HTTP Headers Analysis for https://a2.mzstatic.com

Detected Technologies from Headers

See all in URL Inspect 1

Akamai

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

max-age=0, no-cache

Expires

Caching

Sat, 28 Mar 2026 01:03:24 GMT

Pragma

Caching

no-cache

cache-control: max-age=0, no-cache
expires: Sat, 28 Mar 2026 01:03:24 GMT
pragma: no-cache

Content Headers

Content-Length

Content

117

Content-Type

Content

application/json

content-length: 117
content-type: application/json

Server Headers

Server

daiquiri/5

server: daiquiri/5

CORS Headers

Access-Control-Allow-Credentials

Cors

false

Access-Control-Allow-Headers

Cors

range

Access-Control-Allow-Methods

Cors

HEAD, GET, PUT

Access-Control-Allow-Origin

Cors

*

Access-Control-Expose-Headers

Cors

*

Access-Control-Max-Age

Cors

3000

access-control-allow-credentials: false
access-control-allow-headers: range
access-control-allow-methods: HEAD, GET, PUT
access-control-allow-origin: *
access-control-expose-headers: *
access-control-max-age: 3000

Cookies Headers

No cookies headers found

Other Headers

Apple-Asset-Repo-Auth-Info

Other

user-id=applecdn-amp-assets

Apple-Originating-System

Other

ar-resolver-origin

Apple-Seq

Other

0.0

Apple-Tk

Other

false

B3

Other

764782d0d796c1043480d6192901ee8e-96e2b700baaab477

Cdnuuid

Other

f13bf312-9ee6-4dfc-b3be-9a365b2c4309-1853813796

Date

Other

Sat, 28 Mar 2026 01:03:24 GMT

X-Apple-Jingle-Correlation-Key

Other

OZDYFUGXS3AQINEA2YMSSAPORY

X-Apple-Request-Uuid

Other

764782d0-d796-c104-3480-d6192901ee8e

X-B3-Parentspanid

Other

94101ff152d66f3b

X-B3-Spanid

Other

96e2b700baaab477

X-B3-Traceid

Other

63b3c1333150c309

X-Cache

Other

TCP_MISS from a23-48-98-196.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-e0e8e110f8cd22f17826d6ac7409b8da) (-)

X-Cache-Remote

Other

TCP_MISS from a23-32-44-65.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-cf5672731e69c345796af56199edfb50) (-)

X-Daiquiri-Debug-Worker-Pid

Other

8434

X-Daiquiri-Instance

Other

daiquiri:31394003:pv50p00it-hyhk12034001:7987:26RELEASE56:daiquiri-amp-dsce-apps-int-001-pv

apple-asset-repo-auth-info: user-id=applecdn-amp-assets
apple-originating-system: ar-resolver-origin
apple-seq: 0.0
apple-tk: false
b3: 764782d0d796c1043480d6192901ee8e-96e2b700baaab477
cdnuuid: f13bf312-9ee6-4dfc-b3be-9a365b2c4309-1853813796
date: Sat, 28 Mar 2026 01:03:24 GMT
x-apple-jingle-correlation-key: OZDYFUGXS3AQINEA2YMSSAPORY
x-apple-request-uuid: 764782d0-d796-c104-3480-d6192901ee8e
x-b3-parentspanid: 94101ff152d66f3b
x-b3-spanid: 96e2b700baaab477
x-b3-traceid: 63b3c1333150c309
x-cache: TCP_MISS from a23-48-98-196.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-e0e8e110f8cd22f17826d6ac7409b8da) (-)
x-cache-remote: TCP_MISS from a23-32-44-65.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-cf5672731e69c345796af56199edfb50) (-)
x-daiquiri-debug-worker-pid: 8434
x-daiquiri-instance: daiquiri:31394003:pv50p00it-hyhk12034001:7987:26RELEASE56:daiquiri-amp-dsce-apps-int-001-pv

Recommendations

Enable compression (gzip/brotli) to improve performance