HTTP Headers Analysis for https://queries.xero.com

Detected Technologies from Headers

See all in URL Inspect 11

Akamai

Facebook

Google Analytics

Google DoubleClick

Google Fonts

Google Search

Google Tag Manager

LaunchDarkly

Mixpanel

New Relic

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Good

default-src; frame-ancestors; script-src; +3 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Strengthen CSP by removing 'unsafe-eval'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

no-cache, no-store

Pragma

Caching

no-cache

cache-control: no-cache, no-store
pragma: no-cache

Content Headers

Content-Length

Content

40101

Content-Type

Content

text/html; charset=utf-8

content-length: 40101
content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

Device fa8c72bb-78a9-4807-a123-8201642fd425

path=/ domain=.xero.com samesite=none secure httponly expires=4y

.AspNetCore.Antiforgery.C9aXng5w_sY CfDJ8MW7anmhPGpJpg9t0dJ4fkR6yA14oPH1fpFEa2vYjrGOEY938Uh_tFDnR9gTWuIxDZtWzQ4XzZbpZkqc_B8GEDUJ0LBXV4F3JjHEHB80fIQY5f1-ooCpW4Rl4ONZ7NujGqvKmSHFTatjhMDpfMuyPZc

path=/identity samesite=strict httponly

_abck DFADF4DDFEDB0802D0A68EF3DA63396B~-1~YAAQzWncF6U75vedAQAA8stMCw8yB7K+vluwinacUn07czEOyO2syE9bItx/bhzv/6Apg2kusMYy6xBLN09Iv+OSE6MiH0R0Yehujtg5H+oYGvYvXbLtTd0fbyxo5ahaBoMaQkKi1wqEOuWxg6emb5PRjOqBfDchuKqttLM1GCqbns2rKTomoAyeQi0LzM+P4qz5lm2dQk3N407ZCyIE2y+pJwzBizAQP8TmSiPb7hLlWEBbrdHFlDrb93+W3I72/bHZJvgFDtb9aYmvhip693MwtthyAaoSq4ocZOuL+SqmwtTwBHMYbB/4rOFJlgCHNnycnZcqPuevveX8OiMnjzhv33XyA7etjTusppkL/OJ0IzVbgXjmZ9rf7OjrIasi5J+3etXFiF9nSHJsHPTV6/ax0z5SIOoLWL/YJRO1lKgPyD1YjatcSa5jOsxpE7gSrNj3~-1~-1~-1~-1~-1

Path=/ Domain=.xero.com SameSite=None Secure Max-Age=52w Expires=52w

bm_sz 84BB7A3AF75E8591B8314F089E0B1E0B~YAAQzWncF6Y75vedAQAA8stMCx8jRiLephgf0zEo/mOZeuityYEukjOt8gumxoUe+JNusOaAoV4vfGLa12sCKjgRgYq+aS9p+RIg2qcMFkEiFQtTZ0JUQCb/pQLnldRF86w18i2w26KaLgehKcn1u0CA/taqu8gtC4Q4QKDNchPFVSLbPBRDn421V+wKd0Hit8jRVmnStVCsqo0FGdr6dqdsSlWcTqOVv3a4Iu5cIOlSp03vONL0z5FnqCInxzJsCpZpjGkY0/llptonyOrb9d0bCA8iCLLRal5xa2/7TALtd/K+NQSQmLKvrl3YZPwHtG2Dqr4P2WPqUN55IZSt2FZr4bX1+GhegOpusQ==~4535618~3683125

