Summary
A Concise Overview of the scan result of url https://myloan.primeres.com/#/loan-officers/anyamjav%40primeres/
- Document
- HTML
- 1
- StyleSheets
- 4
- Scripts
- 6
- Font
- 1
- Images
- 2
- Links
- 1
- JavaScript Variables
- 58
- Console log messages
- 0
- Network
- Requests
- 34
- Bytes Transferred
- 1.24MB
- Bytes Total
- 4.43MB
- DNS Record
- CNAME Record
- 8
- A Record
- 1
- Technology
- PaaS
- 1
- JavaScript frameworks
- 1
- Security
- 1
- Tag managers
- 1
- Analytics
- 1
- CDN
- 1
- Payment processors
- 1
- Miscellaneous
- 1
Document
Links
The outgoing links identified from the page.
| Link | Text |
|---|---|
| https://blend.com | Powered by Blend |
JavaScript Variables
Global JavaScript variables are variables that are defined outside of any function or block scope in JavaScript.
eventundefinedonbeforetoggleobjectfenceobjectsharedStorageobjectdocumentPictureInPictureobjectfetchLaterfunctiononpageswapobjectonpagerevealobjectmodelobjectonscrollendobjectinjectNonblockingCSSfunctionisIE11booleanAPP_NAMEstringAPP_VERSIONstringSTATIC_ASSETS_PATHstringtimePerformancebooleankeystringNODE_ENVstringALLOW_FAST_FORWARDbooleanVERSIONstringUSE_CHAT_WIDGETbooleanCDN_URLstringE2E_TESTbooleanPIXEL_HOSTstringAI_ASSISTANT_POC_URLstringIS_STAGING_OR_MASTERbooleanGoogleMapsKeystringRecaptchaKeystringInvisibleRecaptchaKeystringManagedRecaptchaKeystringDEPLOYMENT_TIMEZONEobjectDEPLOYMENT_CONFIGobjectSHARED_CONSTANTSobjectFEATURE_FLAGSobjectCURRENT_USERobjectorganizationNamestringlenderFooterLinkTextstringtenantstringconfigGroupstringUSER_AUTH_LEVELstringARE_FEATURE_FLAGS_READ_ONLYbooleanFAST_FORWARD_TARGETSobjectgoogleAnalyticsConfigobjectwebpackJsonpobject_perfRefForUserTimingPolyfillobject_functionwebpackJsonpconsumerComponentsobject__SENTRY__objectpixelAPIobjectdataLayerobjectfrontendTrackingInitializedbooleangoogle_tag_managerobjectgoogle_tag_dataobjectGoogleAnalyticsObjectstringgafunctiongapluginsobjectgaGlobalobjectgaDataobject
Technology
The technologies identified are present on the scanned URL.
| Name | Description | Detected patterns |
|---|---|---|
| Analytics | ||
Google Analytics | Google Analytics is a free web analytics service that tracks and reports website traffic. | Type: scriptSrc Regex: google-analytics\.com\/(?:ga|urchin|analytics)\.js |
| JavaScript frameworks | ||
React | React is an open-source JavaScript library for building user interfaces or UI components. | Type: html Regex: <[^>]{1,250}data-react |
| Security | ||
| HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS. | Type: headers Name: strict-transport-security Regex: (?:) | |
| Miscellaneous | ||
Plaid | Plaid is a fintech company that facilitates communication between financial services apps and users' banks and credit card providers. | Type: headers Name: content-security-policy Regex: cdn\.plaid\.com\/ |
| CDN | ||
 Amazon S3 | Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface. | Type: headers Name: content-security-policy Regex: s3[^ ]{0,250}amazonaws\.com |
| Payment processors | ||
Plaid | Plaid is a fintech company that facilitates communication between financial services apps and users' banks and credit card providers. | Type: headers Name: content-security-policy Regex: cdn\.plaid\.com\/ |
| Tag managers | ||
Google Tag Manager | Google Tag Manager is a tag management system (TMS) that allows you to quickly and easily update measurement codes and related code fragments collectively known as tags on your website or mobile app. | Type: scriptSrc Regex: googletagmanager\.com\/gtm\.js |
| PaaS | ||
 Amazon Web Services | Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality. | Dependent on Amazon S3 |
Performance
The speed and efficiency of the scanned URL loads and displays its content.
