https://hackmd.io/@Zd0moZGMRBOuLbJ_gI50ig/BkcbcP_f1e

Eingereichte URL:
https://hackmd.io/@Zd0moZGMRBOuLbJ_gI50ig/BkcbcP_f1e
Bericht beendet:

Risiken · 0 gefunden

Praktiken, die ein Sicherheitsrisiko darstellen können

  • Ohne Klassifizierung

Security Header · 4 gefunden

HTTP-Antwortheader, die die Sicherheit einer Web-App erhöhen können

NameWertSupportInfo
Strict-Transport-Securitymax-age=31536000; includeSubDomains; preloadGutartig
X-Frame-OptionsGutartig
X-Content-Type-OptionsGutartig
Content-Security-Policydefault-src 'none'; script-src 'self' vimeo.com https://gist.github.com www.slideshare.net 'unsafe-eval' https://assets.hackmd.io https://www.google.com https://apis.google.com https://docs.google.com https://accounts.google.com https://www.google.com https://apis.google.com https://docs.google.com https://accounts.google.com https://www.dropbox.com https://www.google-analytics.com https://stats.g.doubleclick.net https://secure.quantserve.com https://rules.quantcount.com https://pixel.quantserve.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://cdn.ravenjs.com https://browser.sentry-cdn.com https://js.stripe.com 'nonce-13bf16f6-1a5b-4aac-a117-8bb91bcec50b' 'sha256-EtvSSxRwce5cLeFBZbvZvDrTiRoyoXbWWwvEVciM5Ag=' 'sha256-NZb7w9GYJNUrMEidK01d3/DEtYztrtnXC/dQw7agdY4=' 'sha256-L0TsyAQLAc0koby5DCbFAwFfRs9ZxesA+4xg0QDSrdI=' 'sha256-8HvL1KRq6jEwDkuVgxMDK7Gag1vnT70L0Lfoa1E3YsY=' 'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=' https://tally.so https://tracks.hackmd.io https://plausible.io; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://assets-cdn.github.com https://github.githubassets.com https://assets.hackmd.io https://www.google.com https://fonts.gstatic.com https://www.google.com https://fonts.gstatic.com; font-src 'self' data: https://public.slidesharecdn.com https://assets.hackmd.io https://script.hotjar.com; object-src *; media-src *; frame-src *; child-src *; connect-src *; base-uri 'none'; form-action 'self' https://www.paypal.com; upgrade-insecure-requestsGutartig
Referrer-Policysame-originGutartig
Clear-Site-DataGutartig
X-Permitted-Cross-Domain-PoliciesGutartig
Permissions-PolicyNeu
Cross-Origin-Embedder-PolicyNeu
Cross-Origin-Opener-PolicyNeu
Cross-Origin-Resource-PolicyNeu
X-XSS-Protection1; mode=blockVeraltet
Feature-PolicyVeraltet
Expect-CTVeraltet
Public-Key-PinsVeraltet

Sicherheitsverstöße · 1 gefunden

Anfragen oder Ressourcen, die gegen Sicherheitsrichtlinien verstoßen

VerstoßTypInfo
Ressource
https://accounts.google.com/gsi/client
Beschreibung
Refused to load the stylesheet 'https://accounts.google.com/gsi/style' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://assets-cdn.github.com https://github.githubassets.com https://assets.hackmd.io https://www.google.com https://fonts.gstatic.com https://www.google.com https://fonts.gstatic.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
Content Security Policy

Zertifikate · 11 gefunden

SSL/TLS-Zertifikate ermöglichen es Websites, Transaktionen zwischen dem Client und dem Server zu verschlüsseln und die Identität des Servers zu überprüfen.

GegenstandAusstellungsdatumAblaufdatum
hackmd.io6. März 2024, 00:00:004. Apr. 2025, 23:59:59
*.hackmd.io19. Juli 2024, 00:00:0016. Aug. 2025, 23:59:59
tally.so17. Okt. 2024, 23:07:4915. Jan. 2025, 23:07:48
*.google-analytics.com21. Okt. 2024, 08:36:5713. Jan. 2025, 08:36:56
*.sentry-cdn.com4. Juni 2024, 18:46:046. Juli 2025, 18:46:03
plausible.io16. Okt. 2024, 11:10:0214. Jan. 2025, 11:10:01
accounts.google.com21. Okt. 2024, 08:38:5213. Jan. 2025, 08:38:51
*.g.doubleclick.net21. Okt. 2024, 08:36:5713. Jan. 2025, 08:36:56
*.google.es21. Okt. 2024, 08:39:3113. Jan. 2025, 08:39:30
*.googleusercontent.com21. Okt. 2024, 08:37:5313. Jan. 2025, 08:37:52