Eingereichte URL:
https://www.drmax.cz/
Bericht beendet:

Cookies · 7 gefunden

Copy link

Cookies sind kleine Textdateien, die auf dem Gerät eines Nutzers gespeichert werden. Sie werden häufig verwendet, um sich an die Präferenzen des Nutzers zu erinnern und personalisierte Erfahrungen zu ermöglichen.

NameWertDomainPfadLäuft ab (UTC)SicherNur HTTP
deviceCachej7RynKUQ0.drmax.cz/NeinJa
persooSession[persooSession redacted].drmax.cz/NeinNein
persooVidAAABk9O47H3OwbEZShLWNqQzwww.drmax.cz/NeinNein
persooVidAAABk9O47H3OwbEZShLWNqQz.drmax.cz/NeinNein
_lb7449294070914418000.drmax.cz/NeinNein
PHPSESSID[PHPSESSID redacted].drmax.cz/JaJa
private_content_version9084c6464467f52cea1084eb7e9fe40cwww.drmax.cz/JaNein

JavaScript-Variablen · 71 gefunden

Copy link

Globale JavaScript-Variablen, die in das Window Object einer Seite geladen werden, sind Variablen, die außerhalb von Funktionen deklariert werden und von jeder Stelle des Codes innerhalb des aktuellen Bereichs zugänglich sind

NameTyp
0object
1object
2object
onbeforetoggleobject
documentPictureInPictureobject
onscrollendobject
nsfobject
dataLayerV2object
initLUXfunction
ccundefined

