HTTP Headers Analysis for https://a4.mzstatic.com

Detected Technologies from Headers

See all in URL Inspect 1

Akamai Active incidents

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

max-age=0, no-cache

Expires

Caching

Fri, 01 May 2026 11:30:48 GMT

Pragma

Caching

no-cache

cache-control: max-age=0, no-cache
expires: Fri, 01 May 2026 11:30:48 GMT
pragma: no-cache

Content Headers

Content-Length

Content

117

Content-Type

Content

application/json

content-length: 117
content-type: application/json

Server Headers

Server

daiquiri/5

server: daiquiri/5

CORS Headers

Access-Control-Allow-Credentials

Cors

false

Access-Control-Allow-Headers

Cors

range

Access-Control-Allow-Methods

Cors

HEAD, GET, PUT

Access-Control-Allow-Origin

Cors

*

Access-Control-Expose-Headers

Cors

*

Access-Control-Max-Age

Cors

3000

access-control-allow-credentials: false
access-control-allow-headers: range
access-control-allow-methods: HEAD, GET, PUT
access-control-allow-origin: *
access-control-expose-headers: *
access-control-max-age: 3000

Cookies Headers

No cookies headers found

Other Headers

Apple-Asset-Repo-Auth-Info

Other

user-id=applecdn-amp-assets

Apple-Originating-System

Other

ar-resolver-origin

Apple-Seq

Other

0.0

Apple-Tk

Other

false

B3

Other

177f513fd56621f17ed4f9e41dbb93d6-94e0230a77d2c3eb

Cdnuuid

Other

715adfea-6fd8-42eb-b293-6c770aa8b887-609615515

Date

Other

Fri, 01 May 2026 11:30:48 GMT

X-Apple-Jingle-Correlation-Key

Other

C57VCP6VMYQ7C7WU7HSB3O4T2Y

X-Apple-Request-Uuid

Other

177f513f-d566-21f1-7ed4-f9e41dbb93d6

X-B3-Parentspanid

Other

4eea9cf2acf75226

X-B3-Spanid

Other

94e0230a77d2c3eb

X-B3-Traceid

Other

32217aedf6b42da2

X-Cache

Other

TCP_MISS from a23-208-24-112.deploy.akamaitechnologies.com (AkamaiGHost/22.4.5.1-9ac4f7794220c9cdbe74f55d0b8e8d0f) (-)

X-Cache-Remote

Other

TCP_MISS from a23-32-44-65.deploy.akamaitechnologies.com (AkamaiGHost/22.5.0-aaef44c942a33f2d231f7120051a5b09) (-)

X-Daiquiri-Debug-Worker-Pid

Other

48450

X-Daiquiri-Instance

Other

daiquiri:11394003:mr36p00it-hyhk09194701:7987:26HOTFIX15:daiquiri-amp-dsce-apps-int-001-mr

X-Robots-Tag

Other

noindex

apple-asset-repo-auth-info: user-id=applecdn-amp-assets
apple-originating-system: ar-resolver-origin
apple-seq: 0.0
apple-tk: false
b3: 177f513fd56621f17ed4f9e41dbb93d6-94e0230a77d2c3eb
cdnuuid: 715adfea-6fd8-42eb-b293-6c770aa8b887-609615515
date: Fri, 01 May 2026 11:30:48 GMT
x-apple-jingle-correlation-key: C57VCP6VMYQ7C7WU7HSB3O4T2Y
x-apple-request-uuid: 177f513f-d566-21f1-7ed4-f9e41dbb93d6
x-b3-parentspanid: 4eea9cf2acf75226
x-b3-spanid: 94e0230a77d2c3eb
x-b3-traceid: 32217aedf6b42da2
x-cache: TCP_MISS from a23-208-24-112.deploy.akamaitechnologies.com (AkamaiGHost/22.4.5.1-9ac4f7794220c9cdbe74f55d0b8e8d0f) (-)
x-cache-remote: TCP_MISS from a23-32-44-65.deploy.akamaitechnologies.com (AkamaiGHost/22.5.0-aaef44c942a33f2d231f7120051a5b09) (-)
x-daiquiri-debug-worker-pid: 48450
x-daiquiri-instance: daiquiri:11394003:mr36p00it-hyhk09194701:7987:26HOTFIX15:daiquiri-amp-dsce-apps-int-001-mr
x-robots-tag: noindex

Recommendations

Enable compression (gzip/brotli) to improve performance