HTTP Headers for bloomberg.com

Responds with HTTP 403 Forbidden from Varnish — 2 of 6 security headers present.

Domain to Check

403 Forbiddenhttps://www.bloomberg.com/

Security Headers2/6

HSTS

CSP

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

All Response Headers (15)

accept-rangesbytes

cache-controlno-store

connectionclose

content-length13860

content-typetext/html

dateFri, 24 Apr 2026 15:43:55 GMT

link<https://assets.bwbx.io>; rel=preconnect; crossorigin, <https://assets.bwbx.io>; rel=preconnect, <https://sourcepointcmp.bloomberg.com>; rel=preconnect; crossorigin, <https://tpc.googlesyndication.com >; rel=preconnect; crossorigin, <https://www.google-analytics.com>; rel=preconnect; crossorigin, <https://www.googletagmanager.com>; rel=preconnect, <https://www.googletagmanager.com>; rel=preconnect; crossorigin

retry-after0

serverVarnish

set-cookiesession_key=ce992dbbe98cd39d2c66495db8efa4e611005220; path=/; max-age=31536000; domain=bloomberg.com; secure

strict-transport-securitymax-age=31557600

x-cacheMISS

x-cache-hits0

x-content-type-optionsnosniff

x-served-bycache-iad-kjyo7100116-IAD