HTTP Headers Analysis for https://cs-appleweb-origin.apple.com

Detected Technologies from Headers

See all in URL Inspect 1

Apple ID

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; child-src; connect-src; +7 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Present

nosniff, nosniff

Referrer-Policy

Present

origin

Permissions-Policy

Missing

Not configured

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

connection: close
transfer-encoding: chunked
vary: accept-encoding

Caching Headers

Cache-Control

Caching

no-cache, no-store

Expires

Caching

Thu, 01 Jan 1970 00:00:00 GMT

Pragma

Caching

no-cache

cache-control: no-cache, no-store
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache

Content Headers

Content-Language

Content

en-US-x-lvariant-USA

Content-Type

Content

text/html;charset=UTF-8

content-language: en-US-x-lvariant-USA
content-type: text/html;charset=UTF-8

Server Headers

Server

Apple

server: Apple

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: idmsac-ext-aa=7ec1d9f22bf971ae960ae7d6342e1827; expires=Mon, 13-Apr-26 01:21:20 GMT; domain=.apple.com; path=/appleauth; HttpOnly; secure
dslang=US-EN; Domain=apple.com; Path=/; Secure; HttpOnly
site=USA; Domain=apple.com; Path=/; Secure; HttpOnly
aasp=D26395235CB5B9A145138A2A75B4B7CFEBB9E6ED52CD13089B79A96486363C9647427B33242813BB0DC23CDDC8F1ED69D92DC17DCB8D330D12E1F5E6281BB05274B1B2F15048A841F6908BF6CBE23343BD3081C5A4F3568CFEF5551707AE48AA70A81D71AB1453B664C2E179C25CB6F9CE66B9C18497096D; Domain=idmsac.apple.com; Path=/; Secure; HttpOnly

Other Headers

Date

Other

Sun, 12 Apr 2026 17:21:20 GMT

Scnt

Other

AAAA-jI5MTgyRTNBRTk0RUIyMzE5RDUzRDc1QTkyMjBBQTk1NkU1QkIxRTUyMDM5NkU0OTI4NDA5OEIxOTREMzQ5OEQ2NzRGNjg0OEZDMDRENDAzRTFFNzRENkVBQ0EwNUZBRDk5MkUyNEI4QUMzMzk5ODNDQjBEQkY2MjM0MjBGQ0NGOEM1RUE1QjgxM0VFOTA0ODM2ODdCQzMzRUE2ODYyOEFBQ0FDREI4NTY5MTc1RkIzMjhEMDRBMUY2QTkwNkJEMTNCQkUyOTYzNzc1NjNDNERENTNCMjVDOURDNTU5Q0Y3RUVBQzJCN0I2NUZFRjFFNXwxAAABnYLEEC5GM8rMu7Cx89yTQLfhbfND7poP_S6xxrw264vzbA6Hxu7FcSvYgL9lABJcKmZRdaN-GvAAw5kVCgGhaub7qMCBLg08WtdytPTS-FojXUSP2g

X-Apple-Auth-Attributes

Other

VgEiQ075XVFMCKbiDfJhHsXDoZXXPjQYBfTckUhgsoiO5b3R9DkS5gnUtBXrS0h1fxTX4jW8fG2Dx9WWmvc3o7Rd9TrrmHjxZD4mWyIewNjxaFdzSk5w+9YN9uew5dwiZ8JTOG+lw2e30qtERSfvT0Er3VDQ5VeOdJShzBl50dQWyn2v4HpDJ86K5PUjytuaH/civBcN2+OcarPSmQLYqgrUE2X4fMkkhQ6P2SimU0ZkDCZdNl5XJkNbOsEIyqPhwmQ6VzUEQAJKN+qBoCpx56O0gjJ75RcAElwqbArYTg==

X-Apple-Auth-Required

Other

true

X-Apple-I-Request-Id

Other

05c804af-3694-11f1-91a7-a55360762c41

X-Buildversion

Other

R6

date: Sun, 12 Apr 2026 17:21:20 GMT
scnt: AAAA-jI5MTgyRTNBRTk0RUIyMzE5RDUzRDc1QTkyMjBBQTk1NkU1QkIxRTUyMDM5NkU0OTI4NDA5OEIxOTREMzQ5OEQ2NzRGNjg0OEZDMDRENDAzRTFFNzRENkVBQ0EwNUZBRDk5MkUyNEI4QUMzMzk5ODNDQjBEQkY2MjM0MjBGQ0NGOEM1RUE1QjgxM0VFOTA0ODM2ODdCQzMzRUE2ODYyOEFBQ0FDREI4NTY5MTc1RkIzMjhEMDRBMUY2QTkwNkJEMTNCQkUyOTYzNzc1NjNDNERENTNCMjVDOURDNTU5Q0Y3RUVBQzJCN0I2NUZFRjFFNXwxAAABnYLEEC5GM8rMu7Cx89yTQLfhbfND7poP_S6xxrw264vzbA6Hxu7FcSvYgL9lABJcKmZRdaN-GvAAw5kVCgGhaub7qMCBLg08WtdytPTS-FojXUSP2g
x-apple-auth-attributes: VgEiQ075XVFMCKbiDfJhHsXDoZXXPjQYBfTckUhgsoiO5b3R9DkS5gnUtBXrS0h1fxTX4jW8fG2Dx9WWmvc3o7Rd9TrrmHjxZD4mWyIewNjxaFdzSk5w+9YN9uew5dwiZ8JTOG+lw2e30qtERSfvT0Er3VDQ5VeOdJShzBl50dQWyn2v4HpDJ86K5PUjytuaH/civBcN2+OcarPSmQLYqgrUE2X4fMkkhQ6P2SimU0ZkDCZdNl5XJkNbOsEIyqPhwmQ6VzUEQAJKN+qBoCpx56O0gjJ75RcAElwqbArYTg==
x-apple-auth-required: true
x-apple-i-request-id: 05c804af-3694-11f1-91a7-a55360762c41
x-buildversion: R6

Recommendations

Enable compression (gzip/brotli) to improve performance