HTTP Headers Analysis for https://blackrock.com

Open Cached · 7h ago

26 Headers

Detected Technologies from Headers

See all in URL Inspect 2

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000;preload

Content-Security-Policy

Basic

default-src; font-src; img-src; +8 more Analyze

Content-Security-Policy-Report-Only

Strong

default-src; font-src; img-src; +9 more Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close, Transfer-Encoding

Transfer-Encoding

Performance

chunked

connection: close, Transfer-Encoding
transfer-encoding: chunked

Caching Headers

Cache-Control

Caching

no-cache, no-store

Expires

Caching

Mon, 11 May 2026 16:37:46 GMT

cache-control: no-cache, no-store
expires: Mon, 11 May 2026 16:37:46 GMT

Content Headers

Content-Type

Content

text/html;charset=UTF-8

content-type: text/html;charset=UTF-8

Server Headers

Server

Server

istio-envoy

server: istio-envoy

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: ts-one-locale=en_US; Expires=Sat, 10 May 2031 16:37:46 GMT; Max-Age=157680000; Path=/; Secure; HttpOnly; SameSite=Lax
blkUserType-us-common=individual; Expires=Sat, 29 May 2094 19:51:53 GMT; Max-Age=2147483647; Path=/; Secure; HttpOnly; SameSite=Lax
StatisticalAnalyticsEnabled=true; Expires=Sun, 09 Aug 2026 16:37:46 GMT; Max-Age=7776000; Path=/; Secure; SameSite=Lax
SSESSIONID_blk-one01=NzVhZjljNTEtYjk5NS00MTgzLThlMWUtNjY1ZTAzZGY2Yjli; Path=/; Secure; HttpOnly; SameSite=Lax
STICKY_SESSION_COOKIE_BLK_ONE01_LIVE="736b769e5d8054e9"; Max-Age=3600; Path=/; HttpOnly
DC_STICKY_SESSION_COOKIE=musw2; Path=/; Max-Age=28800; HttpOnly; Secure; SameSite=None

Other Headers

Date

Other

Mon, 11 May 2026 16:37:46 GMT

Link

Other

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/fontawesome-5pro/fa-solid-900.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/fontawesome-5pro/fa-regular-400.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/fontawesome-5pro/fa-light-300.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFort-Extrabold.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/fontawesome-5pro/fa-solid-900.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/fontawesome-5pro/fa-regular-400.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/fontawesome-5pro/fa-light-300.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFort-Extrabold.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFort-Book.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFort-Bold.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFortCond-Book.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFortCond-BookItalic.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFortCond-Bold.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFortCond-BoldItalic.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFortCond-Light.woff2

rel=preload as=font type=font/woff2 crossorigin

URL /blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFortCond-LightItalic.woff2

rel=preload as=font type=font/woff2 crossorigin

URL https://sourcedefense.blackrock.com

rel=preconnect crossorigin

URL

https://tags.tiqcdn.com

rel=preconnect crossorigin

URL https://services.sdiapi.com

rel=preconnect crossorigin

Reporting-Endpoints

Other

orca-endpoint="https://www.blackrock.com:443/us/individual/csp-report-to.json"

X-Cache-Status

Other

MISS

X-Envoy-Upstream-Service-Time

Other

19

X-Host-Ref

Other

blk-one01-live-596b85ff58-fp2w8/orca

X-Locale

Other

en_US

X-Page-Name

Other

home

X-Region-Ref

Other

musw2

X-Request-Id

Other

134ce3ff-19dba4a3473

X-Site-Name

Other

one

X-Ua-Compatible

Other

IE=edge

date: Mon, 11 May 2026 16:37:46 GMT
link: </blk-one01-c-assets/cache-1776782256000/include/common/fonts/fontawesome-5pro/fa-solid-900.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin, </blk-one01-c-assets/cache-1776782256000/include/common/fonts/fontawesome-5pro/fa-regular-400.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin, </blk-one01-c-assets/cache-1776782256000/include/common/fonts/fontawesome-5pro/fa-light-300.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin, </blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFort-Extrabold.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin, </blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFort-Book.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin, </blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFort-Bold.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin, </blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFortCond-Book.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin, </blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFortCond-BookItalic.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin, </blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFortCond-Bold.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin, </blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFortCond-BoldItalic.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin, </blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFortCond-Light.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin, </blk-one01-c-assets/cache-1776782256000/include/common/fonts/blk-fort/BLKFortCond-LightItalic.woff2>; rel="preload"; as="font"; type="font/woff2"; crossorigin, <https://sourcedefense.blackrock.com>; rel=preconnect; crossorigin, <https://tags.tiqcdn.com>; rel=preconnect; crossorigin, <https://services.sdiapi.com>; rel=preconnect; crossorigin
reporting-endpoints: orca-endpoint="https://www.blackrock.com:443/us/individual/csp-report-to.json"
x-cache-status: MISS
x-envoy-upstream-service-time: 19
x-host-ref: blk-one01-live-596b85ff58-fp2w8/orca
x-locale: en_US
x-page-name: home
x-region-ref: musw2
x-request-id: 134ce3ff-19dba4a3473
x-site-name: one
x-ua-compatible: IE=edge

Recommendations

Enable compression (gzip/brotli) to improve performance