neh.gov | Analytics by SecurityHeaders

HTTP Headers report for neh.gov

Header Name Header Data
HTTP status code 200
X-Drupal-Dynamic-Cache HIT
X-Xss-Protection 1
X-Drupal-Cache HIT
Cache-Control max-age=31536000, public
Vary Cookie,Accept-Encoding
Age 88180
X-Content-Type-Options nosniff
X-Ah-Environment prod
Etag "1744044818-gzip"
X-Request-Id v-10031234-13d3-11f0-a842-5bd78155b884
Connection keep-alive
Last-Modified Mon, 07 Apr 2025 16:53:38 GMT
Content-Type text/html; charset=UTF-8
X-Cache-Hits 43333
X-Generator Drupal 10 (https://www.drupal.org)
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
Accept-Ranges bytes
Date Tue, 08 Apr 2025 17:39:08 GMT
Via varnish
X-Cache HIT
Server nginx
Content-Security-Policy default-src 'self' public.govdelivery.com www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com fonts.gstatic.com api.kudoway.com stats.g.doubleclick.net cdn-broadcast002-iad.tokbox.com prd.jwpltx.com blob: cdn-broadcast002-pdx.tokbox.com *.tokbox.com www.odwebp.svc.ms public.tableau.com recapd.com *.googleapis.com *.google-analytics.com; connect-src 'self' public.govdelivery.com www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com fonts.gstatic.com api.kudoway.com stats.g.doubleclick.net cdn-broadcast002-iad.tokbox.com prd.jwpltx.com blob: cdn-broadcast002-pdx.tokbox.com *.tokbox.com www.odwebp.svc.ms public.tableau.com recapd.com *.googleapis.com *.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' fast.fonts.net fonts.gstatic.com; img-src 'self' i.ytimg.com www.gstatic.com www.google-analytics.com translate.googleapis.com data: fonts.gstatic.com www.google.com translate.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' public.govdelivery.com www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com stats.g.doubleclick.net ssl.p.jwpcdn.com content.jwplatform.com developer.jwplayer.com www.gstatic.com *.googleapis.com blob: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://dap.digitalgov.gov https://polyfill-fastly.io https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' public.govdelivery.com www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com ssl.p.jwpcdn.com content.jwplatform.com translate.google.com *.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://dap.digitalgov.gov https://polyfill-fastly.io https://www.google.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com fast.fonts.net kudo-widget.s3.amazonaws.com www.gstatic.com *.googleapis.com fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'
Expires Sun, 19 Nov 1978 05:00:00 GMT
Content-Language en
X-Frame-Options SAMEORIGIN

About the tool

By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.

This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.

We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.

Watch it now at TrustRadar