I was testing the gateway with google.co.uk. In its response, it set the Location header to 'http://www.google.com', and returned a 302 redirect, which caused my browser to immediately bounce to that location.

This essentially bypasses the gateway. Perhaps this is something we should treat as normal behaviour in the situation such as above - but potentially there's a catch :

A site can redirect to a different path on the same site, using a full URL (spec allows full and relative).

e.g. let's imagine 'example.com' redirects to 'example.com/content/' with a full URL. That would immediately confuse the browser, and if it was a service only available behind the gateway, it will break for the user.

This may or may not be worth addressing, WDYT.