Konsolenprotokoll-Meldungen · 15 gefunden

Copy link

In der Web-Konsole protokollierte Meldungen

LevelQuelleMessage
errornetwork
URL
https://events.drmax.cz/container?l=dataLayerV2
Text
Failed to load resource: the server responded with a status of 400 ()
errorsecurity
URL
https://www.googletagmanager.com/gtm.js?id=GTM-PP52DD&l=dataLayerV2
Text
[Report Only] Refused to load the script 'https://web.cmp.usercentrics.eu/ui/loader.js' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.cookiebot.com *.drmax-cz.space *.drmax-gl.space *.drmax-gl.dev *.drmax-sk.space *.drmax.cz *.drmax.net *.drmax.sk *.drmax.zone *.drmax-gl.live *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.instagram.com *.sentry.io *.twitter.com api.luigisbox.com api.mailkit.eu backend.drmax-cz.space bam.eu01.nr-data.net bat.bing.com c.imedia.cz c.seznam.cz cdn.jsdelivr.net cdn.luigisbox.com cdn.speedcurve.com cdn-4.convertexperiments.com cdp.drmax.meiro.io drmax-events.persoo.app drmaxczeepmhub.azurewebsites.net drmaxczeepmhubtest.azurewebsites.net dynamic.criteo.com events.drmax.cz fledge.eu.criteo.com fonts.gstatic.com googleads.g.doubleclick.net gum.criteo.com image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space insights.algolia.io js-agent.newrelic.com measurement-api.criteo.com meiro.drmax.cz pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space rtp.persoo.ai s2.adform.net scripts.persoo.cz search-service.drmax-gl.space signals.convertexperiments.com sslwidget.criteo.com static.cloudflareinsights.com static.criteo.net stats.g.doubleclick.com stats.g.doubleclick.net td.doubleclick.net track.adform.net u.mailkit.eu unpkg.com www.google.cz www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
logother
URL
https://scripts.persoo.cz/vh0ouis9qu40h2holseh6t8s/p/actions.js
Text
*** Persoo adding listener
errorsecurity
URL
https://cdn-4.convertexperiments.com/static/v1/signals.observer.min.js
Text
[Report Only] Refused to create a worker from 'blob:https://www.drmax.cz/d185fe53-f55f-4916-ae8d-e4aed6954261' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.cookiebot.com *.drmax-cz.space *.drmax-gl.space *.drmax-gl.dev *.drmax-sk.space *.drmax.cz *.drmax.net *.drmax.sk *.drmax.zone *.drmax-gl.live *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.instagram.com *.sentry.io *.twitter.com api.luigisbox.com api.mailkit.eu backend.drmax-cz.space bam.eu01.nr-data.net bat.bing.com c.imedia.cz c.seznam.cz cdn.jsdelivr.net cdn.luigisbox.com cdn.speedcurve.com cdn-4.convertexperiments.com cdp.drmax.meiro.io drmax-events.persoo.app drmaxczeepmhub.azurewebsites.net drmaxczeepmhubtest.azurewebsites.net dynamic.criteo.com events.drmax.cz fledge.eu.criteo.com fonts.gstatic.com googleads.g.doubleclick.net gum.criteo.com image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space insights.algolia.io js-agent.newrelic.com measurement-api.criteo.com meiro.drmax.cz pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space rtp.persoo.ai s2.adform.net scripts.persoo.cz search-service.drmax-gl.space signals.convertexperiments.com sslwidget.criteo.com static.cloudflareinsights.com static.criteo.net stats.g.doubleclick.com stats.g.doubleclick.net td.doubleclick.net track.adform.net u.mailkit.eu unpkg.com www.google.cz www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com". Note that 'worker-src' was not explicitly set, so 'default-src' is used as a fallback.
errorsecurity
URL
https://www.drmax.cz/
Text
[Report Only] Refused to create a worker from 'blob:https://www.drmax.cz/d185fe53-f55f-4916-ae8d-e4aed6954261' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.cookiebot.com *.drmax-cz.space *.drmax-gl.space *.drmax-gl.dev *.drmax-sk.space *.drmax.cz *.drmax.net *.drmax.sk *.drmax.zone *.drmax-gl.live *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.instagram.com *.sentry.io *.twitter.com api.luigisbox.com api.mailkit.eu backend.drmax-cz.space bam.eu01.nr-data.net bat.bing.com c.imedia.cz c.seznam.cz cdn.jsdelivr.net cdn.luigisbox.com cdn.speedcurve.com cdn-4.convertexperiments.com cdp.drmax.meiro.io drmax-events.persoo.app drmaxczeepmhub.azurewebsites.net