SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Hostname Mismatch - certificate is issued for bookshop.theguardian.com, www.bookshop.theguardian.com, not for dev-theguardian.com
Open
Cached
·
just now
27
Headers
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
upgrade-insecure-requests; default-src; script-src; +9 more
upgrade-insecure-requests; default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src 'self' https://assets.guim.co.uk https://pasteup.guim.co.uk https://interactive.guim.co.uk https://dashboard.ophan.co.uk data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none'; base-uri 'none'
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Present
camera=(), microphone=(), midi=(), geolocation=(), interest-cohort=(), clipboard-read=(), unload=()
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
Performance Headers
3 headers
Accept-Ranges
Performance
bytes
Connection
Performance
close
Vary
Performance
Accept-Encoding,User-Agent
Caching Headers
3 headers
Age
Caching
0
Cache-Control
Caching
max-age=60, stale-while-revalidate=6, stale-if-error=864000, private,no-transform
Etag
Caching
W/"hash-289265066891235157"
Content Headers
2 headers
Content-Length
Content
1285358
Content-Type
Content
text/html; charset=UTF-8
Server Headers
0 headers
No server headers found
CORS Headers
0 headers
No CORS headers found
Cookies Headers
1 headers
Set-Cookie
Cookies
GU_geo_country=US; path=/; Secure
Other Headers
11 headers
Alt-Svc
Other
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
Date
Other
Mon, 29 Dec 2025 04:02:57 GMT
Feature-Policy
Other
camera 'none'; microphone 'none'; midi 'none'; geolocation 'none'
Link
Other
<https://assets.guim.co.uk/polyfill.io/v3/polyfill.min.js?rum=0&features=es6%2Ces7%2Ces2017%2Ces2018%2Ces2019%2Cdefault-3.6%2CHTMLPictureElement%2CIntersectionObserver%2CIntersectionObserverEntry%2CURLSearchParams%2Cfetch%2CNodeList.prototype.forEach%2Cnavigator.sendBeacon%2Cperformance.now%2CPromise.allSettled&flags=gated&callback=guardianPolyfilled&unknown=polyfill&cacheClear=1>; rel=prefetch,<https://assets.guim.co.uk/assets/frameworks.client.web.4b5ae4374a438e969b45.js>; rel=prefetch,<https://assets.guim.co.uk/assets/index.client.web.0c449cf2bc486295fa31.js>; rel=prefetch,<https://assets.guim.co.uk/commercial/cd89c1613c96c44b242d/graun.standalone.commercial.js>; rel=prefetch,,<https://assets.guim.co.uk/>; rel=preconnect,<https://i.guim.co.uk>; rel=preconnect,<https://j.ophan.co.uk>; rel=preconnect,<https://ophan.theguardian.com>; rel=preconnect,<https://api.nextgen.guardianapps.co.uk>; rel=preconnect,<https://hits-secure.theguardian.com>; rel=preconnect,<https://interactive.guim.co.uk>; rel=preconnect,<https://phar.gu-web.net>; rel=preconnect,<https://static.theguardian.com>; rel=preconnect,<https://support.theguardian.com>; rel=preconnect
Onion-Location
Other
https://www.guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3oqfoprid.onion/us
X-Gu-Dotcomponents
Other
true
X-Gu-Edition
Other
us
X-Gu-Frontend-Git-Commit-Id
Other
c969ea52f93344ed27f3314c2fefe9885a340474
X-Gu-Server-Ab-Tests
Other
thefilter-product-element:control
X-Robots-Tag
Other
bingbot: noarchive
X-Timer
Other
S1766980977.363172,VS0,VS0,VS0,VE89
Recommendations
Enable compression (gzip/brotli) to improve performance
Analysis completed in 1053ms