HTTP Headers Analysis for https://practicestudiohelp.xero.com

Detected Technologies from Headers

See all in URL Inspect 1

Akamai

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=63072000; includeSubDomains

Content-Security-Policy

Weak

frame-ancestors; report-uri Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close, Transfer-Encoding

Transfer-Encoding

Performance

chunked

connection: close, Transfer-Encoding
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

max-age=0,must-revalidate,private

Etag

Caching

"D47E21134A6A4AFC506AE93A769E33E4--gzip"

cache-control: max-age=0,must-revalidate,private
etag: "D47E21134A6A4AFC506AE93A769E33E4--gzip"

Content Headers

Content-Language

Content

en-US

Content-Type

Content

text/html; charset=utf-8

content-language: en-US
content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: CookieConsentPolicy=0:1; path=/; expires=Sat, 08-May-2027 18:55:12 GMT; Max-Age=31536000; secure
LSKey-c$CookieConsentPolicy=0:1; path=/; expires=Sat, 08-May-2027 18:55:12 GMT; Max-Age=31536000; secure
XCREGION=US; path=/; secure
_abck=0E8373301CE0FB78A45E792823BCA34B~-1~YAAQqcgwF2JGY/WdAQAAO5vxCA+FmGFP5HWhKXC8FRSJkk9QA2aTtBAMzwxpqOF2NJHFBVY66LcCB60s5AUGl1ducpMzhI5CErDUcLP8MJ7Qp+CR6P0ctz9O0atakhEaUv7qlwMqVrevbJokNN4159rib63nARjC7IfCb7dGzToiR0I5Pr3HfuZdlkO4g+PvX/49t2OGbP7UZ5OzzLGHs3L5XeedaqreLaEb8Oprp3G+rOgzmPgCpRlADZYy/4higlb6p18gfcGVdUTRs150taEFaNFmtge0unGg4rRsjzcPgxmbZ7wvfMNImTMq5I/PJ94ZfHzfuTA12E6HhhrUEYDiYQznhQO2spZF65v2DsP6yr5M354+LqY8B/Im6LEmaybklTxFmCgqJ7miRebXXY1Gxaeu48GudL6uFvCPMq/Um5dyYt9QBY/EnwXsWighOu69~-1~-1~-1~-1~-1; Domain=.xero.com; Path=/; Expires=Sat, 08 May 2027 18:55:12 GMT; Max-Age=31536000; SameSite=None; Secure
bm_sz=C7844788E7E91F163D4D32A610D42769~YAAQqcgwF2NGY/WdAQAAO5vxCB9PzF+bvcYEKFu3gMOGh8VlzEd2Y4/NUrxzje0JyGbNU67jro54teYlf2Al2t1WfiGUoDVQCa1acJ42QoDNt59VYqwEBqDzuQW2O4D1Quw7bk6ysp8D06nsghhgtV/u8nzby+BDHPR7YexNxzVTu1UdKL/k2jCNyLBtzxLCISK7rbrOLtFf4YFpuEZkcX2lvLqP51xAiyJ5gzRhyeBSYIFJg+esSGLsHlvCConUycdTz6LQwaLi1HKIM+zt+erjNtcbFnjbvkN2EhuR9fhF13WqLum9SQcjOj8EwUB3R4XR5hqPK41Xor60oXJZ5HW/zIIkM+M8lI2J/A==~3291449~3490627; Domain=.xero.com; Path=/; Expires=Fri, 08 May 2026 22:55:12 GMT; Max-Age=14400; SameSite=None; Secure

Other Headers

Date

Other

Fri, 08 May 2026 18:55:12 GMT

Link

Other

URL /0/webruntime/framework/1e7fb74fd8/prod/lwr_loader

rel=preload as=script nopush

URL /0/webruntime/framework/e8a9391bd2/prod/lwr_bootstrap_locker

rel=preload as=script nopush

URL /0/webruntime/framework/744f7852ef/prod/lwr_app_bootstrap_hook

rel=preload as=script nopush

URL /0/webruntime/framework/9faac7844c/prod/lwr_lwc

rel=preload as=script nopush

URL /0/webruntime/framework/1e7fb74fd8/prod/lwr_loader

rel=preload as=script nopush

URL /0/webruntime/framework/e8a9391bd2/prod/lwr_bootstrap_locker

rel=preload as=script nopush

URL /0/webruntime/framework/744f7852ef/prod/lwr_app_bootstrap_hook

rel=preload as=script nopush

URL /0/webruntime/framework/9faac7844c/prod/lwr_lwc

rel=preload as=script nopush

URL /0/webruntime/framework/267c7bc833/prod/lwr_app

rel=preload as=script nopush

URL /0/webruntime/view/854336eb4092ce73f89d05336ac1155d/prod/en-US/home_view