drmaxczeepmhubtest.azurewebsites.net dynamic.criteo.com events.drmax.cz fledge.eu.criteo.com fonts.gstatic.com googleads.g.doubleclick.net gum.criteo.com image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space insights.algolia.io js-agent.newrelic.com measurement-api.criteo.com meiro.drmax.cz pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space rtp.persoo.ai s2.adform.net scripts.persoo.cz search-service.drmax-gl.space signals.convertexperiments.com sslwidget.criteo.com static.cloudflareinsights.com static.criteo.net stats.g.doubleclick.com stats.g.doubleclick.net td.doubleclick.net track.adform.net u.mailkit.eu unpkg.com www.google.cz www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com". Note that 'worker-src' was not explicitly set, so 'default-src' is used as a fallback.
errorsecurity
URL
https://web.cmp.usercentrics.eu/ui/loader.js
Text
[Report Only] Refused to load the script 'https://web.cmp.usercentrics.eu/ui/v/3.28.3/BrowserSdk.lib.a6384558.js' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.cookiebot.com *.drmax-cz.space *.drmax-gl.space *.drmax-gl.dev *.drmax-sk.space *.drmax.cz *.drmax.net *.drmax.sk *.drmax.zone *.drmax-gl.live *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.instagram.com *.sentry.io *.twitter.com api.luigisbox.com api.mailkit.eu backend.drmax-cz.space bam.eu01.nr-data.net bat.bing.com c.imedia.cz c.seznam.cz cdn.jsdelivr.net cdn.luigisbox.com cdn.speedcurve.com cdn-4.convertexperiments.com cdp.drmax.meiro.io drmax-events.persoo.app drmaxczeepmhub.azurewebsites.net drmaxczeepmhubtest.azurewebsites.net dynamic.criteo.com events.drmax.cz fledge.eu.criteo.com fonts.gstatic.com googleads.g.doubleclick.net gum.criteo.com image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space insights.algolia.io js-agent.newrelic.com measurement-api.criteo.com meiro.drmax.cz pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space rtp.persoo.ai s2.adform.net scripts.persoo.cz search-service.drmax-gl.space signals.convertexperiments.com sslwidget.criteo.com static.cloudflareinsights.com static.criteo.net stats.g.doubleclick.com stats.g.doubleclick.net td.doubleclick.net track.adform.net u.mailkit.eu unpkg.com www.google.cz www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
errorsecurity
URL
https://web.cmp.usercentrics.eu/ui/loader.js
Text
[Report Only] Refused to load the script 'https://web.cmp.usercentrics.eu/ui/v/3.28.3/BrowserSdk.lib.a6384558.js' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.cookiebot.com *.drmax-cz.space *.drmax-gl.space *.drmax-gl.dev *.drmax-sk.space *.drmax.cz *.drmax.net *.drmax.sk *.drmax.zone *.drmax-gl.live *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.instagram.com *.sentry.io *.twitter.com api.luigisbox.com api.mailkit.eu backend.drmax-cz.space bam.eu01.nr-data.net bat.bing.com c.imedia.cz c.seznam.cz cdn.jsdelivr.net cdn.luigisbox.com cdn.speedcurve.com cdn-4.convertexperiments.com cdp.drmax.meiro.io drmax-events.persoo.app drmaxczeepmhub.azurewebsites.net drmaxczeepmhubtest.azurewebsites.net dynamic.criteo.com events.drmax.cz fledge.eu.criteo.com fonts.gstatic.com googleads.g.doubleclick.net gum.criteo.com image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space insights.algolia.io js-agent.newrelic.com measurement-api.criteo.com meiro.drmax.cz pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space rtp.persoo.ai s2.adform.net scripts.persoo.cz search-service.drmax-gl.space signals.convertexperiments.com sslwidget.criteo.com static.cloudflareinsights.com static.criteo.net stats.g.doubleclick.com stats.g.doubleclick.net td.doubleclick.net track.adform.net u.mailkit.eu unpkg.com www.google.cz www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
errorsecurity
URL
https://web.cmp.usercentrics.eu/ui/v/3.28.3/BrowserSdk.lib.a6384558.js
Text
