Open
Cached
·
just now
33
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=10886400; includeSubdomains
Content-Security-Policy
Basic
child-src; connect-src; default-src; +9 more
child-src blob:; connect-src 'self' https: wss://ws.airbnb.com wss://ws.airbnb.de https://netverify.com https://*.netverify.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net https:; frame-src * https://*.cardinalcommerce.com; img-src 'self' https: data: https://*.mapbox.com blob:; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://ethn.io https://s.yimg.jp https://api.geetest.com https://monitor.geetest.com https://api.geevisit.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com https://songbird.cardinalcommerce.com/ https://www.recaptcha.net https://www.gstatic.cn https://airbnb-api.arkoselabs.com https://h.online-metrix.net 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-vPvbF7mM9h+nViyD8PeacaGLf/01gc9mAlxGpxiPENs=' 'sha256-CZnW0hvLQpXhjRl/rvattFn8GcIhxi8fcsCstVugtsI=' 'sha256-9jboJcALeftUTV/MuGjkJB5HDvqsPbm7/gTjfpkHiYc=' 'sha256-7iOeuhYWetmb7cQ6YkWP/dl6+42fdYNS6vYA3b9swPY=' 'sha256-dEQLydru3z2yuRGS/8VzaalU2wY48xuXdoO1zDPmT/A=' 'sha256-jhpHTyypc46kfr10/bvvFfjxyJNZcDvM0XsDAD5PJ2k=' 'sha256-sM4TCqADHMBZKYgE9fgtWACAry8C6tqaPljxMeTJ+w4=' https: 'sha256-5Tl1cMvpowm216MNWitZcm6dh1Ufik1QFyA6KadNiAY=' 'sha256-rvARxjbuUxilxb9RkOEv8RtqGIsmGYKyxv2IIH4MsrA=' 'sha256-hlaumtWL6YXbATpvURLyKaWUWs/apEDvcs19lYsGwsU=' 'sha256-I3KSOxEd7FNCSiwgo9cLSb5NZ6prRmGwGuPQ9oUimoM=' 'sha256-QrtzfXzemhvC/0Mz4p5MTgyHZ11cOMx/iKBQ2QfQoYU=' 'sha256-7+uU2shyspIWHc+TA7HvywyRY0VtX6z6gJTXzxUAW2Q=' 'sha256-RAgBnM0wf+EU6GLC4DAwrlPlxaWbSFOv9fEZHb22Zqc=' 'sha256-q7LfTX8CemAjvalJEQZ5S+i7nuNEVbFaU6xkHvEAOeQ=' 'sha256-Hn02be8UsaO1J728ZDxGZlZGXBd85lEw3JklFYpfGPQ=' 'sha256-69KvOim8N1PE+6rP6TRe0P6GgFBZdTuNV9Lrr9y8KMc=' 'sha256-AcTLk9SPBTCpOP4TyHDG+Id7/GS/5o3fNLVi6oMU5NM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com https://*.klarnacdn.net blob: https://vdata.amap.com https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://includes.ccdc02.com https://includestest.ccdc02.com https://client-api.arkoselabs.com https://cdn.plaid.com/link/v2/stable/link-initialize.js https://js.stripe.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://pagead2.googlesyndication.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self' https: blob:; report-uri /tracking/csp?controller=core-guest-loop&action=%2Frooms%2F1037689018040470434&req_uuid=e5cc35e0-9349-4d80-9c3b-ed7563a88240&version=sha%3Dc091d80e1668&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2Frooms%2F1037689018040470434&req_uuid=e5cc35e0-9349-4d80-9c3b-ed7563a88240&version=sha%3Dc091d80e1668&report_only=false
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Caching Headers
