HTTP Headers Analysis for https://quickbookscanary.intuit.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

1 headers

Connection

Performance

close

Caching Headers

3 headers

Cache-Control

Caching

max-age=0, no-cache

Expires

Caching

Mon, 19 Jan 2026 05:56:17 GMT

Pragma

Caching

no-cache

Content Headers

2 headers

Content-Length

Content

243

Content-Type

Content

application/xml

Server Headers

1 headers

Server

AmazonS3

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

AKES_GEO=US~VA; path=/; domain=.intuit.com; secure

Other Headers

10 headers

Akamai-Grn

Other

0.47643717.1768802176.f9d04e69

Date

Other

Mon, 19 Jan 2026 05:56:17 GMT

Server-Timing

Other

ak_p; desc="1768802176838_389506119_4191178345_28597_7309_1_5_-";dur=1

X-Amz-Cf-Id

Other

ST7EJNu7gGFwvwJQ6p4tqSIJcmKUSHfbksSnlwbP3GsTlwykKRgKRA==

X-Amz-Cf-Pop

Other

ATL56-P2

X-Amz-Id-2

Other

LDp3SE6xvCvG9ZxHZlzwpRJLytpkTfrMaIKl9tPjDlBcrP8KDI/ktwMm/F9cIe1odGZ+t0g7cs0=

X-Amz-Request-Id

Other

YSH7WH7DEB8JBH19

X-Content-Type

Other

nosniff

X-Org

Other

CANARY_WP_OICMS_US_HP

X-Permitted-Cross-Domain-Policies

Other

"master-only"

Recommendations

Enable compression (gzip/brotli) to improve performance