- dns
- 1 msGood
- tcp
- 38 msGood
- requestTime
- 78 msGood
- dom
- 390 msPoor
DNS Record
A DNS record maps a domain name to an IP address or other resource information.
| Type | Name | Content | DNSSEC |
|---|---|---|---|
| CNAME | myloan.primeres.com | primeres.blendlabs.com. | no |
| CNAME | primeres.blendlabs.com | edge-proxy-cf.k8s.prod.blend.com. | no |
| CNAME | edge-proxy-cf.k8s.prod.blend.com | edge-proxy-cf.k8s.prod.blend.com.cdn.cloudflare.net. | no |
| CNAME | edge-proxy-cf.k8s.prod.blend.com.cdn.cloudflare.net | 9045d924a4f14ebdba4a5686d0560992.pacloudflare.com. | no |
| A | 9045d924a4f14ebdba4a5686d0560992.pacloudflare.com | 172.65.242.70 | no |
| CNAME | myloan.primeres.com | primeres.blendlabs.com. | no |
| CNAME | primeres.blendlabs.com | edge-proxy-cf.k8s.prod.blend.com. | no |
| CNAME | edge-proxy-cf.k8s.prod.blend.com | edge-proxy-cf.k8s.prod.blend.com.cdn.cloudflare.net. | no |
| CNAME | edge-proxy-cf.k8s.prod.blend.com.cdn.cloudflare.net | 9045d924a4f14ebdba4a5686d0560992.pacloudflare.com. | no |
SSL Certificate
An SSL certificate is a digital certificate that verifies the authenticity and encrypts the communication between a website and its visitors.
| Subject | Issue date | Expiry date | Valid |
|---|---|---|---|
myloan.primeres.com | 3/4/2026 | 3/5/2027 | 1 year 1 day |
cdn.prod.blend.com | 3/4/2026 | 3/5/2027 | 1 year 1 day |
fonts.googleapis.com | 3/4/2026 | 3/5/2027 | 1 year 1 day |
sentry-relay-proxy.k8s.tools.blend.com | 3/4/2026 | 3/5/2027 | 1 year 1 day |
www.googletagmanager.com | 3/4/2026 | 3/5/2027 | 1 year 1 day |
bl-prod-uploaded-assets.s3.amazonaws.com | 3/4/2026 | 3/5/2027 | 1 year 1 day |
fonts.gstatic.com | 3/4/2026 | 3/5/2027 | 1 year 1 day |
www.google-analytics.com | 3/4/2026 | 3/5/2027 | 1 year 1 day |
pixel.k8s.prod.blend.com | 3/4/2026 | 3/5/2027 | 1 year 1 day |
HTTP Headers
HTTP Header
An HTTP header is a component of an HTTP request or response that contains additional information about the message being sent or received.
| Name | Value |
|---|---|
| Cache-Control | no-store, no-cache, must-revalidate, proxy-revalidate |
| Content-Encoding | gzip |
| Content-Security-Policy | report-uri https://csp-violations.k8s.prod.blend.com/report;default-src 'self' *.blendlabs.com https://cdn.prod.blend.com data: fonts.gstatic.com https://maps.gstatic.com https://www.gstatic.com csi.gstatic.com https://maps.googleapis.com https://places.googleapis.com https://maps.google.com https://www.google.com https://bl-prod-static-assets.s3.amazonaws.com https://bl-prod-uploaded-assets.s3.amazonaws.com https://bl-prod-uploaded-assets-mirror.s3.amazonaws.com https://bl-prod-static-assets.s3.amazonaws.com https://bl-prod-static-assets-mirror.s3.amazonaws.com https://bl-prod-consumer-lending-store.s3.amazonaws.com https://cdn.plaid.com/link/ https://blend-backend-primeres-prod.s3.amazonaws.com https://blend-backend-primeres-prod-mirror.s3.amazonaws.com www.google-analytics.com;img-src *.centrio.com 'self' *.blendlabs.com *.snapengage.com https://assets.itscovered.com https://storage.googleapis.com/code.snapengage.com/ https://bl-uat-uploaded-assets.s3.amazonaws.com https://bl-prod-uploaded-assets.s3.amazonaws.com https://cdn.prod.blend.com data: fonts.gstatic.com https://maps.gstatic.com https://www.gstatic.com csi.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://bl-prod-static-assets.s3.amazonaws.com https://bl-sandbox-connex-static-assets.s3.amazonaws.com https://bl-beta-connex-static-assets.s3.amazonaws.com https://bl-prod-connex-static-assets.s3.amazonaws.com https://bl-prod-consumer-lending-store.s3.amazonaws.com https://bl-prod-uploaded-assets.s3.amazonaws.com https://bl-prod-uploaded-assets-mirror.s3.amazonaws.com https://bl-prod-static-assets.s3.amazonaws.com https://bl-prod-static-assets-mirror.s3.amazonaws.com https://ssl.gstatic.com https://blend-backend-primeres-prod.s3.amazonaws.com https://blend-backend-primeres-prod-mirror.s3.amazonaws.