Sorry, should have clarified: instead of faking the response, you can connect to Apple’s servers through a US proxy. They will see you have a US IP address and return the corresponding location code, all over properly signed HTTPS.
There are a few caveats (e.g. using a residential or mobile proxy would look less suspicious, in case Apple looks out for datacenter IP ranges), but I think it should work.
There are a few caveats (e.g. using a residential or mobile proxy would look less suspicious, in case Apple looks out for datacenter IP ranges), but I think it should work.