blenderbox.com

HTML metadata

Title: Blenderbox - Policy-responsive™ design for modern government
Description: Blenderbox is a human-centered design agency. We transform government systems and services to be efficient and user-friendly. Certified WBE.
Language: en-US
Canonical: https://blenderbox.com/

Open Graph

url: https://blenderbox.com/
title: Blenderbox – Human-centered design for modern government
locale: en_US
site name: Blenderbox
description: Founded in 2000, Blenderbox is a product strategy, design, and technology agency dedicated to improving government systems and services.

Technology

CDN: Cloudflare
CMS: WordPress

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (6)

fonts.googleapis.com×4
fonts.gstatic.com×2
js.hs-scripts.com×1
js.hsforms.net×1
tag.clearbitscripts.com×1
www.googletagmanager.com×1

Social

Registration

Registrar

Network Solutions, LLC

Created

2000-02-22

Expires

2036-02-22 3566 days left

Updated

2026-02-23

Name servers

april.ns.cloudflare.com
bruce.ns.cloudflare.com

DNS records live

NS

april.ns.cloudflare.com
bruce.ns.cloudflare.com

MX

1 aspmx.l.google.com
10 aspmx2.googlemail.com
10 aspmx3.googlemail.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 8 TXT records

atlassian-sending-domain-verification=6d9bce00-aae1-4386-bccf-8ae7c20b730a
google-site-verification=aK4VSP5ir3mnDjwIugrETRlUPHHl8AB1GXUrexdVp2o
lovable_verification=NGmmiW2QQBP5sIwTSxq3
D00B4DE83A
MS=2F52377C768B5C545A11FB90D5869D6BE60B5F2F
ZOOM_verify_kFo9gMAi39rhO7P5cOrpO7
airtable-verification=87b97fbecfd41cc744eabbdf7d6c530e
atlassian-domain-verification=5oBKt6Px4R3Da4lJ0dw5Sp2UJQuXoCla3kgkLvBTmHHyABmHWEolGpxvmsbPcfCZ

Email authentication strong

SPF

v=spf1 a mx ptr ip4:64.21.121.48/28 include:_spf.google.com include:spf.mandrillapp.com include:_spf.atlassian.net include:23609544.spf01.hubspotemail.net -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:08c3bffe107f4ea0951a97f10eece3a3@dmarc-reports.cloudflare.net,mailto:re+et39bv0jggi@dmarc.postmarkapp.com; ruf=mailto:re+et39bv0jggi@dmarc.postmarkapp.com; fo=1; pct=100

policy: quarantine

DKIM

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgp7cl7wqkSf85Ptyhmi7tMpwxpLnH1YXAbz6LNLuBX0InxgH1wAsmFd7cBSDbiaderJdYLUMLslv6f…

selectors probed

Certificate (current)

E8

from 2026-05-05 to 2026-08-03

Expires in 76 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 55/100 Checked live page: https://blenderbox.com/

present

content-security-policy
x-frame-options
permissions-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing content type protection
missing Referrer Policy

Header values

x-frame-options: SAMEORIGIN
permissions-policy: private-state-token-redemption=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com"), private-state-token-issuance=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com")
content-security-policy: default-src 'self' *.hsforms.com hsforms.com *.wpengine.com wpengine.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clearbitscripts.com *.clearbitjs.com *.typekit.net www.yoast.com yoast.com *.helpscout.net *.hsforms.net hsforms.net www.gstatic.com www.google-analytics.com www.google.com www.googletagmanager.com ajax.googleapis.com snap.licdn.com static.addtoany.com *.list-manage.com *.userback.io *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com data:; connect-src 'self' *.googleapis.com *.linkedin.com *.clearbit.com *.hscollectedforms.net optinmonster.com *.cloudfront.net getform.io yoast.com dify.wpengine.com my.wpengine.com www.google-analytics.com stats.g.doubleclick.net cdn.linkedin.oribi.io *.hsforms.com hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.userback.io; img-src 'self' *.hubspot.com *.gstatic.com www.google.com googletagmanager.com *.typekit.net *.w.org *.wpengine.com wpengine.com *.linkedin.com *.hsforms.com hsforms.com *.gra

Links to (2)

linkedin.com×2
twitter.com×2

Linked from (2)

lisc.org×2
59e59.org×2