HTTP Headers Analysis for https://theguardian.design

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; base-uri; connect-src; +6 more

X-Frame-Options

Good

sameorigin

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

origin-when-cross-origin, strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding

Caching Headers

2 headers

Cache-Control

Caching

max-age=0, private, must-revalidate

Etag

Caching

W/"a0fe4c311bbeace1208b83d8cc15b1da"

Content Headers

2 headers

Content-Length

Content

45623

Content-Type

Content

text/html; charset=utf-8

Server Headers

1 headers

X-Runtime

Server

0.112920

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

_zh_session=2YVgBASc3RAxRM%2Fgmven1q3fhJ7qEPJps0rYb9ua7zjSxrJ1hrV4yElzvDvXyktd5jHH13flxUfucghCCT7%2B83LSuxODX%2FL0BgsfpTLAgRdHSoQ%2BqAn5CJfCV0fVLcm5OpP9Zp%2FVc8BmCYWJQkXyDnQhmgGBqNe9pfnVGBvxvB2wvkKDD8gKXIv8HjSTv650Qbo6WbHICyO1TErwOauQRzH%2FEJIGta%2FTM05yvESMj5gafUESz0XUjTALuqtVYSeF29VoDnltwC4xPxODn9%2FLTZcKuQ%3D%3D--3C4Sqy1ShqCCsHOG--HK0Ydj%2BMRrRirxT61xp%2B5w%3D%3D; domain=theguardian.design; path=/; secure; httponly; samesite=lax

Other Headers

12 headers

Date

Other

Mon, 29 Dec 2025 11:44:11 GMT

Link

Other

<https://cdn.zeroheight.com/1.5.9.9173/runtime.js?version=1.5.9.9173>; rel=preload; as=script; nopush,<https://cdn.zeroheight.com/1.5.9.9173/vendors.js?version=1.5.9.9173>; rel=preload; as=script; nopush,<https://cdn.zeroheight.com/1.5.9.9173/commons.js?version=1.5.9.9173>; rel=preload; as=script; nopush,<https://cdn.zeroheight.com/1.5.9.9173/app.js?version=1.5.9.9173>; rel=preload; as=script; nopush,</the-other-assets/plugin-4a494e7f121a21f8107858ef2ae2a4195419e15b227b90c9665c2a43f22cb9f2.css>; rel=preload; as=style; nopush,<//fast.appcues.com/119582.js>; rel=preload; as=script; nopush

Via

Other

1.1 varnish

X-Cache

Other

MISS

X-Cache-Hits

Other

0

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

X-Rack-Cors

Other

miss; no-origin

X-Request-Id

Other

ac4597fa-d55b-4198-a56f-cad856646949

X-Served-By

Other

cache-pdk-katl1840094-PDK

X-Timer

Other

S1767008651.748664,VS0,VE562

Zh-Product-Name

Other

zeroheight

Recommendations

Enable compression (gzip/brotli) to improve performance