HTTP Headers | redirect.li

HTTP Headers

Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.

Summary

Response
Total Requests
1
Total Time
831 ms
  • IP
    199.232.39.6
  • Timing

    Wait

    0 ms

    DNS

    3 ms

    TCP

    4 ms

    Request

    1 ms

    First Byte

    818 ms

    Download

    0 ms

    Total

    831 ms

  • HTTP Headers

    Connection

    keep-alive

    Control options for the current connection and list of hop-by-hop response fields.

    keep-alive - The client would like to keep the connection open.

    Content-Length

    601239(601 kB)

    The length of the response body in octets (8-bit bytes).

    Server

    daiquiri/5

    A name for the server.

    • Server

      daiquiri

      Description of the server software.

    • Version

      5

      Version number.

    Content-Type

    text/html

    The MIME type of this content.

    Problems were detected with this header

    • Unknown MIME type.
    Cache-Control

    public, max-age=900

    Inform all caching mechanisms from server to client whether they may cache this object.

    • public

      May be stored by any cache.

    • Max-Age

      900 (15 minutes)

      The time a browser should remember a site can only be accessed with https (seconds).

    Content-Security-Policy

    upgrade-insecure-requests; default-src 'none'; manifest-src 'self' https://*.apple.com; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; font-src 'self' https://*.apple.com; style-src 'self' https://*.apple.com 'unsafe-inline'; script-src 'self' https://*.apple.com 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-p7PoC97FO+Lu90RNjGWxhbm13yALSR4xzV8vaDhaQBo=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; connect-src 'self' https://*.apple.com https://*.mzstatic.com; media-src 'self' https://*.apple.com blob:; child-src 'self' https://*.apple.com; frame-src 'self' https://*.apple.com itms-appss: macappstore:; worker-src blob:; frame-ancestors 'none'; block-all-mixed-content; report-uri /api/csp-report

    The content security policy allows the server to determine what resources the user is allowed to load.

    • upgrade-insecure-requests

      Treat insecure URLs as though they are secure.

    • Default-Src

      Fallback for all fetches.

      • 'none'
    • Manifest-Src

      Define sources for manifest files.

      • 'self'
      • https://*.apple.com
    • Img-Src

      Define sources for images and favicons.

      • 'self'
      • https://*.apple.com
      • https://*.mzstatic.com
      • data:
    • Font-Src

      Define sources for fonts.

      • 'self'
      • https://*.apple.com
    • Style-Src

      Define sources for stylesheets.

      • 'self'
      • https://*.apple.com
      • 'unsafe-inline'
    • Script-Src

      Define sources for JavaScript.

      • 'self'
      • https://*.apple.com
      • 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E='
      • 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo='
      • 'sha256-p7PoC97FO+Lu90RNjGWxhbm13yALSR4xzV8vaDhaQBo='
      • 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='
    • Connect-Src

      Define sources for script interfaces.

      • 'self'
      • https://*.apple.com
      • https://*.mzstatic.com
    • Media-Src

      Define sources for audio, video, and track elements.

      • 'self'
      • https://*.apple.com
      • blob:
    • Child-Src

      Define sources for web works and frames.

      • 'self'
      • https://*.apple.com
    • Frame-Src

      Define sources for frames.

      • 'self'
      • https://*.apple.com
      • itms-appss:
      • macappstore:
    • Worker-Src

      Define sources for Worker, SharedWork, and ServiceWorker scripts.

      • blob:
    • Frame-Ancestors

      Define valid parents for frame, iframe, embed, object, and applet.

      • 'none'
    • block-all-mixed-content

      Prevent mixed content access.

    • Report-URI

      /api/csp-report

      URI for violation reports.

    Etag

    "aZS7vCXONDT+4V1k2B/bAGsTLKD4PpaJ3Sam80bwi2c="

    An identifier for a specific version of a resource.

    • Validator

      strong

      A weak tag is easier to generate and prevents byte range caching.

    • Tag

      aZS7vCXONDT+4V1k2B/bAGsTLKD4PpaJ3Sam80bwi2c=

    Link

    <https://is1-ssl.mzstatic.com>; rel=preconnect

    Used to express a typed relationship with another resource.

    X-Apple-Jingle-Correlation-Key

    SDQOAD7ICQZYYO23H5NSZQYCCA

    X-Content-Type-Options

    nosniff

    Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.

    nosniff - Block requests if type 'style' or 'script'.

    X-Frame-Options

    DENY

    Clickjacking protection.

    DENY - No rendering within frame.

    X-Responding-Instance

    amp-web-app-store-server:amp-web-app-store-server-main-5dd8dcb4f5-v9ldt:4200:2626.4.0-external

    X-Xss-Protection

    1; mode=block

    Cross-site scripting (XSS) filter.

    • 1

      Enable XSS filtering.

    • Mode

      Filtering mode.

      • block - Block page if XSS is detected.
    Strict-Transport-Security

    max-age=31536000; includeSubDomains

    A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.

    • Max-Age

      31536000 (1 year)

      The time a browser should remember a site can only be accessed with https (seconds).

    • includesubdomains

      max-age applies to subdomains as well.

    X-Daiquiri-Instance

    daiquiri:10001:daiquiri-cluster-6894f78d46-hgk2h:7987:26RELEASE107:daiquiri-amp-kubernetes-shared-cluster-ak8s-prod-pv4-amp-web-app-store-prod

    X-Daiquiri-Instance

    daiquiri:10001:daiquiri-all-shared-ext-676bb467fb-rh2ps:7987:26RELEASE107:daiquiri-amp-kubernetes-shared-ext-ak8s-prod-pv4-amp-daiquiri-ingress-prod

    X-Daiquiri-Debug-Worker-Pid

    818641

    X-Daiquiri-Debug-Worker-Pid

    1085327

    Accept-Ranges

    bytes

    What partial content range types this server supports via byte serving.

    bytes - Byte ranges are supported.

    Age

    0

    The age the object has been in a proxy cache in seconds.

    Date

    Wed, 08 Jul 2026 00:46:35 GMT

    The date and time that the message was sent.

    Via

    1.1 varnish

    Added by proxies to track a request through proxies and to avoid loops.

    • Version

      1.1

      Protocol version.

    • Host

      Host name.

    X-Cdn

    fsly

    X-Served-By

    cache-lga21927-LGA

    X-Cache-Hits

    0

    X-Timer

    S1783471594.361163,VS0,VE816

    Vary

    accept-encoding

    Indicates that different content may be provided to different clients, depending on the vary header.

    • Headers

      • accept-encoding
    Set-Cookie

    geo=US; domain=apple.com

    A cookie sent from the server to be set on the client

    • geo

      US

      Cookie name and value.

    • Domain

      apple.com

      The client will only send the cookie when requesting from this domain.

    X-Cache

    MISS fsly

    Indicates whether a cache was used to server this response.