HTTP Headers Analysis for https://s3.mzstatic.com

Detected Technologies from Headers

See all in URL Inspect 1

Akamai

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

connection: close

Caching Headers

Cache-Control

Caching

max-age=0, no-cache

Expires

Caching

Sat, 28 Mar 2026 01:01:59 GMT

Pragma

Caching

no-cache

cache-control: max-age=0, no-cache
expires: Sat, 28 Mar 2026 01:01:59 GMT
pragma: no-cache

Content Headers

Content-Length

Content

117

Content-Type

Content

application/json

content-length: 117
content-type: application/json

Server Headers

Server

daiquiri/5

server: daiquiri/5

CORS Headers

Access-Control-Allow-Credentials

Cors

false

Access-Control-Allow-Headers

Cors

range

Access-Control-Allow-Methods

Cors

HEAD, GET, PUT

Access-Control-Allow-Origin

Cors

*

Access-Control-Expose-Headers

Cors

*

Access-Control-Max-Age

Cors

3000

access-control-allow-credentials: false
access-control-allow-headers: range
access-control-allow-methods: HEAD, GET, PUT
access-control-allow-origin: *
access-control-expose-headers: *
access-control-max-age: 3000

Cookies Headers

No cookies headers found

Other Headers

Apple-Asset-Repo-Auth-Info

Other

user-id=applecdn-amp-assets

Apple-Originating-System

Other

ar-resolver-origin

Apple-Seq

Other

0.0

Apple-Tk

Other

false

B3

Other

938abe8291098ac0ad69e760ab22b37c-f76ead0162374785

Cdnuuid

Other

96a20f6b-417f-4b9d-9246-33d8c459761a-873254275

Date

Other

Sat, 28 Mar 2026 01:01:59 GMT

X-Apple-Jingle-Correlation-Key

Other

SOFL5AURBGFMBLLJ45QKWIVTPQ

X-Apple-Request-Uuid

Other

938abe82-9109-8ac0-ad69-e760ab22b37c

X-B3-Parentspanid

Other

2e98f4e89decff42

X-B3-Spanid

Other

f76ead0162374785

X-B3-Traceid

Other

29cc8d66c0074efd

X-Cache

Other

TCP_MISS from a23-42-150-43.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-e0e8e110f8cd22f17826d6ac7409b8da) (-)

X-Cache-Remote

Other

TCP_MISS from a23-45-172-186.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-cf5672731e69c345796af56199edfb50) (-)

X-Daiquiri-Debug-Worker-Pid

Other

5044

X-Daiquiri-Instance

Other

daiquiri:11394002:mr36p00it-hyhk12154801:7987:26RELEASE56:daiquiri-amp-dsce-apps-int-001-mr

apple-asset-repo-auth-info: user-id=applecdn-amp-assets
apple-originating-system: ar-resolver-origin
apple-seq: 0.0
apple-tk: false
b3: 938abe8291098ac0ad69e760ab22b37c-f76ead0162374785
cdnuuid: 96a20f6b-417f-4b9d-9246-33d8c459761a-873254275
date: Sat, 28 Mar 2026 01:01:59 GMT
x-apple-jingle-correlation-key: SOFL5AURBGFMBLLJ45QKWIVTPQ
x-apple-request-uuid: 938abe82-9109-8ac0-ad69-e760ab22b37c
x-b3-parentspanid: 2e98f4e89decff42
x-b3-spanid: f76ead0162374785
x-b3-traceid: 29cc8d66c0074efd
x-cache: TCP_MISS from a23-42-150-43.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-e0e8e110f8cd22f17826d6ac7409b8da) (-)
x-cache-remote: TCP_MISS from a23-45-172-186.deploy.akamaitechnologies.com (AkamaiGHost/22.4.4-cf5672731e69c345796af56199edfb50) (-)
x-daiquiri-debug-worker-pid: 5044
x-daiquiri-instance: daiquiri:11394002:mr36p00it-hyhk12154801:7987:26RELEASE56:daiquiri-amp-dsce-apps-int-001-mr

Recommendations

Enable compression (gzip/brotli) to improve performance