HTTP/1.1 200 OK
Date: Sat, 21 Jun 2025 07:12:39 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Content-Security-Policy-Report-Only: default-src 'none'
Content-Security-Policy-Report-Only: child-src 'self' https://*.goguardian.com
Content-Security-Policy-Report-Only: connect-src 'self' https://*.goguardian.com https://*.agora.io https://*.agora.io:6443 https://*.agoraio.cn https://*.agoraio.cn:6443 https://*.amplitude.com https://*.appcues.com https://*.appcues.net https://*.crazyegg.com https://*.doubleclick.net https://*.google-analytics.com https://*.litix.io https://*.pusher.com https://*.pusherapp.com https://*.segment.io https://*.wistia.com https://*.wootric.com https://*.zdassets.com https://*.zendesk.com https://embedwistia-a.akamaihd.net wss://*.appcues.net wss://*.pusher.com wss://*.pusherapp.com wss://*.zopim.com
Content-Security-Policy-Report-Only: font-src 'self' https://*.goguardian.com data: https://*.gstatic.com https://*.zopim.com
Content-Security-Policy-Report-Only: frame-src 'self' https://*.goguardian.com https://*.appcues.com https://*.chilipiper.com https://*.disqus.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.google.com https://*.twitter.com https://*.youtube.com https://disqus.com
Content-Security-Policy-Report-Only: img-src 'self' https://*.goguardian.com data: blob: https://*.adsymptotic.com https://*.bing.com https://*.chilipiper.com https://*.clearbit.com https://*.cloudinary.com https://*.ctfassets.net https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gstatic.com https://*.linkedin.com https://*.wistia.com https://*.wistia.net https://*.ytimg.com https://*.zopim.com https://*.zopim.io https://embedwistia-a.akamaihd.net https://maps.wikimedia.org https://s3-us-west-2.amazonaws.com https://t.co https://theft-recovery-screenshots.s3.amazonaws.com
Content-Security-Policy-Report-Only: manifest-src 'self' https://*.goguardian.com
Content-Security-Policy-Report-Only: media-src 'self' https://*.goguardian.com data: blob: https://*.ctfassets.net https://*.gstatic.com https://*.wistia.net https://*.zdassets.com https://*.zopim.com https://embedwistia-a.akamaihd.net
Content-Security-Policy-Report-Only: script-src 'self' https://*.goguardian.com 'unsafe-inline' 'unsafe-eval' https://*.ads-twitter.com https://*.amplitude.com https://*.appcues.com https://*.appcues.net https://*.bing.com https://*.chilipiper.com https://*.consensu.org https://*.crazyegg.com https://*.disqus.com https://*.doubleclick.net https://*.drift.com https://*.driftt.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googletagmanager.com https://*.jquery.com https://*.licdn.com https://*.litix.io https://*.logrocket.io https://*.lr-ingest.io https://*.onetrust.com https://*.optimizely.com https://*.pardot.com https://*.segment.com https://*.twitter.com https://*.windows.net https://*.wistia.com https://*.wistia.net https://*.wootric.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://*.zopim.io https://disutgh7q0ncc.cloudfront.net
Content-Security-Policy-Report-Only: style-src 'self' https://*.goguardian.com 'unsafe-inline' https://*.appcues.com https://*.chilipiper.com https://*.disquscdn.com https://*.googleapis.com https://*.marketo.com https://*.windows.net
Content-Security-Policy-Report-Only: report-uri https://casper.goguardian.com/csp-report
Referrer-Policy: no-referrer-when-downgrade
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Amzn-Trace-Id: Root=1-68565b67-546fc5d56d7ff6de68be4015
X-Content-Type-Options: nosniff
X-Request-Id: 47e0211b-fc7b-47b4-b0b9-0062205422dc
X-Xss-Protection: 1; mode=block