Open
Cached
·
just now
20
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
upgrade-insecure-requests; default-src; img-src; +11 more
upgrade-insecure-requests; default-src 'none'; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; font-src 'self' https://*.apple.com; style-src 'self' https://*.apple.com 'unsafe-inline'; script-src 'self' https://*.apple.com 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-p7PoC97FO+Lu90RNjGWxhbm13yALSR4xzV8vaDhaQBo=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; connect-src 'self' https://*.apple.com https://*.mzstatic.com; media-src 'self' https://*.apple.com blob:; child-src 'self' https://*.apple.com; frame-src 'self' https://*.apple.com itms-appss: macappstore:; worker-src blob:; frame-ancestors 'none'; block-all-mixed-content; report-uri /api/csp-report
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
Performance Headers
2 headers
Connection
Performance
Transfer-Encoding
Transfer-Encoding
Performance
chunked
Caching Headers
2 headers
Cache-Control
Caching
public, max-age=900
Etag
Caching
"Zhijd6sNe+/dFyGZdPUHXNZOj7xovnwA0mhXZikofRg="
Content Headers
1 headers
Content-Type
Content
text/html
Server Headers
1 headers
Server
Server
daiquiri/5
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
geo=US; domain=.apple.com
Other Headers
8 headers
Date
Other
Fri, 21 Nov 2025 23:46:12 GMT
Link
Other
<https://is1-ssl.mzstatic.com>; rel=preconnect
X-Apple-Jingle-Correlation-Key
Other
F7C7RWBJNWYVBETLKVUJES47TE
X-Cache
Other
TCP_REFRESH_MISS from a23-48-200-50.deploy.akamaitechnologies.com (AkamaiGHost/22.3.2-533f962e69268c472fe0337456f52100) (S)
X-Cache-Remote
Other
TCP_REFRESH_MISS from a23-220-105-207.deploy.akamaitechnologies.com (AkamaiGHost/22.3.2.1-811eb0bc095268e0c68e3c1c2197f35a) (S)
X-Daiquiri-Instance
Other
daiquiri:10001:daiquiri-all-shared-ext-6c8977fbb4-gqw9w:7987:25RELEASE148:daiquiri-amp-kubernetes-shared-ext-ak8s-prod-as4-amp-daiquiri-ingress-prod
X-Original-Content-Length
Other
553781
X-Responding-Instance
Other
amp-web-app-store-server:amp-web-app-store-server-main-7f8fb8b8c4-lbpdx:4200:2546.18.0-external
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 962ms