| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Server | BBC-GTM |
| Strict-Transport-Security | max-age=31536000; preload |
| X-Fastly-Pre-Flight-Cache | MISS, HIT |
| Content-Type | text/html |
| Bsig | 7784d958bd6ff057f4411af0d6b8dbb9 |
| Permissions-Policy | accelerometer=(), autoplay=(self "https://emp.bbc.com" "https://emp.bbc.co.uk" "http://emp.bbc.com" "http://emp.bbc.co.uk"), camera=(), document-domain=(self "https://emp.bbc.com" "https://emp.bbc.co.uk" "http://emp.bbc.com" "http://emp.bbc.co.uk"), encrypted-media=(), fullscreen=(self "https://emp.bbc.com" "https://emp.bbc.co.uk" "http://emp.bbc.com" "http://emp.bbc.co.uk"), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self "https://emp.bbc.com" "https://emp.bbc.co.uk" "http://emp.bbc.com" "http://emp.bbc.co.uk"), screen-wake-lock=(), sync-xhr=(self), usb=(), xr-spatial-tracking=() |
| X-Frame-Options | DENY |
| Report-To | {"group":"default","max_age":2592000,"endpoints":[{"url":"https://default.bbc-reporting-api.app/report-endpoint","priority":1}],"include_subdomains":true} |
| X-Fastly-Pre-Flight-Cache-Status | HIT-CLUSTER |
| Alt-Svc | h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 |
| Feature-Policy | accelerometer 'none'; autoplay 'self' https://emp.bbc.com https://emp.bbc.co.uk http://emp.bbc.com http://emp.bbc.co.uk; camera 'none'; document-domain 'self' https://emp.bbc.com https://emp.bbc.co.uk http://emp.bbc.com http://emp.bbc.co.uk; encrypted-media 'none'; fullscreen 'self' https://emp.bbc.com https://emp.bbc.co.uk http://emp.bbc.com http://emp.bbc.co.uk; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self' https://emp.bbc.com https://emp.bbc.co.uk http://emp.bbc.com http://emp.bbc.co.uk; screen-wake-lock 'none'; sync-xhr 'self'; usb 'none'; xr-spatial-tracking 'none' |
| X-Content-Type-Options | nosniff |
| Origin-Agent-Cluster | ?0 |
| X-Bbc-Edge-Cache-Status | STALE |
| X-Lb-Nocache | true |
| Nel | {"report_to":"default","max_age":2592000,"include_subdomains":true,"failure_fraction":0.25} |
| X-Xss-Protection | 1; mode=block |
| X-Robots-Tag | bingbot: noarchive |
| X-Cache-Hits | 1 |
| Content-Security-Policy | default-src 'none'; script-src 'strict-dynamic' 'nonce-V5Cjqdwi3qJSomacBASohZMNDAuwnDKQpFAzyf87LCMk6ZMvLP' 'self' 'report-sample' 'unsafe-inline' assets.wearehearken.eu cdn.syndication.twimg.com connect.facebook.net c.files.bbci.co.uk emp.bbci.co.uk ems.wearehearken.eu modules.wearehearken.eu mybbc-analytics.files.bbci.co.uk nav.files.bbci.co.uk news.files.bbci.co.uk platform.twitter.com public.flourish.studio static.bbc.co.uk static.bbci.co.uk static.chartbeat.com static2.chartbeat.com www.bbc.co.uk www.instagram.com www.ons.gov.uk gn-web-assets.api.bbc.com www.google-analytics.com bitesize.files.bbci.co.uk www.tiktok.com lf16-tiktok-web.ttwstatic.com static.files.bbci.co.uk; img-src 'self' https: data:; font-src c.files.bbci.co.uk gel.files.bbci.co.uk static.files.bbci.co.uk static.bbci.co.uk news.files.bbci.co.uk ws-downloads.files.bbci.co.uk bitesize.files.bbci.co.uk; style-src branding.files.bbci.co.uk cdn.riddle.com flo.uri.sh news.files.bbci.co.uk platform.twitter.com static.bbc.co.uk static.bbci.co.uk static.files.bbci.co.uk ton.twimg.com www.riddle.com 'unsafe-inline' lf16-tiktok-web.ttwstatic.com; frame-src 'self' bbc001.carto.com bbc003.carto.com bbc-maps.carto.com cdn.riddle.com chartbeat.com emp.bbc.co.uk emp.bbc.com flo.uri.sh graphics.reuters.com www.reuters.com graphics.thomsonreuters.com dynamic.mc-cdn.io vapi.mc-cdn.io vapi.beta.mc-cdn.io elections.mapcreator.io elections.beta.mapcreator.io cdn.mapcreator.io m.facebook.com news.files.bbci.co.uk personaltaxcalculator2.deloittecloud.co.uk platform.twitter.com public.flourish.studio static2.chartbeat.com syndication.twitter.com web.facebook.com www.bbc.co.uk www.facebook.com www.instagram.com www.tiktok.com www.ons.gov.uk www.riddle.com bbc-squares-dev.low6.com bbc-squares-prod.low6.com www.youtube.com www.youtube-nocookie.com uk-script.dotmetrics.net ssp-app-uk.votenow.tv ssp-app-uktest.votenow.tv ssp-app-ukbench.votenow.tv session.test.bbc.co.uk session.bbc.co.uk session.stage.bbc.co.uk bitesize.files.bbci.co.uk; object-src 'none'; manifest-src static.files.bbci.co.uk bitesize.files.bbci.co.uk; media-src 'self' blob: https:; connect-src 'self' https:; child-src blob:; base-uri 'none'; form-action 'self' platform.twitter.com syndication.twitter.com uk-script.dotmetrics.net/DeviceInfo.dotmetrics; frame-ancestors 'none'; upgrade-insecure-requests; report-to default; report-uri https://webcore.bbc-reporting-api.app/report-endpoint; |
| X-Cache | HIT |
| Vary | X-BBC-Edge-Scheme,x-id-oidc-signedin,bbc-mvt-8,Accept-Encoding |
| Connection | keep-alive |
| Belfrage-Cache-Status | MISS |
| Bid | bruce |
| Brequestid | e9d2b04156f8418097919a40fb4a59e8 |
| Req-Svc-Chain | FASTLY,GTM,BELFRAGE |
| X-Timer | S1743945832.021445,VS0,VE8 |
| Cache-Control | private, stale-if-error=90, stale-while-revalidate=30, max-age=0, must-revalidate |
| X-Cache-Age | 6 |
| Referrer-Policy | strict-origin-when-cross-origin |
| Fastly-Restarts | 1 |
| Accept-Ranges | bytes |
| X-Served-By | cache-ams21026-AMS |
| Via | 1.1 BBC-GTM, 1.1 Belfrage, 1.1 varnish |
| Date | Sun, 06 Apr 2025 13:23:52 GMT |
| X-Fastly-Cache-Status | HIT-STALE-CLUSTER |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar