HTTP Headers for theguardian.com

Responds with HTTP 200 OK — 6 of 6 security headers present.

Domain to Check

200 OKhttps://www.theguardian.com/us

Security Headers6/6

HSTS

CSP

X-Frame-Options

X-Content-Type-Options

Referrer-Policy

Permissions-Policy

All Response Headers (29)

accept-rangesbytes

age0

alt-svch3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

cache-controlmax-age=60, stale-while-revalidate=6, stale-if-error=864000, private

connectionclose

content-encodinggzip

content-length142971

content-security-policyupgrade-insecure-requests; default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src 'self' https://assets.guim.co.uk https://pasteup.guim.co.uk https://interactive.guim.co.uk https://dashboard.ophan.co.uk https://cdn.braze.eu data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none'; base-uri 'none'

content-typetext/html; charset=UTF-8

dateFri, 24 Apr 2026 15:46:10 GMT

etagW/"hash3593411624296402986"

feature-policycamera 'none'; microphone 'none'; midi 'none'; geolocation 'none'

link<https://assets.guim.co.uk/polyfill.io/v3/polyfill.min.js?rum=0&features=es6%2Ces7%2Ces2017%2Ces2018%2Ces2019%2Cdefault-3.6%2CHTMLPictureElement%2CIntersectionObserver%2CIntersectionObserverEntry%2CURLSearchParams%2Cfetch%2CNodeList.prototype.forEach%2Cnavigator.sendBeacon%2Cperformance.now%2CPromise.allSettled&flags=gated&callback=guardianPolyfilled&unknown=polyfill&cacheClear=1>; rel=prefetch,<https://assets.guim.co.uk/assets/frameworks.client.web.8844a1b3ccdb9ca9be92.js>; rel=prefetch,<https://assets.guim.co.uk/assets/index.client.web.a28889379c5c0570c614.js>; rel=prefetch,<https://assets.guim.co.uk/commercial/f84ad969e9a19e5704f8/graun.standalone.commercial.js>; rel=prefetch,,<https://assets.guim.co.uk/>; rel=preconnect,<https://i.guim.co.uk>; rel=preconnect,<https://j.ophan.co.uk>; rel=preconnect,<https://ophan.theguardian.com>; rel=preconnect,<https://api.nextgen.guardianapps.co.uk>; rel=preconnect,<https://hits-secure.theguardian.com>; rel=preconnect,<https://interactive.guim.co.uk>; rel=preconnect,<https://phar.gu-web.net>; rel=preconnect,<https://static.theguardian.com>; rel=preconnect,<https://support.theguardian.com>; rel=preconnect

onion-locationhttps://www.guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3oqfoprid.onion/us

permissions-policycamera=(), microphone=(), midi=(), geolocation=(), interest-cohort=(), clipboard-read=(), unload=()

referrer-policyno-referrer-when-downgrade

set-cookieGU_geo_country=US; path=/; Secure

strict-transport-securitymax-age=63072000; includeSubDomains; preload

varyAccept-Encoding,User-Agent

x-content-type-optionsnosniff

x-frame-optionsSAMEORIGIN

x-gu-dotcomponentstrue

x-gu-editionus

x-gu-frontend-git-commit-id8ad734da6f186cc80fa57052a8d0b1ef091bc80c

x-gu-server-ab-teststhefilter-at-a-glance-redesign-v2:stacked-default

x-request-id8ad5c82c-c9a2-4d75-a1c8-eef5506decbb

x-robots-tagbingbot: noarchive

x-timerS1777045570.198951,VS0,VE25

x-xss-protection1; mode=block

SSL Certificate Checker

Check any domain's SSL/TLS certificate — issuer, expiry, SANs, and cipher.

→

HTTP Status Codes

Searchable reference of all HTTP status codes with descriptions and use cases.

→

WHOIS Lookup

Look up WHOIS details for any domain or IP address.

→