- ID scansione:
- 5ab1765e-e77a-4e11-9d4c-1566c123ddbcFatto
- URL inviato:
- https://www.teamusa.com/
- Report terminato:
Rischi · 0 trovati
Pratiche che possono comportare rischi per la sicurezza
Intestazioni di sicurezza · 1 trovate
Intestazioni di risposta HTTP che possono rafforzare la sicurezza di un'applicazione Web
Ulteriori informazioni...| Nome | Valore | Supporto | Info |
|---|---|---|---|
| Strict-Transport-Security | — | Buono | Dichiara che un sito Web è accessibile solo tramite una connessione sicura (HTTPS). Fai clic per saperne di più... |
| X-Frame-Options | — | Buono | Indica se a un browser deve essere consentito di eseguire il rendering di una pagina in un <frame>, <iframe>, <embed> o <object>. Fai clic per saperne di più... |
| X-Content-Type-Options | — | Buono | Indica che i tipi MIME pubblicizzati nelle intestazioni Content-Type devono essere seguiti e non modificati. Fai clic per saperne di più... |
| Content-Security-Policy | default-src 'self' teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/; connect-src 'self' *.addthis.com *.adtrafficquality.google *.clarity.ms *.cookielaw.org *.doubleverify.com *.evergage.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleusercontent.com *.hs-banner.com *.hsforms.com *.hscollectedforms.net *.hubspot.com *.mktoresp.com *.mktoutil.com *.onetrust.com *.teamusa.org ad.doubleclick.net analytics.tiktok.com api.airbrake.io attestation.android.com bcbolt446c5271-a.akamaihd.net cdn.jsdelivr.net cdn.linkedin.oribi.io csi.gstatic.com csp.withgoogle.com dw5zrj66pk.execute-api.us-east-1.amazonaws.com d.agkn.com doublethedonation.com edge.api.brightcove.com failover-k8s-widgets.sports.gracenote.com gtm-w82hjxd-otazy.uc.r.appspot.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io ogdemo-api.sports.gracenote.com og2022-api.sports.gracenote.com og2020-api.sports.gracenote.com og2024-api.sports.gracenote.com pagead2.googlesyndication.com pixel.adsafeprotected.com px.ads.linkedin.com region1.analytics.google.com rum-collector-2.pingdom.net sdk.classy.org siteintercept.qualtrics.com sportapi-widgets.sports.gracenote.com sportapi.widgets.sports.gracenote.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ typeahead.formassembly.com usopc.tfaforms.net widgets.sports.gracenote.com widgetfailover.sports.gracenote.com ws://*.teamusadev.com:24678/ ws://*.usopcdev.com:24678/ ws://localhost:24678/ ws://*.teamusadev.com:24678/ ws://*.usopcdev.com:24678/ ws://local.usopcdev.org:24678/ www.facebook.com www.trackwrestling.com; font-src 'self' cdnjs.cloudflare.com data://* data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com use.typekit.net doublethedonation.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.trackwrestling.com; form-action 'self' support.teamusa.com/campaign/622581/donate/ *.twitter.com analytics.clickdimensions.com bbox.blackbaudhosting.com feedback.teamusa.org form.usoc.org la28.qualtrics.com link.teamusa.org teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ usoc.tfaforms.net usopc.tfaforms.net www.facebook.com; frame-ancestors 'self' *.olympics.com; frame-src 'self' *.addthis.com *.emailmeform.com *.facebook.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.hsforms.com *.hsforms.net *.hubspot.com *.olympics.com *.olympics.com/olympic-family-iframe-olympics/ *.safeframe.googlesyndication.com *.sport80.com *.teamusa.com *.teamusadev.com *.teamusadev.com:3000 *.tiktok.com *.tourneymachine.com *.tournamentinabox.com *.ttwstatic.com *.twitter.com *.usopc.org *.usopcdev.org *.wufoo.com abc11.com ad.doubleclick.net anchor.fm app-ab22.marketo.com airtable.com archivist.teamusa.org bbox.blackbaudhosting.com c.streamhoster.com cdn.flipsnack.com console.googletagservices.com content.usawmembership.com draftable.com embed.fitrankings.com embed.gettyimages.com ep2.adtrafficquality.google free.timeanddate.com https://cheer-generator-website-git-feature-status-page-dogstudio.vercel.app/ https://cheer-generator-website.vercel.app/ https://fencingtimelive.com https://usfencingresults.org/rankings/ gc.com www.googleadservices.com geosnapshot.com giphy.com imasdk.googleapis.com indd.adobe.com https://e.issuu.com judoreferee.com kingsumo.com livestream.com la28.qualtrics.com mdm-iframe.teamusa.com olympics.com olympics.com/olympic-family-iframe-olympics/ online.anyflip.com photos.pixlee.co player.vimeo.com players.brightcove.net public.tableau.