HTTP Headers Analysis for https://s1.mzstatic.com

Detected Technologies from Headers

See all in URL Inspect 1

Akamai

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

max-age=0, no-cache

Expires

Caching

Mon, 30 Mar 2026 23:27:57 GMT

Pragma

Caching

no-cache

cache-control: max-age=0, no-cache
expires: Mon, 30 Mar 2026 23:27:57 GMT
pragma: no-cache

Content Headers

Content-Length

Content

117

Content-Type

Content

application/json

content-length: 117
content-type: application/json

Server Headers

Server

daiquiri/5

server: daiquiri/5

CORS Headers

Access-Control-Allow-Credentials

Cors

false

Access-Control-Allow-Headers

Cors

range

Access-Control-Allow-Methods

Cors

HEAD, GET, PUT

Access-Control-Allow-Origin

Cors

*

Access-Control-Expose-Headers

Cors

*

Access-Control-Max-Age

Cors

3000

access-control-allow-credentials: false
access-control-allow-headers: range
access-control-allow-methods: HEAD, GET, PUT
access-control-allow-origin: *
access-control-expose-headers: *
access-control-max-age: 3000

Cookies Headers

No cookies headers found

Other Headers

Apple-Asset-Repo-Auth-Info

Other

user-id=applecdn-amp-assets

Apple-Originating-System

Other

ar-resolver-origin

Apple-Seq

Other

0.0

Apple-Tk

Other

false

B3

Other

471c20bd13026821483a276bc81e93d3-170e3e2eae21d84d

Cdnuuid

Other

9a3b0066-83d1-4dd6-bbd2-190ca5fa9540-10366405

Date

Other

Mon, 30 Mar 2026 23:27:57 GMT

X-Apple-Jingle-Correlation-Key

Other

I4OCBPITAJUCCSB2E5V4QHUT2M

X-Apple-Request-Uuid

Other

471c20bd-1302-6821-483a-276bc81e93d3

X-B3-Parentspanid

Other

98d46f2c1bf67810

X-B3-Spanid

Other

170e3e2eae21d84d

X-B3-Traceid

Other

8572132873444599

X-Cache

Other

TCP_MISS from a23-48-200-176.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-e0e8e110f8cd22f17826d6ac7409b8da) (-)

X-Cache-Remote

Other

TCP_MISS from a23-3-13-103.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-cf5672731e69c345796af56199edfb50) (-)

X-Daiquiri-Debug-Worker-Pid

Other

26992

X-Daiquiri-Instance

Other

daiquiri:31394001:pv50p00it-hyhk12043801:7987:26RELEASE56:daiquiri-amp-dsce-apps-int-001-pv

apple-asset-repo-auth-info: user-id=applecdn-amp-assets
apple-originating-system: ar-resolver-origin
apple-seq: 0.0
apple-tk: false
b3: 471c20bd13026821483a276bc81e93d3-170e3e2eae21d84d
cdnuuid: 9a3b0066-83d1-4dd6-bbd2-190ca5fa9540-10366405
date: Mon, 30 Mar 2026 23:27:57 GMT
x-apple-jingle-correlation-key: I4OCBPITAJUCCSB2E5V4QHUT2M
x-apple-request-uuid: 471c20bd-1302-6821-483a-276bc81e93d3
x-b3-parentspanid: 98d46f2c1bf67810
x-b3-spanid: 170e3e2eae21d84d
x-b3-traceid: 8572132873444599
x-cache: TCP_MISS from a23-48-200-176.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-e0e8e110f8cd22f17826d6ac7409b8da) (-)
x-cache-remote: TCP_MISS from a23-3-13-103.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-cf5672731e69c345796af56199edfb50) (-)
x-daiquiri-debug-worker-pid: 26992
x-daiquiri-instance: daiquiri:31394001:pv50p00it-hyhk12043801:7987:26RELEASE56:daiquiri-amp-dsce-apps-int-001-pv

Recommendations

Enable compression (gzip/brotli) to improve performance