2 headers
Cache-Control
Caching
no-store, max-age=0, private, must-revalidate
Expires
Caching
Thu, 01 Jan 1970 00:00:00 GMT
Content Headers
1 headers
Content-Type
Content
text/html;charset=utf-8
Server Headers
1 headers
Server
Server
nginx
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
ak_bmsc=3CB57BDEA3518B4ABD267E35B9823185~000000000000000000000000000000~YAAQC2rcF46S36maAQAALzYszh0KkInwN3gid3OsH8L83HUG3Qa1biR9IoKHW9nAbOFlyVSFy7E6Zq/dVaejoxi3if/uZ2hyEttjhw6Fm5GosLgXFQpe8hplf7L4/eZKZdllXVVtBU48VV0m+mTmYPuo1hXNvt4aZGkK614jE27bOfKfUSZrl+kUTqjBK+Nc7p8c4soZY9Fvy/l2PI1Qbnv8P7S1rhEvncO4qArbJ9kMSt94jY5xrLWW3S4iaomT6CDBdHDvJAf51VMSRSHmjzvJFJl9N9MG/mfdBeqObX7xlbHzlUPGfA5EpsCSEaftY3IOTGjhhRlC0+q1e+JalpmuuXIclM9nOjPB; Domain=.airbnb.de; Path=/; Expires=Sat, 29 Nov 2025 07:53:14 GMT; Max-Age=7199; HttpOnly
Other Headers
21 headers
Accept-Ch
Other
Sec-CH-Device-Memory, Sec-CH-DPR, ECT, Sec-CH-UA-Platform-Version, Sec-CH-Viewport-Width, Sec-CH-Device-Memory, Sec-CH-DPR, ECT, Sec-CH-UA-Platform-Version, Sec-CH-Viewport-Width
Accept-Ch-Lifetime
Other
31536000
Akamai-Request-Bc
Other
[a=23.220.106.11,b=1635656567,c=g,n=US_VA_ASHBURN,o=20940],[c=c,n=US_VA_STERLING,o=20940],[a=217,c=o]
Alt-Svc
Other
h3=":443"; ma=93600
Cachestatus
Other
on
Date
Other
Sat, 29 Nov 2025 05:53:15 GMT
Link
Other
<https://a0.muscache.com/airbnb/static/packages/web/common/frontend/core-guest-loop/apps/core-guest-spa/client.1a121a9b2a.css>;rel=preload;as=style;crossorigin=anonymous;media=print,<https://a0.muscache.com/airbnb/static/airbnb-dls-web/build/fonts/cereal-variable/AirbnbCerealVF_W_Wght.2d9d32865ef1262644c455b3ead871e9.woff2>;rel=preload;as=font;type=font/woff2;crossorigin=anonymous,<https://a0.muscache.com/airbnb>;rel=preconnect;crossorigin=anonymous
Origin-Trial
Other
AkOekvxwprBLSP7I2nhyRn5yZGt9lTJN6UIYziFKVYg5OhlzmlNDciWbBWkEQ5TYPz+aqsuIUT2pPEjPUD5dFAsAAABneyJvcmlnaW4iOiJodHRwczovL2FpcmJuYi5jb206NDQzIiwiZmVhdHVyZSI6IlByaW9yaXR5SGludHNBUEkiLCJleHBpcnkiOjE2NDc5OTM1OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
Server-Timing
Other
cdn-cache; desc=MISS, edge; dur=38, origin; dur=112
Status
Other
200 OK
X-Airbnb-Everest-Device-Id
Other
1764395594.EAZjA0NTVkNTJkNzZkNj.9jCJ4bM3Hjygrvf22VlYPhf2JfLk1pofp-e7LaT2zYw
X-Airbnb-Internal-Trace-Id
Other
lGbpB9QO491PBxyWEmeHtw==
X-Airbnb-Kraken-Flush-Body
Other
1
X-Airbnb-Sureride
Other
c1a1o.0.0b6adc17.1764395594.617e2377%%i1c1o%%t1d1o.lGbpB9QO491PBxyWEmeHtw==%%h1
X-Browser-Type
Other
unknown
X-Envoy-Upstream-Service-Time
Other
107
X-Erf-Bev-Bev
Other
1764395594_EAYjk5YWNiYmMxYz
X-Erf-Bev-Bev-Is-Generated
Other
1
X-Instrumentation
Other
airbnb
X-Kraken-Loop-Name
Other
core-guest-loop
X-Server-Lifecycle-Phase
Other
running
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 1128ms