ5S+i7nuNEVbFaU6xkHvEAOeQ=' 'sha256-Hn02be8UsaO1J728ZDxGZlZGXBd85lEw3JklFYpfGPQ=' 'sha256-69KvOim8N1PE+6rP6TRe0P6GgFBZdTuNV9Lrr9y8KMc=' 'sha256-AcTLk9SPBTCpOP4TyHDG+Id7/GS/5o3fNLVi6oMU5NM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com https://*.klarnacdn.net blob: https://vdata.amap.com https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://includes.ccdc02.com https://includestest.ccdc02.com https://client-api.arkoselabs.com https://cdn.plaid.com/link/v2/stable/link-initialize.js https://js.stripe.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://pagead2.googlesyndication.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self' https: blob:; report-uri /tracking/csp?controller=core-guest-loop&action=%2Frooms%2F1037689018040470434&req_uuid=86e7c4fe-04f6-4071-6369-9582f6179026&version=sha%3D4bb29af6551a&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2Frooms%2F1037689018040470434&req_uuid=86e7c4fe-04f6-4071-6369-9582f6179026&version=sha%3D4bb29af6551a&report_only=false
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Caching Headers
2 headers
Cache-Control
Caching
no-store, max-age=0, private, must-revalidate
Expires
Caching
Thu, 01 Jan 1970 00:00:00 GMT
Content Headers
1 headers
Content-Type
Content
text/html;charset=utf-8
Server Headers
1 headers
Server
Server
nginx
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
ak_bmsc=6C98FBDFDCE02FF03B4582966CC65DB5~000000000000000000000000000000~YAAQksgwF5gBaPKaAQAAcJXk9x5LGd52raDtMlDJ65/g43x26IozsiU0SbjT9AShAriZ1EUrr+KAEciCgxWt4ntDCuk1u/QzhBUowNbPLyPxGjpgr4cnvQB2kjNR+b9E9P1kzpN1lqsJamX1OkX1ULVCf5NhXnot6gTH2PSaQtaccWVPJS3l1dAxKBAqDkxjIGI9B1gNa8Zw7TLWTnLwG+ptgDznIxi/bWNplKLNlneMKjLEn/+aO2XfGZGvfAyGBBu9+/WeVSw9YMj5TVeeZvXU7j3edFSqG9opa19GZx6xbwUf6Ds+SPnhW7pI6jWfDG/2ViMjz0+uliJFfBIk7nck2Yzx3/ZmPv3v; Domain=.airbnb.de; Path=/; Expires=Sun, 07 Dec 2025 10:19:03 GMT; Max-Age=7199; HttpOnly
Other Headers
21 headers
Accept-Ch
Other
Sec-CH-Device-Memory, Sec-CH-DPR, ECT, Sec-CH-UA-Platform-Version, Sec-CH-Viewport-Width, Sec-CH-Device-Memory, Sec-CH-DPR, ECT, Sec-CH-UA-Platform-Version, Sec-CH-Viewport-Width
Accept-Ch-Lifetime
Other
31536000
Akamai-Request-Bc
Other
[a=23.48.200.146,b=478187811,c=g,n=US_VA_ASHBURN,o=20940],[c=c,n=US_VA_STERLING,o=20940],[a=217,c=o]
Alt-Svc
Other
h3=":443"; ma=93600
Cachestatus
Other
on
Date
Other
Sun, 07 Dec 2025 08:19:04 GMT
Link
Other
<https://a0.muscache.com/airbnb/static/packages/web/common/frontend/core-guest-loop/apps/core-guest-spa/client.e00b35c126.css>;rel=preload;as=style;crossorigin=anonymous;media=print,<https://a0.muscache.com/airbnb/static/airbnb-dls-web/build/fonts/cereal-variable/AirbnbCerealVF_W_Wght.8816d9e5c3b6a860636193e36b6ac4e4.woff2>;rel=preload;as=font;type=font/woff2;crossorigin=anonymous,<https://a0.muscache.com/airbnb>;rel=preconnect;crossorigin=anonymous
Origin-Trial
Other
AkOekvxwprBLSP7I2nhyRn5yZGt9lTJN6UIYziFKVYg5OhlzmlNDciWbBWkEQ5TYPz+aqsuIUT2pPEjPUD5dFAsAAABneyJvcmlnaW4iOiJodHRwczovL2FpcmJuYi5jb206NDQzIiwiZmVhdHVyZSI6IlByaW9yaXR5SGludHNBUEkiLCJleHBpcnkiOjE2NDc5OTM1OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
Server-Timing
Other
cdn-cache; desc=MISS, edge; dur=28, origin; dur=80
Status
Other
200 OK
X-Airbnb-Everest-Device-Id
Other
1765095543.EAOTY0NjM1ZWU4Yzc1NT._Y5TUUTpF5Hv4m9aAEWHGTYXhXh4EV3QeqZ3K0O7dTo
X-Airbnb-Internal-Trace-Id
Other
8u_C5AEwbkfP0IG1P__OLg==
X-Airbnb-Kraken-Flush-Body
Other
1
X-Airbnb-Sureride
Other
c1a1o.0.92c83017.1765095543.1c809123%%i1c1o%%t1d1o.8u_C5AEwbkfP0IG1P__OLg==%%h1
X-Browser-Type
Other
unknown
X-Envoy-Upstream-Service-Time
Other
75
X-Erf-Bev-Bev
Other
1765095543_EAZTg1YjBhNTg3Yz
X-Erf-Bev-Bev-Is-Generated
Other
1
X-Instrumentation
Other
airbnb
X-Kraken-Loop-Name
Other
core-guest-loop
X-Server-Lifecycle-Phase
Other
running
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 1623ms