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ share.transistor.fm snapwidget.com stage-schedules.nbcolympics.com schedules.nbcolympics.com st.chatango.com streaming.enetlive.tv support.teamusa.org tableau.usoc.org td.doubleclick.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ themat.tv tournamentinabox.com tpc.googlesyndication.com universe.queue-it.net uploads.knightlab.com usa.asasoftball.com usakaratenationalkaratedofoundation.formstack.com usaboxing.webpoint.us usadiving.ticketspice.com usatt.simplycompete.com usawaterski.org usopc.tfaforms.net vplayer.nbcolympics.com vplayer.nbcsports.com widgets.scribblemaps.com www.bullseyelocations.com www.buzzsprout.com www.classy.org www.givedirect.org www.googletagmanager.com www.instagram.com www.omegawatches.com www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.surveymonkey.com www.thorne.com www.universe.com www.usakaratemembership.com www.usaracquetballevents.com www.usawaterski.org www.usawmembership.com www.youtube.com www.youtube-nocookie.com; img-src 'self' https://usat-production.s3.amazonaws.com/ *.2mdn.net *.ads.linkedin.com *.adsafeprotected.com *.doubleverify.com *.evergage.com *.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.hsforms.com *.hsforms.net *.hubspot.com *.twimg.com *.qualtrics.com *.twitter.com ad.doubleclick.net barbend.com bbox.blackbaudhosting.com c.bing.com c.clarity.ms cdn.cookielaw.org cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net clients1.google.com connect.facebook.net content.themat.com data: doublethedonation.com ep1.adtrafficquality.google i.ytimg.com images.contentstack.io images.sports.gracenote.com images.teamusa.org img.youtube.com iwf.sport learningacademy1.usadiving.org mcusercontent.com/93fe0d952f40d98f22a93f8e4/images/ metrics.brightcove.com p.adsymptotic.com p.typekit.net pixel.quantserve.com public.tableau.com reg.usajudo.net region1.analytics.google.com res.cloudinary.com storage.googleapis.com siteintercept.qualtrics.com sjc1.qualtrics.com s3.amazonaws.com/photos.usacycling.org/ t.co t.paypal.com teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ tw-ads.s3-us-west-2.amazonaws.com tw-ads.s3.us-west-2.amazonaws.com upload.wikimedia.org/wikipedia/commons/3/32/Sarah_Docter_1980.jpg usa.asasoftball.com usoc.tfaforms.net usopc.tfaforms.net widgets.sports.gracenote.com www.facebook.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.ua www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.com www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg www.googleapis.com www.googletagmanager.com www.iwf.net www.linkedin.com www.nationalspeedskatingmuseum.org www.officialgear.com www.paypalobjects.com www.trackwrestling.com; media-src 'self' blob: *.evergage.com bcbolt446c5271-a.akamaihd.net bcovlive-a.akamaihd.net manifest.prod.boltdns.net; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-ax40r+iZMx5qM1LKJ5JqMA==' *.addthis.com *.adsafeprotected.com *.britecove.com *.cdc.gov *.clarity.ms *.clickdimensions.com *.cookielaw.org *.evergage.com *.g.doubleclick.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googleusercontent.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.hubspot.com *.instagram.com *.pxlecdn.com *.tiktok.com *.ttwstatic.com *.twitter.com *.wufoo.com *.youtube.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.com adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se ajax.googleapis.com analytics.tiktok.com app-ab22.marketo.com assets.pixlee.com/assets/fp.js az124611.vo.msecnd.net/web/v10/CDWidget.js bbox.blackbaudhosting.com c.bing.com cdn.doubleverify.com cdn.evgnet.com cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net console.googletagservices.com countdown.omegawatches.com cse.google.com doublethedonation.com feedback.hubapi.com images.teamusa.org kit.fontawesome.com lf16-tiktok-web.tiktokcdn-us.com maxcdn.bootstrapcdn.com munchkin.marketo.net players.brightcove.net public.tableau.com qa-widgets.sports.gracenote.com reg.usajudo.net rules.quantcount.com rum-static.pingdom.net sdk.classy.org secure.givelively.org secure.quantserve.com snap.licdn.com snapwidget.com siteintercept.qualtrics.com stackpath.bootstrapcdn.com static.ads-twitter.com storage.cloud.google.com storage.googleapis.com tableau.usoc.org teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ tps.doubleverify.com use.typekit.net usoc.tfaforms.net usopc.tfaforms.net v1.addthisedge.com vjs.zencdn.net widget.surveymonkey.com widgets.flickr.com widgets.sports.gracenote.com www.buzzsprout.