HTTP Headers Analysis for https://reporting.xero.com

Detected Technologies from Headers

See all in URL Inspect 11

Akamai

Facebook

Google Analytics

Google DoubleClick

Google Fonts

Google Search

Google Tag Manager

LaunchDarkly

Mixpanel

New Relic

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Good

default-src; frame-ancestors; script-src; +3 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Strengthen CSP by removing 'unsafe-eval'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

no-cache, no-store

Pragma

Caching

no-cache

cache-control: no-cache, no-store
pragma: no-cache

Content Headers

Content-Length

Content

40013

Content-Type

Content

text/html; charset=utf-8

content-length: 40013
content-type: text/html; charset=utf-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

Device 99ef70c9-abbc-48cd-ad07-3110ce6854dd

path=/ domain=.xero.com samesite=none secure httponly expires=4y

.AspNetCore.Antiforgery.C9aXng5w_sY CfDJ8MW7anmhPGpJpg9t0dJ4fkRDjhb7a0cPqXJPy2kvytYCJWYOmwmVdtV5k8IsNB7IlHZ4k6JaqOAs2fXatg9kcIxEqynrCbCKXXFJ9dEi7x74J2PZpx55qN7Lz39wO8StbnD9e8vU1P_r0ole7ywtpHk

path=/identity samesite=strict httponly

_abck B532C977178E2C0C729AAEE447CB4EFF~-1~YAAQ1mncF91gQvudAQAAFILsCw8NhXs5amrdW1h+D5E1qBNzydEQLbJARYNv7D8nLoIw40BQuvblRsQiomkNc/wFxy7NfWCQSF3Nfs/6NY2BrKQ5kT+zDASjNxtjSeHSS3yG2XPzQt8dR1djAVvHjQtbZpWG8JlGkm9unmC+i/DpYrgTA8LcayqRV5tdQUzra5yWuqiQC64P0hlP0j5XaWczSqnXABDm18szArkSRURoBtXggaJiDjYNyiUgs+jr+ego3U3ufsFPbD2+JNnJmBiItZAHguWosLcdE+nYaGnn8Hot18mdkg3kYYu0HP2JOdkUjNbSzkcC7MjJcMvQmBLnHD58Cvg1zWIsAEEqpD7ZXLe+Ce7hy7x33Wc7KD9R18layDRvh/3268QZ73eZP/3knep7Twnjh9i8dFZ5nfYF5WzJgHqO4YfELhPNau3/VpES~-1~-1~-1~-1~-1

Path=/ Domain=.xero.com SameSite=None Secure Max-Age=52w Expires=52w

bm_sz BA4E6DD2F1C76DEE9E3AEF85255146A4~YAAQ1mncF95gQvudAQAAFYLsCx8SjH5F6lusuVPvURqYopLJuNQqKcRJuWd6qNI0MLICp6RnoFgpack/TTIUMFe8QFIbEdDrEuI6AuUZUhOk3g6A8P14a04/tS9VK08DZrrH3jlCDHOIP/CUKTuvDxLw7KX7sRsp73J9juyZDrj64DgUApDrX85Rh84qUFeBPO7u800tZ8UrlTUyD+doqYQ6ZZA27NKr/QAI7fDoOdlAE0tOo1/T7VSP+7qqxqdlJhiRsCLq/YAaI9dOg2SwO12NjYMzMOuey7DEMM4im0fiF64rCBZq36oqxLUbKMKnYRhw4/g8QNSfBFxJYKEQP5a3taaMLu4Y9UeECMA=~3294020~4605250

