HTTP Headers Analysis for https://blog.maxar.com

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

default-src; script-src; script-src-elem; +10 more

default-src 'self'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.wistia.com https://*.vantor.com https://*.sanity.io https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.youtube.com https://*.ytimg.com https://*.demandbase.com https://*.company-target.com https://*.licdn.com https://*.linkedin.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://*.wistia.com https://*.vantor.com https://*.sanity.io https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.youtube.com https://*.ytimg.com https://*.demandbase.com https://*.company-target.com https://*.licdn.com https://*.linkedin.com https://www.google.com; script-src-attr 'unsafe-inline'; worker-src 'self' blob:; frame-src 'self' https://*.wistia.net https://*.sanity.io https://*.wistia.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.youtube.com https://*.youtube-nocookie.com https://*.company-target.com https://*.linkedin.com https://www.google.com; frame-ancestors 'self' https://*.sanity.io https://vantor-cms.netlify.app; connect-src 'self' https://*.netlify.app https://*.sanity.io https://*.sanity-cdn.com https://sanity-cdn.com https://*.vantor.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.wistia.com https://fast.wistia.com https://ava0h2e5.apicdn.sanity.io https://*.demandbase.com https://*.company-target.com https://*.licdn.com https://*.linkedin.com https://px.ads.linkedin.com https://www.google.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com; img-src 'self' https://*.sanity.io https://*.netlify.app https://cdn.sanity.io https://*.s3.amazonaws.com https://*.googlesyndication.com https://*.googleadservices.com https://www.googleadservices.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.linkedin.com https://*.licdn.com https://www.google.com data: https:; media-src 'self' https://*.sanity.io https://*.netlify.app https://cdn.sanity.io https:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data: https:;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(), microphone=(), camera=(), usb=(), payment=(), fullscreen=(self)

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

Performance Headers

2 headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Caching Headers

3 headers

Age

Caching

0

Cache-Control

Caching

public,max-age=0,must-revalidate

Etag

Caching

"9415576b6d2006274e9ab570ae68a80b-ssl"

Content Headers

2 headers

Content-Length

Content

2105493

Content-Type

Content

text/html; charset=UTF-8

Server Headers

1 headers

Server

Netlify

CORS Headers

0 headers

No CORS headers found

Cookies Headers

0 headers

No cookies headers found

Other Headers

3 headers

Cache-Status

Other

"Netlify Edge"; fwd=miss

Date

Other

Wed, 28 Jan 2026 23:05:10 GMT

X-Nf-Request-Id

Other

01KG3DN1JYQYGQ9JVP7ZJK6916

Recommendations

Enable compression (gzip/brotli) to improve performance