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.olympicchannel.com www.paypal.com www.paypalobjects.com www.trackwrestling.com www.universe.com zn6x64ufidwjzj7w2-la28.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline' *.evergage.com *.googleusercontent.com bbox.blackbaudhosting.com cdn-images.mailchimp.com cdn-us.clickdimensions.com cdn.fonts.net cdnjs.cloudflare.com code.jquery.com doublethedonation.com fonts.googleapis.com images.teamusa.org www.google.com/cse/ lf16-tiktok-web.tiktokcdn-us.com lf16-tiktok-web.ttwstatic.com maxcdn.bootstrapcdn.com p.typekit.net platform.twitter.com reg.usajudo.net static.ctctcdn.com/h/contacts-embedded-signup-assets/1.0.2/css/signup-form.css storage.cloud.google.com storage.googleapis.com teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ use.typekit.net usoc.tfaforms.net usopc.tfaforms.net www.instagram.com www.teamusa.org www.trackwrestling.com; worker-src 'self' blob: https://teamusa.report-uri.com/r/d/csp/enforce; report-uri; | Buono | Controlla le risorse che l'agente utente può caricare per una determinata pagina. Fai clic per saperne di più... |
| Referrer-Policy | — | Buono | Controlla la quantità di informazioni sul referrer che devono essere incluse nelle richieste. Fai clic per saperne di più... |
| Clear-Site-Data | — | Buono | Controlla i dati memorizzati da un browser client per le loro origini. Fai clic per saperne di più... |
| X-Permitted-Cross-Domain-Policies | — | Buono | Controlla se un client Web come Adobe Flash Player o Adobe Acrobat dispone dell'autorizzazione per gestire i dati tra domini. Fai clic per saperne di più... |
| Permissions-Policy | — | Nuovo | Consenti e nega l'uso delle funzionalità del browser in un documento o iframe. Fai clic per saperne di più... |
| Cross-Origin-Embedder-Policy | — | Nuovo | Configura l'incorporamento di risorse multiorigine nel documento. Fai clic per saperne di più... |
| Cross-Origin-Opener-Policy | — | Nuovo | Assicurati che un documento di livello superiore non condivida un gruppo di contesti di navigazione con documenti di più origini. Fai clic per saperne di più... |
| Cross-Origin-Resource-Policy | — | Nuovo | Richiedere che il browser blocchi le richieste multiorigine/tra siti no-cor alla risorsa specificata. Fai clic per saperne di più... |
| X-XSS-Protection | — | Obsoleto | Obsoleto. Impedisce il caricamento delle pagine quando rilevano attacchi XSS (cross-site scripting) riflessi. Fai clic per saperne di più... |
| Feature-Policy | — | Obsoleto | Obsoleto. Sostituito dall'intestazione Permissions-Policy. Fai clic per saperne di più... |
| Expect-CT | — | Obsoleto | Obsoleto. Accetta la segnalazione e/o l'applicazione dei requisiti di trasparenza dei certificati. Fai clic per saperne di più... |
| Public-Key-Pins | — | Obsoleto | Obsoleto. Consente ai siti Web HTTPS di resistere alla rappresentazione da parte di autori di attacchi che utilizzano certificati emessi erroneamente o altrimenti fraudolenti. Fai clic per saperne di più... |
Violazioni della sicurezza · 3 trovate
Richieste o risorse che violano le politiche di sicurezza
| Violazione | Tipo | Info |
|---|---|---|
| Criteri di sicurezza dei contenuti | Controlla le risorse che l'agente utente può caricare per una determinata pagina. Fai clic per saperne di più... |
| certificate | certificate |
| certificate | certificate |
Certificati · 18 trovati
I certificati SSL/TLS consentono ai siti Web di crittografare le transazioni tra il client e il server e fornire la verifica dell'identità del server
| Oggetto | Data di emissione | Data di scadenza |
|---|---|---|
| *.teamusa.com | 8 apr 2024, 15:30:30 | 21 apr 2025, 18:54:41 |
| cookielaw.org | 9 dic 2024, 19:16:11 | 9 mar 2025, 20:16:09 |
| *.tfaforms.net | 15 apr 2024, 00:00:00 | 14 mag 2025, 23:59:59 |
| *.cloudinary.com | 23 apr 2024, 13:44:07 | 25 mag 2025, 13:44:07 |
| storage.googleapis.com | 2 dic 2024, 08:39:53 | 24 feb 2025, 08:39:52 |
| *.g.doubleclick.net | 2 dic 2024, 08:35:56 | 24 feb 2025, 08:35:55 |
| geolocation.onetrust.com | 9 dic 2024, 18:59:53 | 9 mar 2025, 19:59:51 |
| use.typekit.net | 10 dic 2024, 00:00:00 | 10 gen 2026, 23:59:59 |
| *.google-analytics.com | 2 dic 2024, 08:35:56 | 24 feb 2025, 08:35:55 |
| quantserve.com | 21 dic 2024, 12:45:37 | 21 mar 2025, 12:45:36 |