HTTP Headers Analysis for https://commerce.itunes.apple.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

must-revalidate,no-cache,no-store

cache-control: must-revalidate,no-cache,no-store

Content Headers

Content-Length

Content

0

Content-Type

Content

text/plain

content-length: 0
content-type: text/plain

Server Headers

Server

daiquiri/5

server: daiquiri/5

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Apple-Originating-System

Other

MZBuyLite

Apple-Seq

Other

0.0

Apple-Timing-App

Other

0 ms

Apple-Tk

Other

false

B3

Other

099a46d319a27b71725c1697ab525b39-9f687268c3797b19

Date

Other

Mon, 27 Apr 2026 10:54:11 GMT

X-Apple-Jingle-Correlation-Key

Other

BGNENUYZUJ5XC4S4C2L2WUS3HE

X-Apple-Request-Uuid

Other

099a46d3-19a2-7b71-725c-1697ab525b39

X-B3-Spanid

Other

9f687268c3797b19

X-B3-Traceid

Other

099a46d319a27b71725c1697ab525b39

X-Daiquiri-Debug-Worker-Pid

Other

3144448

X-Daiquiri-Instance

Other

daiquiri:10001:daiquiri-all-shared-ext-6f8c48454b-wh8g5:7987:26RELEASE66:daiquiri-amp-kubernetes-shared-ext-ak8s-prod-as4-amp-daiquiri-ingress-prod

X-Responding-Instance

Other

MZBuyLite:10001:::

apple-originating-system: MZBuyLite
apple-seq: 0.0
apple-timing-app: 0 ms
apple-tk: false
b3: 099a46d319a27b71725c1697ab525b39-9f687268c3797b19
date: Mon, 27 Apr 2026 10:54:11 GMT
x-apple-jingle-correlation-key: BGNENUYZUJ5XC4S4C2L2WUS3HE
x-apple-request-uuid: 099a46d3-19a2-7b71-725c-1697ab525b39
x-b3-spanid: 9f687268c3797b19
x-b3-traceid: 099a46d319a27b71725c1697ab525b39
x-daiquiri-debug-worker-pid: 3144448
x-daiquiri-instance: daiquiri:10001:daiquiri-all-shared-ext-6f8c48454b-wh8g5:7987:26RELEASE66:daiquiri-amp-kubernetes-shared-ext-ak8s-prod-as4-amp-daiquiri-ingress-prod
x-responding-instance: MZBuyLite:10001:::

Recommendations

Enable compression (gzip/brotli) to improve performance