Open
Cached
·
just now
26
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Caching Headers
5 headers
Cache-Control
Caching
max-age=0, no-cache, no-store
Etag
Caching
"fff9ec31c7bc2ba9fe08da82a8a3cfa4"
Expires
Caching
Mon, 12 Jan 2026 16:23:27 GMT
Last-Modified
Caching
Sun, 11 Jan 2026 08:46:16 GMT
Pragma
Caching
no-cache
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
istio-envoy
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
bm_sz=90820A8B6F2BED1EB54F1CBA1E80FFBA~YAAQiGvcF5ceGkKbAQAAyvwEsx6aGncpWUmitaWh11KGw47jnpB7r1zy73t6YGAT213BltHEhmTfqGiy6vzRi+MlsqtPt4xmWg/0Qp+ToLWRyR4feNMbLw7bqXGEVo87Xqi58PHJxr4w9hlHpp1kBy21mO8WaQc2IZ1bA5glxEZxesmsqxxe/yMQy0l9XQYARsY2oYUnvfRD0G1TtPPUlph+qrjHhbV1c/biZA/YHmwGchlJUt9RBdE42ujK+NAoEplTHottunvv6o2slf9SLstxRld50dkgB+qAg0Ng+woyq5FqazZmj/Fzk9gTbI1wXFteINex2IrCflr2551koTO0sFmDQi8nP3c5WC6v~3224375~3290932; Domain=.intuit.com; Path=/; Expires=Mon, 12 Jan 2026 20:23:27 GMT; Max-Age=14400
Other Headers
14 headers
Akamai-Grn
Other
0.886bdc17.1768235007.f8bd5457
Date
Other
Mon, 12 Jan 2026 16:23:27 GMT
Intuit_tid
Other
1-69650ad8-4842dd5261287d85595a6af3
X-Amz-Cf-Id
Other
uuGiwEVkTbktMNrSkjxsGixLnQaWia9BJMek-KH0QTEELk_B5pK8_Q==
X-Amz-Cf-Pop
Other
CMH68-P3
X-Amz-Meta-Locale
Other
en_US
X-Amz-Meta-Permalink
Other
/
X-Amz-Meta-Sitename
Other
CG_TurboTax_MKTG_US_en-US
X-Amz-Server-Side-Encryption
Other
AES256
X-Amz-Version-Id
Other
KIBsUpTBfb77qATaS3aDZ0aRcGdOqQch
X-Amzn-Trace-Id
Other
Root=1-69650ad8-4842dd5261287d85595a6af3
X-Envoy-Upstream-Service-Time
Other
75
X-Request-Id
Other
1-69650ad8-4842dd5261287d85595a6af3
X-Spanid
Other
9fd4bbfd-d8c7-0848-a21e-41e42355a2fc
Recommendations
Enable compression (gzip/brotli) to improve performance