[Report Only] Refused to connect to 'https://v1.api.service.cmp.usercentrics.eu/latest/core/_9-1Z62sbLkx-Z' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.cookiebot.com *.drmax-cz.space *.drmax-gl.space *.drmax-gl.dev *.drmax-sk.space *.drmax.cz *.drmax.net *.drmax.sk *.drmax.zone *.drmax-gl.live *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.instagram.com *.sentry.io *.twitter.com api.luigisbox.com api.mailkit.eu backend.drmax-cz.space bam.eu01.nr-data.net bat.bing.com c.imedia.cz c.seznam.cz cdn.jsdelivr.net cdn.luigisbox.com cdn.speedcurve.com cdn-4.convertexperiments.com cdp.drmax.meiro.io drmax-events.persoo.app drmaxczeepmhub.azurewebsites.net drmaxczeepmhubtest.azurewebsites.net dynamic.criteo.com events.drmax.cz fledge.eu.criteo.com fonts.gstatic.com googleads.g.doubleclick.net gum.criteo.com image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space insights.algolia.io js-agent.newrelic.com measurement-api.criteo.com meiro.drmax.cz pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space rtp.persoo.ai s2.adform.net scripts.persoo.cz search-service.drmax-gl.space signals.convertexperiments.com sslwidget.criteo.com static.cloudflareinsights.com static.criteo.net stats.g.doubleclick.com stats.g.doubleclick.net td.doubleclick.net track.adform.net u.mailkit.eu unpkg.com www.google.cz www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
errorsecurity
URL
https://web.cmp.usercentrics.eu/ui/v/3.28.3/BrowserSdk.lib.a6384558.js
Text
[Report Only] Refused to connect to 'https://v1.api.service.cmp.usercentrics.eu/latest/core/_9-1Z62sbLkx-Z' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.cookiebot.com *.drmax-cz.space *.drmax-gl.space *.drmax-gl.dev *.drmax-sk.space *.drmax.cz *.drmax.net *.drmax.sk *.drmax.zone *.drmax-gl.live *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.instagram.com *.sentry.io *.twitter.com api.luigisbox.com api.mailkit.eu backend.drmax-cz.space bam.eu01.nr-data.net bat.bing.com c.imedia.cz c.seznam.cz cdn.jsdelivr.net cdn.luigisbox.com cdn.speedcurve.com cdn-4.convertexperiments.com cdp.drmax.meiro.io drmax-events.persoo.app drmaxczeepmhub.azurewebsites.net drmaxczeepmhubtest.azurewebsites.net dynamic.criteo.com events.drmax.cz fledge.eu.criteo.com fonts.gstatic.com googleads.g.doubleclick.net gum.criteo.com image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space insights.algolia.io js-agent.newrelic.com measurement-api.criteo.com meiro.drmax.cz pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space rtp.persoo.ai s2.adform.net scripts.persoo.cz search-service.drmax-gl.space signals.convertexperiments.com sslwidget.criteo.com static.cloudflareinsights.com static.criteo.net stats.g.doubleclick.com stats.g.doubleclick.net td.doubleclick.net track.adform.net u.mailkit.eu unpkg.com www.google.cz www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
errorsecurity
URL
https://web.cmp.usercentrics.eu/ui/v/3.28.3/BrowserSdk.lib.a6384558.js
Text
[Report Only] Refused to connect to 'https://v1.api.service.cmp.usercentrics.eu/latest/1/cmp/cs/GDPR/_9-1Z62sbLkx-Z/7.1.4/7.1.4' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.cookiebot.com *.drmax-cz.space *.drmax-gl.space *.drmax-gl.dev *.drmax-sk.space *.drmax.cz *.drmax.net *.drmax.sk *.drmax.zone *.drmax-gl.live *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.instagram.com *.sentry.io *.twitter.com api.luigisbox.com api.mailkit.eu backend.drmax-cz.space bam.eu01.nr-data.net bat.bing.com c.imedia.cz c.seznam.cz cdn.jsdelivr.net cdn.luigisbox.com cdn.speedcurve.com cdn-4.convertexperiments.com cdp.drmax.meiro.io drmax-events.persoo.app drmaxczeepmhub.azurewebsites.net drmaxczeepmhubtest.azurewebsites.net dynamic.criteo.com events.drmax.cz fledge.eu.criteo.com fonts.gstatic.com googleads.g.doubleclick.net gum.criteo.com image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space insights.algolia.io js-agent.newrelic.com measurement-api.criteo.com meiro.drmax.cz pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space rtp.persoo.ai s2.adform.net scripts.persoo.cz search-service.drmax-gl.space signals.convertexperiments.com sslwidget.criteo.com static.cloudflareinsights.com static.criteo.net stats.g.doubleclick.com stats.g.doubleclick.net td.doubleclick.net track.adform.net u.mailkit.eu unpkg.com www.google.cz www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Header · 2 gefunden

