HTTP Headers for nytimes.com

Responds with HTTP 200 from envoy — 5 of 6 security headers present.

Domain to Check

200 https://www.nytimes.com/

Security Headers5/6

HSTS

CSP

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

All Response Headers (40)

accept-rangesbytes

access-control-allow-headerstraceparent, tracestate, X-B3-Sampled, X-B3-SpanId, X-B3-TraceId, x-datadog-origin, x-datadog-parent-id, x-datadog-sampling-priority, x-datadog-trace-id, x-nyt-entitlements, x-nyt-internal-meter-override, traceparent, tracestate, X-B3-Sampled, X-B3-SpanId, X-B3-TraceId, x-datadog-origin, x-datadog-parent-id, x-datadog-sampling-priority, x-datadog-trace-id, x-nyt-entitlements, x-nyt-internal-meter-override

access-control-expose-headersX-Nyt-Mktg-Group, X-Nyt-Mktg-Group

age9

build-timestamp1776971998000

cache-controls-maxage=30,no-cache

connectionclose

content-encodinggzip

content-length214290

content-security-policyupgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https: nytresource:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: nytresource:; style-src data: 'unsafe-inline' https: nytresource:; img-src data: https: blob: android-webview-video-poster: nytresource:; font-src data: https: nytresource:; connect-src data: https: wss: blob: nytresource:; media-src data: https: blob: nytresource:; object-src https:; child-src https: data: blob: nytresource:; form-action https: nytimes: nytcooking: nytxwd:; report-uri https://csp.nytimes.com/report;

content-typetext/html; charset=utf-8

dateFri, 24 Apr 2026 12:35:58 GMT

fastly-restarts1

last-modifiedFri, 24 Apr 2026 12:34:45 GMT

permissions-policybrowsing-topics=()

serverenvoy

set-cookienyt-traceid=000000000000000055b3818120e774d2; Path=/; Domain=.nytimes.com; SameSite=none; Secure

strict-transport-securitymax-age=63072000; includeSubDomains; preload

varyAccept-Encoding, Fastly-SSL

x-api-versionF-F-VI

x-b3-traceid39fe3832c5c71417

x-cacheHIT, MISS

x-cache-hits1, 0

x-content-type-optionsnosniff

x-datadome-timer(null),VE98

x-envoy-decorator-operationvi.nyt.net:443/*

x-envoy-upstream-service-time482

x-frame-optionsDENY

x-gdpr0

x-nyt-app-mapwebview=false,preloaded=false,service-worker-enabled=false

x-nyt-app-webview0

x-nyt-data-last-modifiedFri, 24 Apr 2026 12:34:45 GMT

x-nyt-edge-cacheHIT-MISS

x-nyt-mktg-groupgroup1

x-nyt-routehomepage

x-origin-time2026-04-24 12:35:58 UTC

x-pagetypevi-homepage

x-served-bycache-lga21974-LGA, cache-iad-kjyo7100066-IAD

x-timerS1777034158.157397,VS0,VE118

x-xss-protection1; mode=block

SSL Certificate Checker

Check any domain's SSL/TLS certificate — issuer, expiry, SANs, and cipher.

→

HTTP Status Codes

Searchable reference of all HTTP status codes with descriptions and use cases.

→

WHOIS Lookup

Look up WHOIS details for any domain or IP address.

→