HTTP Headers Analysis for https://entitlements.apps.apple.com

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Age

Caching

0

Cache-Control

Caching

must-revalidate,no-cache,no-store

age: 0
cache-control: must-revalidate,no-cache,no-store

Content Headers

Content-Length

Content

47

Content-Type

Content

application/json;charset=iso-8859-1

content-length: 47
content-type: application/json;charset=iso-8859-1

Server Headers

Server

daiquiri/5

X-Runtime

Server

0.000505

server: daiquiri/5
x-runtime: 0.000505

CORS Headers

No CORS headers found

Cookies Headers

No cookies headers found

Other Headers

Apple-Originating-System

Other

MZInAppsEntitlements

Apple-Seq

Other

0.0

Apple-Timing-App

Other

0 ms

Apple-Tk

Other

false

B3

Other

6da52d260957f3363f5b4bfdeb3c31d4-d9a662f61613a144

Cdn-Server

Other

aapl

Cdnuuid

Other

d04040dd-15fd-4fe6-8777-f9eeb4fb74b8-38480728691

Date

Other

Mon, 27 Apr 2026 13:33:57 GMT

Via

Other

https/1.1 usmia1-edge-fx-002.ts.apple.com (acdn/302.16436)

X-Apple-Jingle-Correlation-Key

Other

NWSS2JQJK7ZTMP23JP66WPBR2Q

X-Apple-Request-Uuid

Other

6da52d26-0957-f336-3f5b-4bfdeb3c31d4

X-B3-Spanid

Other

d9a662f61613a144

X-B3-Traceid

Other

6da52d260957f3363f5b4bfdeb3c31d4

X-Cache

Other

skipped

X-Daiquiri-Debug-Worker-Pid

Other

3199219

X-Daiquiri-Instance

Other

daiquiri:10001:daiquiri-all-shared-ext-6f8c48454b-9hjkf:7987:26RELEASE66:daiquiri-amp-kubernetes-shared-ext-ak8s-prod-as4-amp-daiquiri-ingress-prod

X-Responding-Instance

Other

MZInAppsEntitlements:10001:::

apple-originating-system: MZInAppsEntitlements
apple-seq: 0.0
apple-timing-app: 0 ms
apple-tk: false
b3: 6da52d260957f3363f5b4bfdeb3c31d4-d9a662f61613a144
cdn-server: aapl
cdnuuid: d04040dd-15fd-4fe6-8777-f9eeb4fb74b8-38480728691
date: Mon, 27 Apr 2026 13:33:57 GMT
via: https/1.1 usmia1-edge-fx-002.ts.apple.com (acdn/302.16436)
x-apple-jingle-correlation-key: NWSS2JQJK7ZTMP23JP66WPBR2Q
x-apple-request-uuid: 6da52d26-0957-f336-3f5b-4bfdeb3c31d4
x-b3-spanid: d9a662f61613a144
x-b3-traceid: 6da52d260957f3363f5b4bfdeb3c31d4
x-cache: skipped
x-daiquiri-debug-worker-pid: 3199219
x-daiquiri-instance: daiquiri:10001:daiquiri-all-shared-ext-6f8c48454b-9hjkf:7987:26RELEASE66:daiquiri-amp-kubernetes-shared-ext-ak8s-prod-as4-amp-daiquiri-ingress-prod
x-responding-instance: MZInAppsEntitlements:10001:::

Recommendations

Enable compression (gzip/brotli) to improve performance