What is the host "xp.apple.com" for and what is sent there?

Solution 1:

It seems to be related to the app store and os updates. All my apple devices attempt to connect to it during updates. On MacOS the processes which attempt connection are commerce, appstoreagent, rtcreportingd and App Store.

I would speculate that it is for some kind of telemetry, as I have had it blocked for a couple of months now and it has never caused any updates to fail. I suspect the same is true for configuration.apple.com .

Solution 2:

They mention it, but they do not provide details:

https://support.apple.com/en-us/HT201999

About macOS, iOS, and iTunes server host connections and iTunes background processes

Some Apple software, including macOS, iOS, and iTunes, uses different ports and servers to connect to various services. iTunes for Windows also installs some processes that run in the background when the software is open.

Make sure that your security software is set up correctly. Setup steps vary by software, so contact the developer for specifics.

On Mac, applications signed by Apple automatically receive incoming connections. This article doesn't apply if you're using the macOS built-in Application Firewall.

Server connections

The following servers are used by macOS, iOS, and iTunes:

Apple servers

albert.apple.com, appldnld.apple.com, configuration.apple.com, .cdn-apple.com, deimos3.apple.com, gg.apple.com, gs.apple.com, itunes.apple.com, *.itunes.apple.com, mesu.apple.com, *.mzstatic.com, skl.apple.com, swscan.apple.com, xp.apple.com

Other servers

evintl-ocsp.verisign.com, evsecure-ocsp.verisign.com, *.amazonaws.com, *.digicert.com, *.symcb.com, *.symcd.com