When an app uses SKReceiptRefreshRequest or a server validates an App Store receipt with Apple’s endpoint ( https://sandbox.itunes.apple.com/verifyReceipt ), this header is often present. It helps Apple correlate the receipt with the specific hardware making the request, preventing replay attacks.
D.M.
Apple uses a suite of headers starting with x-apple-i-md- to establish a "Chain of Trust." The suffix -m in x-apple-i-md-m typically stands for or Metadata . x-apple-i-md-m
: Because it is tied to your hardware, it can technically be used to track a specific device across different IP addresses or sessions. Reverse Engineering When an app uses SKReceiptRefreshRequest or a server