Copy link

HTTP-Antwortheader, die die Sicherheit einer Web-App erhöhen können

Mehr erfahren ...
NameWertSupportInfo
Strict-Transport-Securitymax-age=31536000; includeSubDomainsGutartigDeklarieren, dass eine Website nur über eine sichere Verbindung (HTTPS) zugänglich ist.

Klicken, um mehr zu erfahren ...
X-Frame-OptionsGutartigGeben Sie an, ob ein Browser eine Seite in einem <frame>, <iframe>, <embed> oder <object> darstellen darf.

Klicken, um mehr zu erfahren ...
X-Content-Type-OptionsnosniffGutartigAngeben, dass die in den Headern-Content-Type angekündigten MIME-Typen befolgt und nicht verändert werden sollen.

Klicken, um mehr zu erfahren ...
Content-Security-PolicyGutartigRessourcen kontrollieren, die der Nutzer-Agent für eine bestimmte Seite laden darf.

Klicken, um mehr zu erfahren ...
Referrer-PolicyGutartigKontrollieren, wie viele Referrer-Informationen in die Anfragen aufgenommen werden sollen.

Klicken, um mehr zu erfahren ...
Clear-Site-DataGutartigDie von einem Client-Browser gespeicherten Daten auf ihren Ursprung hin kontrollieren.

Klicken, um mehr zu erfahren ...
X-Permitted-Cross-Domain-PoliciesGutartigKontrollieren, ob ein Web-Client wie Adobe Flash Player oder Adobe Acrobat die Erlaubnis hat, Daten über Domains hinweg zu verarbeiten.

Klicken, um mehr zu erfahren ...
Permissions-PolicyNeuDie Verwendung von Browser-Features in einem Dokument oder Iframe zulassen oder verweigern.

Klicken, um mehr zu erfahren ...
Cross-Origin-Embedder-PolicyNeuEinbettung von Cross-Origin-Ressourcen in das Dokument konfigurieren.

Klicken, um mehr zu erfahren ...
Cross-Origin-Opener-PolicyNeuSicherstellen, dass ein Top-Level-Dokument nicht eine Browsing-Kontextgruppe mit Cross-Origin-Dokumenten teilt.

Klicken, um mehr zu erfahren ...
Cross-Origin-Resource-PolicyNeuAnfordern, dass der Browser No-Cors Cross-Origin-/Cross-Site-Anfragen an die angegebene Ressource blockiert.

Klicken, um mehr zu erfahren ...
X-XSS-ProtectionVeraltetVeraltet. Stoppt den Ladevorgang von Seiten, wenn sie reflektierte Cross-Site-Scripting (XSS)-Angriffe erkennen.

Klicken, um mehr zu erfahren ...
Feature-PolicyVeraltetVeraltet. Ersetzt durch den Permissions-Policy-Header.

Klicken, um mehr zu erfahren ...
Expect-CTVeraltetVeraltet. Sich für Berichte und/oder die Durchsetzung der Anforderungen an die Zertifikatstransparenz entscheiden.

Klicken, um mehr zu erfahren ...
Public-Key-PinsVeraltetVeraltet. Ermöglicht HTTPS-Websites den Schutz vor Angreifern, die falsch ausgestellte oder anderweitig gefälschte Zertifikate verwenden.

Klicken, um mehr zu erfahren ...

Performance Navigation Timing

Copy link

Die Schnittstelle PerformanceNavigationTiming liefert Metriken zu den Dokumenten-Navigationsereignissen des Browsers

Mehr erfahren ...

Prozess-Entlade-Ereignis

EreignisTiming (ms)
unloadEventStart0
unloadEventEnd0

Umleitung

EreignisTiming (ms)
redirectStart0
redirectEnd0

Service Worker Init

EreignisTiming (ms)
workerStart0

Service Worker Fetch-Ereignis

EreignisTiming (ms)
fetchStart0

DNS

EreignisTiming (ms)
domainLookupStart0
domainLookupEnd0

TCP

EreignisTiming (ms)
connectStart59
secureConnectionStart73
connectEnd150

Anfrage

EreignisTiming (ms)
requestStart150

Antwort

EreignisTiming (ms)
responseStart304
responseEnd494

Verarbeitung

EreignisTiming (ms)
domInteractive2285
domContentLoadedEventStart2705
domContentLoadedEventEnd2714
domComplete3857

Last

EreignisTiming (ms)
loadEventStart3857
loadEventEnd3866