Path=/ Domain=.xero.com SameSite=None Secure Max-Age=4h Expires=4h

set-cookie: Device=99ef70c9-abbc-48cd-ad07-3110ce6854dd; expires=Fri, 09 May 2031 08:48:29 GMT; domain=.xero.com; path=/; secure; samesite=none; httponly
.AspNetCore.Antiforgery.C9aXng5w_sY=CfDJ8MW7anmhPGpJpg9t0dJ4fkRDjhb7a0cPqXJPy2kvytYCJWYOmwmVdtV5k8IsNB7IlHZ4k6JaqOAs2fXatg9kcIxEqynrCbCKXXFJ9dEi7x74J2PZpx55qN7Lz39wO8StbnD9e8vU1P_r0ole7ywtpHk; path=/identity; samesite=strict; httponly
_abck=B532C977178E2C0C729AAEE447CB4EFF~-1~YAAQ1mncF91gQvudAQAAFILsCw8NhXs5amrdW1h+D5E1qBNzydEQLbJARYNv7D8nLoIw40BQuvblRsQiomkNc/wFxy7NfWCQSF3Nfs/6NY2BrKQ5kT+zDASjNxtjSeHSS3yG2XPzQt8dR1djAVvHjQtbZpWG8JlGkm9unmC+i/DpYrgTA8LcayqRV5tdQUzra5yWuqiQC64P0hlP0j5XaWczSqnXABDm18szArkSRURoBtXggaJiDjYNyiUgs+jr+ego3U3ufsFPbD2+JNnJmBiItZAHguWosLcdE+nYaGnn8Hot18mdkg3kYYu0HP2JOdkUjNbSzkcC7MjJcMvQmBLnHD58Cvg1zWIsAEEqpD7ZXLe+Ce7hy7x33Wc7KD9R18layDRvh/3268QZ73eZP/3knep7Twnjh9i8dFZ5nfYF5WzJgHqO4YfELhPNau3/VpES~-1~-1~-1~-1~-1; Domain=.xero.com; Path=/; Expires=Sun, 09 May 2027 08:48:29 GMT; Max-Age=31536000; SameSite=None; Secure
bm_sz=BA4E6DD2F1C76DEE9E3AEF85255146A4~YAAQ1mncF95gQvudAQAAFYLsCx8SjH5F6lusuVPvURqYopLJuNQqKcRJuWd6qNI0MLICp6RnoFgpack/TTIUMFe8QFIbEdDrEuI6AuUZUhOk3g6A8P14a04/tS9VK08DZrrH3jlCDHOIP/CUKTuvDxLw7KX7sRsp73J9juyZDrj64DgUApDrX85Rh84qUFeBPO7u800tZ8UrlTUyD+doqYQ6ZZA27NKr/QAI7fDoOdlAE0tOo1/T7VSP+7qqxqdlJhiRsCLq/YAaI9dOg2SwO12NjYMzMOuey7DEMM4im0fiF64rCBZq36oqxLUbKMKnYRhw4/g8QNSfBFxJYKEQP5a3taaMLu4Y9UeECMA=~3294020~4605250; Domain=.xero.com; Path=/; Expires=Sat, 09 May 2026 12:48:29 GMT; Max-Age=14400; SameSite=None; Secure

Other Headers

Akamai-Grn

Other

0.d669dc17.1778316509.1f75f45f

Date

Other

Sat, 09 May 2026 08:48:29 GMT

X-Akamai-Transformed

Other

0 - 0 -

X-Client-Ip

Other

57730

Xero-Activity-Id

Other

2876309648be46d88ada14a248b0216b

Xero-Causation-Id

Other

d686d1596e1e4c5fb87b02f2a7c5f80d

Xero-Correlation-Id

Other

2c5a35a2b52b40c9aaaf0098c744e39a

Xero-Message-Id

Other

ad87ffeb86c44a4cb10baa830b718b4c

Xero-Origin-Id

Other

IdentityServer.Web

akamai-grn: 0.d669dc17.1778316509.1f75f45f
date: Sat, 09 May 2026 08:48:29 GMT
x-akamai-transformed: 0 - 0 -
x-client-ip: 57730
xero-activity-id: 2876309648be46d88ada14a248b0216b
xero-causation-id: d686d1596e1e4c5fb87b02f2a7c5f80d
xero-correlation-id: 2c5a35a2b52b40c9aaaf0098c744e39a
xero-message-id: ad87ffeb86c44a4cb10baa830b718b4c
xero-origin-id: IdentityServer.Web

Recommendations

Enable compression (gzip/brotli) to improve performance