blend.com

HTML metadata

Title: Blend: Digital Lending & Account Opening for Banks, Credit Unions & Mortgage Providers
Description: Blend: Modernize lending & account opening for banks, credit unions, & mortgage providers. Streamline operations, enhance digital experience, and drive growth across all accounts.
Language: en-US
Generator: WordPress 6.9.4
Canonical: https://blend.com/

Open Graph

url: https://blend.com/
title: Blend: Digital Lending & Account Opening for Banks, Credit Unions & Mortgage Providers
locale: en_US
site name: Blend
description: Blend: Modernize lending & account opening for banks, credit unions, & mortgage providers. Streamline operations, enhance digital experience, and drive growth across all accounts.

Technology

Server: nginx
CMS: WordPress

Analytics

Google Tag Manager

Third-party hosts loaded (3)

play.vidyard.com×2
js.hsforms.net×1
www.googletagmanager.com×1

Social

Registration

Registrar

Amazon Registrar, Inc.

Created

2000-10-28

Expires

2026-10-28 161 days left

Updated

2026-05-14

Name servers

ns-1419.awsdns-49.org
ns-1979.awsdns-55.co.uk
ns-44.awsdns-05.com
ns-593.awsdns-10.net

DNS records live

NS

ns-1419.awsdns-49.org
ns-1979.awsdns-55.co.uk
ns-44.awsdns-05.com
ns-593.awsdns-10.net

MX

1 aspmx.l.google.com
10 aspmx2.googlemail.com
10 aspmx3.googlemail.com
5 alt1.aspmx.l.google.com
5 alt2.aspmx.l.google.com

TXT

Show 29 TXT records

jamf-site-verification=jWad1h85I8A41AqxsRGh3g
google-site-verification=OZQtmO0zNhjJnrjtPiKG077gyVs5WT2xMOZJqIbgsT8
google-site-verification=sg44Ic_GglMF_PfX5yEhrJyS1qk1-i5Mbx9tU2sHc5w
h1-domain-verification=YjPKpXsLjTJYqy47PYyrSWowwcVRTL9orkrdDRkK5FeWU87r
hubspot-domain-verification=ODRhNThlNDYtYjk2ZC00NDU3LWI3N2YtMWIxZjAzNDlmZTc2
onetrust-domain-verification=1f1a0cbf4af04c198dffaf8f4bd70626
remote-domain-verification=d6efef39-f55e-413d-bb9b-cb5df3de4618
Foxit-domain-verification=5e1a08ffde16730060a5d28348024b69
adobe-idp-site-verification=5d97b310f3a26d5844abed0132ff76d8b043c32960e4b38dc8821ed2f0bdaa1a
MS=ms23575374
anthropic-domain-verification-9jhvtn=qCyq8KvTnQ41cDgkoPxpGIGx6
cursor-domain-verification-0g3e6a=E17pYQk7OiHCI8vSiqOaqSRbn
atlassian-domain-verification=CCEqAAlzHOblEtBynRSoHAc6amzPKgpFXg6hYpgDgq6Ngfp8zOvwDBCaCAmZ6jI6
docker-verification=7b0ddbb5-4196-412c-bc4c-c0742353376a
uber-domain-verification=8a381038-bf2f-47b6-885d-f0b44e1dbff9
docusign=2e06e9ef-023e-44e3-84c6-590dda927cfa
00D36000000XxJa=1TBWQ00000001Yn
apple-domain-verification=miIAhQ6oH92yROqn
status-page-domain-verification=nqb3fgxv9fr8
google-site-verification=YBhxv19V3_MIS0guLRSmU7u_Ffl1B_1J_Liux24h7L4
slack-domain-verification=qH7NkscPcEVCY05FoFZNWFQPMBstRkbmWof3wJiA
bugcrowd-verification=4988a3afa9e2e90f6ff894682782c6fb
pxf5ltr2zv9hfkc277t1btph6xfkx936
zapier-domain-verification-challenge=2ce2cc1a-34a8-4362-81a5-b8dc2252da4a
anthropic-domain-verification-1vjsq7=pgO2K5qBbHmiiVcwOl3w4ix4h
docusign=93a4b2a0-7449-4ab9-b31a-def524ee8412
_rg9hcb9sondyvxtxgbdqwx3mjgqqyy1
thebrief-domain-verification=54d0b58e-3910-4800-8c87-b29351e6be2f
dropbox-domain-verification=unw8i8s6dmib

Email authentication strong

SPF

v=spf1 ip4:52.7.93.22 ip4:54.152.143.177 ip4:54.88.153.50 ip4:52.3.34.136 include:mail.zendesk.com include:stspg-customer.com include:_spf.google.com include:_spf.salesforce.com include:_spf.psm.knowbe4.com include:48021128.spf10.hubspotemail.net -all

strict (-all)

DMARC

v=DMARC1; p=reject; rua=mailto:dmarc@blend.com; ruf=mailto:dmarc@blend.com; pct=100; adkim=s; aspf=s

policy: reject (enforced)

DKIM

Show 4 DKIM selectors

google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3XNgJNgukMsT0Gk34loU6GH9H//Y95kF0rFUnxvnHH2gq0AWEaJ9ce0wvHigV75A5VbJKjBPSpiqa…
s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszDWCC9C3/mCXp53VQhYXN/uhbMQii/l36zW27KUgKi2b5XI1/TYvgZ1/PL14PCjahTLsQyPCKnTTzKea/…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnu6uMXwZVFFRfTSPpaZ7nc5Ciu7eP7IrTwiolaiLb5b74t+1GeBWACDaSB5XMCo3BagkckXcEFHDUVIPreIHhCt…
smtpapi: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…

selectors probed

Certificate (current)

Certainly Intermediate R1

from 2026-05-16 to 2026-06-15

Expires in 27 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://blend.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: no-referrer-when-downgrade
x-frame-options: DENY
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'none'; connect-src 'self' www.google-analytics.com https://sessions.bugsnag.com wss://ws-mt1.pusher.com https://sockjs.pusher.com1 *.google-analytics.com *.analytics.google.com api.userback.io logx.optimizely.com 287-ugb-469.mktoresp.com px.ads.linkedin.com events.rm-api.com stats.g.doubleclick.net ws.zoominfo.com play.vidyard.com https://lottie.host https://sockjs.pusher.com https://analytics.google.com *.google.com https://connect.facebook.net connect.facebook.net http://c.6sc.co/ https://ipv6.6sc.co/ https://eps.6sc.co/v3/company/details https://v.eps.6sc.co/v https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hscollectedforms.net https://api.hubapi.com https://epsilon.6sense.com/v3/company/details https://forms.hubspot.com https://cdn.jsdelivr.net https://ipmeta.io https://api.nelioabtesting.com https://cta-service-cms2.hubspot.com *.contentsquare.net *.contentsquare.com; object-src blend.localhost blendcom.localhost blendc
strict-transport-security: max-age=63072000; includeSubDomains, max-age=31622400

Links to (5)

Linked from (2)

blendlabs.com×5
techtonica.org×2