HTTP Headers for forbes.com

Responds with HTTP 200 OK from istio-envoy — 5 of 6 security headers present.

Domain to Check

200 OKhttps://www.forbes.com/

Security Headers5/6

HSTS

CSP

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

All Response Headers (41)

accept-rangesbytes

access-control-allow-credentialstrue

age111

alt-svch3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

backenddnsresolver

cache-controlpublic, max-age=300

connectionclose

content-encodinggzip

content-length129296

content-security-policyupgrade-insecure-requests

content-typetext/html; charset=utf-8

dateFri, 24 Apr 2026 15:44:39 GMT

permissions-policyunload=()

referrer-policystrict-origin-when-cross-origin

serveristio-envoy

stateHIT-CLUSTER

strict-transport-securitymax-age=31536000; includeSubDomains; preload

varyAccept-Encoding, X-is-EU, X-is-CN, X-is-US-DPA, X-is-US, X-Device, canary, X-Is-Ad-Light, is-vwo-enabled, x-malcolm, x-malcolm, X-is-EU, X-is-CN, X-is-US-DPA, X-is-OPT-IN-JURISDICTION, X-is-STRICT-US-DPA, X-is-US, X-Device, x-backend, canary, X-Is-Ad-Light, is-vwo-enabled

via1.1 varnish

x-backendsimple-site-prod

x-cacheHIT

x-cache-hits1

x-cicero-cacheHIT 16

x-city-codeashburn

x-country-codeUS

x-devicepc

x-envoy-upstream-service-time2

x-fastly-backend24YyrkkiTBhSwXWzJgvwW6--F_GCP_Cicero_Varnish

x-fastly-x-is-cnfalse

x-fastly-x-is-opt-in-jurisdictionfalse

x-fastly-x-is-strict-us-dpafalse

x-fastly-x-is-ustrue

x-fastly-x-is-us-dpatrue

x-fastlyttl300.000

x-frame-optionsSAMEORIGIN

x-malcolmA

x-postal-code20147

x-regionVA

x-served-bycache-iad-kjyo7100092-IAD

x-timerS1777045480.529883,VS0,VE2

x-yourttl300.000

SSL Certificate Checker

Check any domain's SSL/TLS certificate — issuer, expiry, SANs, and cipher.

→

HTTP Status Codes

Searchable reference of all HTTP status codes with descriptions and use cases.

→

WHOIS Lookup

Look up WHOIS details for any domain or IP address.

→