Open
Cached
·
just now
18
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
upgrade-insecure-requests; default-src; img-src; +11 more
upgrade-insecure-requests; default-src 'none'; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; font-src 'self' https://*.apple.com; style-src 'self' https://*.apple.com 'unsafe-inline'; script-src 'self' https://*.apple.com 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-p7PoC97FO+Lu90RNjGWxhbm13yALSR4xzV8vaDhaQBo=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; connect-src 'self' https://*.apple.com https://*.mzstatic.com; media-src 'self' https://*.apple.com blob:; child-src 'self' https://*.apple.com; frame-src 'self' https://*.apple.com itms-appss: macappstore:; worker-src blob:; frame-ancestors 'none'; block-all-mixed-content; report-uri /api/csp-report
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
1 headers
Connection
Performance
keep-alive
Caching Headers
1 headers
Cache-Control
Caching
public, max-age=900
Content Headers
2 headers
Content-Length
Content
2593
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
daiquiri/5
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
geo=US; domain=.apple.com
Other Headers
7 headers
Alt-Svc
Other
h3=":443"; ma=93600
Date
Other
Wed, 26 Nov 2025 15:33:28 GMT
X-Apple-Jingle-Correlation-Key
Other
ZTXPUTIVRFMMU6BUILQHTXG7AA
X-Cache
Other
TCP_MISS from a23-48-200-182.deploy.akamaitechnologies.com (AkamaiGHost/22.3.2.1-811eb0bc095268e0c68e3c1c2197f35a) (-)
X-Cache-Remote
Other
TCP_MISS from a23-220-107-207.deploy.akamaitechnologies.com (AkamaiGHost/22.3.2.1-811eb0bc095268e0c68e3c1c2197f35a) (-)
X-Daiquiri-Instance
Other
daiquiri:10001:daiquiri-all-shared-ext-6c8977fbb4-qbj2n:7987:25RELEASE148:daiquiri-amp-kubernetes-shared-ext-ak8s-prod-as4-amp-daiquiri-ingress-prod
X-Responding-Instance
Other
amp-web-app-store-server:amp-web-app-store-server-main-7f8fb8b8c4-jc2qd:4200:2546.18.0-external
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 359ms