TODO: need to think through what exactly we'd be validating but it seems useful to include HTTP response headers in the scope of the tool. Only the HTML document should be validated.

You mean like these?
Link: <https://metrics.example.net>; rel='preconnect crossorigin'