HTTP Headers
Show the HTTP headers for a URL, with a full break-down of details. Will follow redirects.
Summary
- Response
- Total Requests
- 1
- Total Time
- 831 ms
https://apps.apple.com/id/app/quickpro-apps/id1593803764- Status
- 200
- Message
- OK
- Time
- 831 ms
- IP
- 199.232.39.6
Timing
Wait
0 ms
DNS
3 ms
TCP
4 ms
Request
1 ms
First Byte
818 ms
Download
0 ms
Total
831 ms
HTTP Headers
- Connection
keep-alive
Control options for the current connection and list of hop-by-hop response fields.
keep-alive - The client would like to keep the connection open.
- Content-Length
601239(601 kB)
The length of the response body in octets (8-bit bytes).
- Server
daiquiri/5
A name for the server.
Server
daiquiri
Description of the server software.
Version
5
Version number.
- Content-Type
text/html
The MIME type of this content.
Problems were detected with this header
- Unknown MIME type.
- Cache-Control
public, max-age=900
Inform all caching mechanisms from server to client whether they may cache this object.
public
May be stored by any cache.
Max-Age
900 (15 minutes)
The time a browser should remember a site can only be accessed with https (seconds).
- Content-Security-Policy
upgrade-insecure-requests; default-src 'none'; manifest-src 'self' https://*.apple.com; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; font-src 'self' https://*.apple.com; style-src 'self' https://*.apple.com 'unsafe-inline'; script-src 'self' https://*.apple.com 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-p7PoC97FO+Lu90RNjGWxhbm13yALSR4xzV8vaDhaQBo=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; connect-src 'self' https://*.apple.com https://*.mzstatic.com; media-src 'self' https://*.apple.com blob:; child-src 'self' https://*.apple.com; frame-src 'self' https://*.apple.com itms-appss: macappstore:; worker-src blob:; frame-ancestors 'none'; block-all-mixed-content; report-uri /api/csp-report
The content security policy allows the server to determine what resources the user is allowed to load.
upgrade-insecure-requests
Treat insecure URLs as though they are secure.
Default-Src
Fallback for all fetches.
- 'none'
Manifest-Src
Define sources for manifest files.
- 'self'
- https://*.apple.com
Img-Src
Define sources for images and favicons.
- 'self'
- https://*.apple.com
- https://*.mzstatic.com
- data:
Font-Src
Define sources for fonts.
- 'self'
- https://*.apple.com
Style-Src
Define sources for stylesheets.
- 'self'
- https://*.apple.com
- 'unsafe-inline'
Script-Src
Define sources for JavaScript.
- 'self'
- https://*.apple.com
- 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E='
- 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo='
- 'sha256-p7PoC97FO+Lu90RNjGWxhbm13yALSR4xzV8vaDhaQBo='
- 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='
Connect-Src
Define sources for script interfaces.
- 'self'
- https://*.apple.com
- https://*.mzstatic.com
Media-Src
Define sources for audio, video, and track elements.
- 'self'
- https://*.apple.com
- blob:
Child-Src
Define sources for web works and frames.
- 'self'
- https://*.apple.com
Frame-Src
Define sources for frames.
- 'self'
- https://*.apple.com
- itms-appss:
- macappstore:
Worker-Src
Define sources for Worker, SharedWork, and ServiceWorker scripts.
- blob:
Frame-Ancestors
Define valid parents for frame, iframe, embed, object, and applet.
- 'none'
block-all-mixed-content
Prevent mixed content access.
Report-URI
/api/csp-report
URI for violation reports.
- Etag
"aZS7vCXONDT+4V1k2B/bAGsTLKD4PpaJ3Sam80bwi2c="
An identifier for a specific version of a resource.
Validator
strong
A weak tag is easier to generate and prevents byte range caching.
Tag
aZS7vCXONDT+4V1k2B/bAGsTLKD4PpaJ3Sam80bwi2c=
- Link
<https://is1-ssl.mzstatic.com>; rel=preconnect
Used to express a typed relationship with another resource.
Link
- rel - preconnect
- X-Apple-Jingle-Correlation-Key
SDQOAD7ICQZYYO23H5NSZQYCCA
- X-Content-Type-Options
nosniff
Prevents Internet Explorer from MIME-sniffing a response away from the declared content-type.
nosniff - Block requests if type 'style' or 'script'.
- X-Frame-Options
DENY
Clickjacking protection.
DENY - No rendering within frame.
- X-Responding-Instance
amp-web-app-store-server:amp-web-app-store-server-main-5dd8dcb4f5-v9ldt:4200:2626.4.0-external
- X-Xss-Protection
1; mode=block
Cross-site scripting (XSS) filter.
1
Enable XSS filtering.
Mode
Filtering mode.
- block - Block page if XSS is detected.
- Strict-Transport-Security
max-age=31536000; includeSubDomains
A HSTS Policy informing the HTTP client how long to cache the HTTPS only policy and whether this applies to subdomains.
Max-Age
31536000 (1 year)
The time a browser should remember a site can only be accessed with https (seconds).
includesubdomains
max-age applies to subdomains as well.
- X-Daiquiri-Instance
daiquiri:10001:daiquiri-cluster-6894f78d46-hgk2h:7987:26RELEASE107:daiquiri-amp-kubernetes-shared-cluster-ak8s-prod-pv4-amp-web-app-store-prod
- X-Daiquiri-Instance
daiquiri:10001:daiquiri-all-shared-ext-676bb467fb-rh2ps:7987:26RELEASE107:daiquiri-amp-kubernetes-shared-ext-ak8s-prod-pv4-amp-daiquiri-ingress-prod
- X-Daiquiri-Debug-Worker-Pid
818641
- X-Daiquiri-Debug-Worker-Pid
1085327
- Accept-Ranges
bytes
What partial content range types this server supports via byte serving.
bytes - Byte ranges are supported.
- Age
0
The age the object has been in a proxy cache in seconds.
- Date
Wed, 08 Jul 2026 00:46:35 GMT
The date and time that the message was sent.
- Via
1.1 varnish
Added by proxies to track a request through proxies and to avoid loops.
Version
1.1
Protocol version.
Host
Host name.
- X-Cdn
fsly
- X-Served-By
cache-lga21927-LGA
- X-Cache-Hits
0
- X-Timer
S1783471594.361163,VS0,VE816
- Vary
accept-encoding
Indicates that different content may be provided to different clients, depending on the vary header.
Headers
- accept-encoding
- Set-Cookie
geo=US; domain=apple.com
A cookie sent from the server to be set on the client
geo
US
Cookie name and value.
Domain
apple.com
The client will only send the cookie when requesting from this domain.
- X-Cache
MISS fsly
Indicates whether a cache was used to server this response.