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com/ www.google-analytics.com https://www.googletagmanager.com *.doubleclick.net;connect-src wss://faye.blendlabs.com https://faye.blendlabs.com 'self' *.snapengage.com https://sentry-proxy.k8s.tools.blend.com https://sentry-relay-proxy.k8s.tools.blend.com https://sentry.k8s.tools.blend.com https://sentry-relay.k8s.tools.blend.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://session-replay-datadoghq.com https://bl-prod-uploaded-assets.s3.amazonaws.com https://bl-prod-uploaded-assets-mirror.s3.amazonaws.com https://cdn.prod.blend.com https://pixel.k8s.prod.blend.com https://bl-prod-consumer-lending-store.s3.amazonaws.com https://blend-backend-primeres-prod.s3.amazonaws.com https://blend-backend-primeres-prod-mirror.s3.amazonaws.com https://payment-api-external.k8s.prod.blend.com https://mfa-registrar.blendlabs.com https://maps.googleapis.com https://places.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https://cdn.prod.blend.com www.google.com fonts.googleapis.com *.freshchat.com;script-src https://faye.blendlabs.com 'self' https://cdn.prod.blend.com https://maps.googleapis.com https://places.googleapis.com https://www.google.com *.snapengage.com https://storage.googleapis.com/code.snapengage.com/ https://fw-cdn.com/12171104/4662755.js https://app.freshmarketer.com *.freshchat.com https://maps.gstatic.com https://www.gstatic.com https://maps.google.com https://challenges.cloudflare.com/turnstile/v0/api.js https://cdn.plaid.com/link/v2/stable/link-initialize.js 'unsafe-inline' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com/ https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com *.doubleclick.net;frame-src https://bl-prod-consumer-lending-store.s3.amazonaws.com https://cdn.plaid.com https://connect2.finicity.com https://app.mode.com 'self' https://cdn.prod.blend.com https://docusign.com https://*.docusign.com https://docusign.net https://*.docusign.net https://apps.e-signlive.com https://api.blendlabs.com https://api.blend.com *.freshchat.com https://lender.optimalblue.com https://connect.optimalblue.com https://challenges.cloudflare.com https://*.fls.doubleclick.net https://www.googletagmanager.com *.doubleclick.net;frame-ancestors |
| Content-Type | text/html; charset=utf-8 |
| Date | Thu, 05 Mar 2026 21:43:07 GMT |
| Etag | W/"17a57-T9DsOrK8BHvcbJ1+oiaujA1VueQ" |
| Expires | -1 |
| Pragma | no-cache |
| Referrer-Policy | no-referrer-when-downgrade |
| Strict-Transport-Security | max-age=31536000; includeSubDomains |
| Surrogate-Control | no-store |
| Transfer-Encoding | chunked |
| Vary | Accept-Encoding |
| Version | 7.993.4 |
| X-Content-Type-Options | nosniff |
| X-Dns-Prefetch-Control | off |
| X-Download-Options | noopen |
| X-Frame-Options | SAMEORIGIN |
| X-Served-By | edge-proxy |
| X-Server-Version | 1.20260225.2 |
| X-Xss-Protection | 0 |
Content Security Policy
Content Security Policy (CSP) is a security mechanism that helps prevent cross-site scripting (XSS) and other code injection attacks by specifying which content sources are allowed to be loaded on a web page.
| Name | Value |
|---|
Cookies
Cookies are small pieces of data stored on a user's web browser to track and remember information about their browsing activity on a website.
| Name | Value | Domain/Path | Expires | Secure | HTTP Only |
|---|---|---|---|---|---|
| device-id | s%3Ac2610f9a-4658-46f0-9e14-8327e56d14a4.AUSpvIh5V6Q1hLvgpYIUrxMeiYAGNzgnlLUBnjeGNcw | myloan.primeres.com/ | 4/9/2027, 9:43:07 PM | no | yes |
| blend.connect.sid | s%3AKQkG7CxmqNKk60sMZwdNddH-e6TscLyZ.U2r2VK9vpscsRV2jzNDWVPJ4EQ7cd2S0ZlLYFCwBYWA | myloan.primeres.com/ | 12/31/1969, 11:59:59 PM | yes | yes |
| _ga | GA1.2.665236257.1772746989 | .primeres.com/ | 4/9/2027, 9:43:08 PM | no | no |
| _gid | GA1.2.1349294295.1772746989 | .primeres.com/ | 3/6/2026, 9:43:08 PM | no | no |
| _gat_UA-2812261-6 | 1 | .primeres.com/ | 3/5/2026, 9:44:08 PM | no | no |
| XSRF-TOKEN | [XSRF-TOKEN redacted] | myloan.primeres.com/ | 12/31/1969, 11:59:59 PM | yes | no |