HTTP Headers Analysis for https://places-ext.apple.com

Detected Technologies from Headers

See all in URL Inspect 1

Apple ID

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; child-src; connect-src; +7 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Present

nosniff, nosniff

Referrer-Policy

Present

origin

Permissions-Policy

Missing

Not configured

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

accept-encoding

connection: close
transfer-encoding: chunked
vary: accept-encoding

Caching Headers

Cache-Control

Caching

no-cache, no-store

Expires

Caching

Thu, 01 Jan 1970 00:00:00 GMT

Pragma

Caching

no-cache

cache-control: no-cache, no-store
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache

Content Headers

Content-Language

Content

en-US-x-lvariant-USA

Content-Type

Content

text/html;charset=UTF-8

content-language: en-US-x-lvariant-USA
content-type: text/html;charset=UTF-8

Server Headers

Server

Apple

server: Apple

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: idmsac-ext-aa=d5854c519aab45ee877183c72a3509d6; expires=Mon, 06-Apr-26 19:31:18 GMT; domain=.apple.com; path=/appleauth; HttpOnly; secure
aa=C5FA4802177F651AEE6422882494CB01; Domain=idmsac.apple.com; Path=/; Secure; HttpOnly
dslang=US-EN; Domain=apple.com; Path=/; Secure; HttpOnly
site=USA; Domain=apple.com; Path=/; Secure; HttpOnly

Other Headers

Date

Other

Mon, 06 Apr 2026 11:31:18 GMT

Scnt

Other

AAAAKkI1ODA4NTM3OThFNzk0NThFMzdBODU0RjgzM0E4NDRGfDEAAAGdYp1w0DtMrF_DmJBvS7DGprvQxyoBhHfcD2MJXom3Bu_VeEUY8bBLXCpRoDIAECxmH5vEAmRULar3yo9V_7Tz8OXOefHXVTa6UOhWacG-KAFfsUai

X-Apple-Auth-Attributes

Other

WF0kJveKqbUC5cQpPyH4Jv86Uui1GtJygVTrusuE4S1f+yAY2uj3FmxnhwmkJDDx2hUnZiMpmk5tHStOZryTzGpK6QN0Zj4UH9cn4uY1ugjC2UcdfTfKN7aUdTvpKBhUrPvM/NNf4K+NcZSZVY4Gt1vzLUS8ESxH4INt4I9qreUsWxI7hm6hKCru4tAxefwvOVteWzIRikztaMubVIRLUdiGjANsmIxyjLDDVj/dbSM8EAdxux5F8OiRBSgMeia+hPjbJE7ylMqlvwYGe+P3Nv9PrpnwLtcRtsJy97lC5Sn5CU7gbPTRUMB08TPJPXSxX39jyw4V8p8cWDkhcvhnNQPu93xZABAsZiTeiQM=

X-Apple-Auth-Required

Other

true

X-Apple-I-Request-Id

Other

2116e321-31ac-11f1-a0f4-bb5085c018ae

X-Buildversion

Other

R6

date: Mon, 06 Apr 2026 11:31:18 GMT
scnt: AAAAKkI1ODA4NTM3OThFNzk0NThFMzdBODU0RjgzM0E4NDRGfDEAAAGdYp1w0DtMrF_DmJBvS7DGprvQxyoBhHfcD2MJXom3Bu_VeEUY8bBLXCpRoDIAECxmH5vEAmRULar3yo9V_7Tz8OXOefHXVTa6UOhWacG-KAFfsUai
x-apple-auth-attributes: WF0kJveKqbUC5cQpPyH4Jv86Uui1GtJygVTrusuE4S1f+yAY2uj3FmxnhwmkJDDx2hUnZiMpmk5tHStOZryTzGpK6QN0Zj4UH9cn4uY1ugjC2UcdfTfKN7aUdTvpKBhUrPvM/NNf4K+NcZSZVY4Gt1vzLUS8ESxH4INt4I9qreUsWxI7hm6hKCru4tAxefwvOVteWzIRikztaMubVIRLUdiGjANsmIxyjLDDVj/dbSM8EAdxux5F8OiRBSgMeia+hPjbJE7ylMqlvwYGe+P3Nv9PrpnwLtcRtsJy97lC5Sn5CU7gbPTRUMB08TPJPXSxX39jyw4V8p8cWDkhcvhnNQPu93xZABAsZiTeiQM=
x-apple-auth-required: true
x-apple-i-request-id: 2116e321-31ac-11f1-a0f4-bb5085c018ae
x-buildversion: R6

Recommendations

Enable compression (gzip/brotli) to improve performance