Path=/ Domain=.xero.com SameSite=None Secure Max-Age=4h Expires=4h

set-cookie: Device=fa8c72bb-78a9-4807-a123-8201642fd425; expires=Fri, 09 May 2031 05:54:02 GMT; domain=.xero.com; path=/; secure; samesite=none; httponly
.AspNetCore.Antiforgery.C9aXng5w_sY=CfDJ8MW7anmhPGpJpg9t0dJ4fkR6yA14oPH1fpFEa2vYjrGOEY938Uh_tFDnR9gTWuIxDZtWzQ4XzZbpZkqc_B8GEDUJ0LBXV4F3JjHEHB80fIQY5f1-ooCpW4Rl4ONZ7NujGqvKmSHFTatjhMDpfMuyPZc; path=/identity; samesite=strict; httponly
_abck=DFADF4DDFEDB0802D0A68EF3DA63396B~-1~YAAQzWncF6U75vedAQAA8stMCw8yB7K+vluwinacUn07czEOyO2syE9bItx/bhzv/6Apg2kusMYy6xBLN09Iv+OSE6MiH0R0Yehujtg5H+oYGvYvXbLtTd0fbyxo5ahaBoMaQkKi1wqEOuWxg6emb5PRjOqBfDchuKqttLM1GCqbns2rKTomoAyeQi0LzM+P4qz5lm2dQk3N407ZCyIE2y+pJwzBizAQP8TmSiPb7hLlWEBbrdHFlDrb93+W3I72/bHZJvgFDtb9aYmvhip693MwtthyAaoSq4ocZOuL+SqmwtTwBHMYbB/4rOFJlgCHNnycnZcqPuevveX8OiMnjzhv33XyA7etjTusppkL/OJ0IzVbgXjmZ9rf7OjrIasi5J+3etXFiF9nSHJsHPTV6/ax0z5SIOoLWL/YJRO1lKgPyD1YjatcSa5jOsxpE7gSrNj3~-1~-1~-1~-1~-1; Domain=.xero.com; Path=/; Expires=Sun, 09 May 2027 05:54:02 GMT; Max-Age=31536000; SameSite=None; Secure
bm_sz=84BB7A3AF75E8591B8314F089E0B1E0B~YAAQzWncF6Y75vedAQAA8stMCx8jRiLephgf0zEo/mOZeuityYEukjOt8gumxoUe+JNusOaAoV4vfGLa12sCKjgRgYq+aS9p+RIg2qcMFkEiFQtTZ0JUQCb/pQLnldRF86w18i2w26KaLgehKcn1u0CA/taqu8gtC4Q4QKDNchPFVSLbPBRDn421V+wKd0Hit8jRVmnStVCsqo0FGdr6dqdsSlWcTqOVv3a4Iu5cIOlSp03vONL0z5FnqCInxzJsCpZpjGkY0/llptonyOrb9d0bCA8iCLLRal5xa2/7TALtd/K+NQSQmLKvrl3YZPwHtG2Dqr4P2WPqUN55IZSt2FZr4bX1+GhegOpusQ==~4535618~3683125; Domain=.xero.com; Path=/; Expires=Sat, 09 May 2026 09:54:02 GMT; Max-Age=14400; SameSite=None; Secure

Other Headers

Akamai-Grn

Other

0.cd69dc17.1778306042.2930c9c4

Date

Other

Sat, 09 May 2026 05:54:02 GMT

X-Akamai-Transformed

Other

0 - 0 -

X-Client-Ip

Other

45094

Xero-Activity-Id

Other

f083ad8167e4465faa8ada16c45dc98b

Xero-Causation-Id

Other

2813f1757fcb41e6a2489b0b74647603

Xero-Correlation-Id

Other

8d00cfb4c08b48f1b685e6905f0a9f2c

Xero-Message-Id

Other

ce5ac5d4161b47f3941c20d7abb2b1b8

Xero-Origin-Id

Other

IdentityServer.Web

akamai-grn: 0.cd69dc17.1778306042.2930c9c4
date: Sat, 09 May 2026 05:54:02 GMT
x-akamai-transformed: 0 - 0 -
x-client-ip: 45094
xero-activity-id: f083ad8167e4465faa8ada16c45dc98b
xero-causation-id: 2813f1757fcb41e6a2489b0b74647603
xero-correlation-id: 8d00cfb4c08b48f1b685e6905f0a9f2c
xero-message-id: ce5ac5d4161b47f3941c20d7abb2b1b8
xero-origin-id: IdentityServer.Web

Recommendations

Enable compression (gzip/brotli) to improve performance