HTTP Headers Analysis for https://evolvebenefits.apple.com

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; connect-src; font-src; +5 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Present

nosniff, nosniff

Referrer-Policy

Present

origin

Permissions-Policy

Missing

Not configured

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

accept-encoding

connection: close
vary: accept-encoding

Caching Headers

Cache-Control

Caching

private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0

Expires

Caching

Thu, 01 Jan 1970 00:00:00 GMT

Pragma

Caching

no-cache

cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache

Content Headers

Content-Language

Content

en-US

Content-Length

Content

7846

Content-Type

Content

text/html;charset=UTF-8

content-language: en-US
content-length: 7846
content-type: text/html;charset=UTF-8

Server Headers

Server

Apple

server: Apple

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: idmsac-ext=7a9ce55e7f2a7664baca46666b8a158e; expires=Fri, 24-Apr-26 19:09:10 GMT; domain=.apple.com; path=/; HttpOnly; secure
dslang=US-EN; Max-Age=15552000; Expires=Wed, 21 Oct 2026 11:09:10 GMT; Domain=apple.com; Path=/; Secure; HttpOnly
dslang=US-EN; Max-Age=15552000; Expires=Wed, 21 Oct 2026 11:09:10 GMT; Domain=apple.com; Path=/; Secure; HttpOnly
dawsp=AB930985B2AD6A7AF5DB343AA5F2C5C0580C87405362C12BF9D0EE4D75FA0072C0AF6C60FC68B19E70C991732D00488AAB4070E3E5BAED571C48E959A4F94ACA92B2928035BA20A48CF3227FDCD57ACD585E637830A34D5287BDB53FED1A85FC618290546008CA3B033D883A77503C89E73A0F3E673ED5AD; Path=/; Secure; HttpOnly

Other Headers

Date

Other

Fri, 24 Apr 2026 11:09:10 GMT

Scnt

Other

AAAA-kFCOTMwOTg1QjJBRDZBN0FGNURCMzQzQUE1RjJDNUMwNTgwQzg3NDA1MzYyQzEyQkY5RDBFRTRENzVGQTAwNzJDMEFGNkM2MEZDNjhCMTlFNzBDOTkxNzMyRDAwNDg4QUFCNDA3MEUzRTVCQUVENTcxQzQ4RTk1OUE0Rjk0QUNBOTJCMjkyODAzNUJBMjBBNDhDRjMyMjdGRENENTdBQ0Q1ODVFNjM3ODMwQTM0RDUyODdCREI1M0ZFRDFBODVGQzYxODI5MDU0NjAwOENBM0IwMzNEODgzQTc3NTAzQzg5RTczQTBGM0U2NzNFRDVBRHwxAAABnb87o7vYOgcJmo-LtLXFPf6wumPM5Yf_ZnUnKzXPkEiey--bU6ZSTaeBiGOSABWxowwHt4iGQCw0eBoG9vQ8Q3iJDI43EtK07SKkN4e3wPO7nDb5vw

X-Apple-I-Request-Id

Other

04bbdece-3fce-11f1-b62d-f313df56d9c1

date: Fri, 24 Apr 2026 11:09:10 GMT
scnt: AAAA-kFCOTMwOTg1QjJBRDZBN0FGNURCMzQzQUE1RjJDNUMwNTgwQzg3NDA1MzYyQzEyQkY5RDBFRTRENzVGQTAwNzJDMEFGNkM2MEZDNjhCMTlFNzBDOTkxNzMyRDAwNDg4QUFCNDA3MEUzRTVCQUVENTcxQzQ4RTk1OUE0Rjk0QUNBOTJCMjkyODAzNUJBMjBBNDhDRjMyMjdGRENENTdBQ0Q1ODVFNjM3ODMwQTM0RDUyODdCREI1M0ZFRDFBODVGQzYxODI5MDU0NjAwOENBM0IwMzNEODgzQTc3NTAzQzg5RTczQTBGM0U2NzNFRDVBRHwxAAABnb87o7vYOgcJmo-LtLXFPf6wumPM5Yf_ZnUnKzXPkEiey--bU6ZSTaeBiGOSABWxowwHt4iGQCw0eBoG9vQ8Q3iJDI43EtK07SKkN4e3wPO7nDb5vw
x-apple-i-request-id: 04bbdece-3fce-11f1-b62d-f313df56d9c1

Recommendations

Enable compression (gzip/brotli) to improve performance