https://3commas.io/

ID scansione:: 96f6e9e5-0d8b-4989-84f1-86b7fda78597Fatto
URL inviato:: https://3commas.io/
Report terminato:: 3 gen 2025, 01:05:08

Rischi · 0 trovati

Pratiche che possono comportare rischi per la sicurezza

Intestazioni di sicurezza · 6 trovate

Intestazioni di risposta HTTP che possono rafforzare la sicurezza di un'applicazione Web

Nome	Valore	Supporto	Info
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload	Buono	Dichiara che un sito Web è accessibile solo tramite una connessione sicura (HTTPS). Fai clic per saperne di più...
X-Frame-Options	SAMEORIGIN	Buono	Indica se a un browser deve essere consentito di eseguire il rendering di una pagina in un <frame>, <iframe>, <embed> o <object>. Fai clic per saperne di più...
X-Content-Type-Options	nosniff	Buono	Indica che i tipi MIME pubblicizzati nelle intestazioni Content-Type devono essere seguiti e non modificati. Fai clic per saperne di più...
Content-Security-Policy	default-src none 'self'; script-src 'self' 'strict-dynamic' 'nonce-YjA1NTA5MmQtMjA2Yi00ZTUxLWEyMTAtOThjMTI1NjAwOGMy' 'nonce-T2ZOU240R0xfRm1NX0tKTjBWXzVf'; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.intercomcdn.com/ https://unpkg.com/tippy.js@6/dist/ https://cookiehub.net/c2/css/ static.geetest.com/static/ static.geevisit.com/static/ https://.paddle.com https://cdn.3ctechnologies.link https://cdn.3commas.io https://cdn.cookiehub.eu; img-src 'self' blob: data: https://x.adroll.com https://www.youtube-nocookie.com/ https://.g.doubleclick.net https://.doubleclick.net https://.ytimg.com .cloudflareaccess.com https://.quora.com https://.outbrain.com https://.reddit.com https://bat.bing.com https://3commasio-public.s3.eu-west-1.amazonaws.com https://secure.gravatar.com https://www.google-analytics.com https://static.intercomassets.com https://uploads.intercomusercontent.com https://messenger-apps.intercom.io https://.intercomcdn.com https://.intercom-attachments-5.com https://.intercom-attachments-6.com https://.intercom-attachments-9.com https://.gstatic.com www.facebook.com https://www.google.com https://www.googletagmanager.com https://.prismic.io https://d.adroll.com https://prismic-io.s3.amazonaws.com https://alternative.me https://beacon.krxd.net https://ib.adnxs.com https://dsum-sec.casalemedia.com https://sync.taboola.com https://stags.bluekai.com https://us-u.openx.net https://idsync.rlcdn.com https://x.bidswitch.net https://pixel.advertising.com https://image2.pubmatic.com https://dpm.demdex.net https://gum.criteo.com https://pixel.rubiconproject.com https://ups.analytics.yahoo.com https://eb2.3lift.com https://sync.srv.stackadapt.com https://pippio.com https://match.adsrvr.org https://sync.mathtag.com https://s.amazon-adsystem.com https://usermatch.krxd.net https://tags.bluekai.com https://idsync.reson8.com https://sync-tm.everesttech.net https://io.narrative.io https://p.adsymptotic.com https://bcp.crwdcntrl.net https://lrp.mxptint.net https://rtb.adentifi.com https://sync.ipredictive.com https://x.dlx.addthis.com https://px.owneriq.net https://bttrack.com https://.coingecko.com https://.3commas.io https://.paddle.com https://dna8twue3dlxq.cloudfront.net https://cdn.3ctechnologies.link https://cdn.3commas.io https://d2r1yp2w7bby2u.cloudfront.net https://db7hsdc8829us.cloudfront.net https://.googleusercontent.com https://cs.media.net https://.3ctechnologies.link https://3commas.io https://www.google.com https://.hsforms.net https://.hsforms.com https://.hs-scripts.com https://.hs-banner.com https://.hs-analytics.net https://.hscollectedforms.net https://.hubspot.com; object-src* 'self' https://.prismic.io https://.youtube.com https://.twitter.com https://.facebook.com https://www.googletagmanager.com; font-src 'self' data: https://js.intercomcdn.com https://fonts.gstatic.com https://fonts.googleapis.com/ https://fonts.intercomcdn.com/ https://cdn.3ctechnologies.link https://cdn.3commas.io; frame-src 'self' blob: https://x.adroll.com https://player.vimeo.com https://player.bilibili.com .facebook.com https://docs.google.com https://s.tradingview.com www.youtube.com https://intercom-sheets.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com https://.prismic.io https://www.bilibili.com/ https://player.bilibili.com/ https://cdn.paddle.com https://3commas.atlassian.net https://.paddle.com https://www.tradingview.com https://www.tradingview-widget.com https://.hsforms.net https://.hsforms.com https://.hs-scripts.com https://.hs-banner.com https://.hs-analytics.net https://.hscollectedforms.net https://.hubspot.com; media-src 'self' https://js.intercomcdn.com https://.prismic.io https://cdn.3ctechnologies.link https://cdn.3commas.io; connect-src* 'self' https://.tiktok.com https://.google-analytics.com https://.3ctechnologies.link .intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com .3commas.io https://stats.g.doubleclick.net https://www.tradingview.com cloudflareinsights.com https://ds.cookiehub.net https://vimeo.com https://.prismic.io https://hubspot-forms-static-embed-eu1.s3.amazonaws.com wss://.intercom.io https://www.facebook.com https://.profitwell.com https://3commas.atlassian.net https://cdn.3ctechnologies.link https://cdn.3commas.io https://analytics.google.com https://.analytics.google.com https://d.adroll.com https://.hsforms.net https://.hsforms.com https://.hs-scripts.com https://.hs-banner.com https://.hs-analytics.net https://.hscollectedforms.net https://.hubspot.com; child-src 'self' blob: https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com; manifest-src 'self'; base-uri 'self'	Buono	Controlla le risorse che l'agente utente può caricare per una determinata pagina. Fai clic per saperne di più...
Referrer-Policy	same-origin	Buono	Controlla la quantità di informazioni sul referrer che devono essere incluse nelle richieste. Fai clic per saperne di più...
Clear-Site-Data	—	Buono	Controlla i dati memorizzati da un browser client per le loro origini. Fai clic per saperne di più...
X-Permitted-Cross-Domain-Policies	—	Buono	Controlla se un client Web come Adobe Flash Player o Adobe Acrobat dispone dell'autorizzazione per gestire i dati tra domini. Fai clic per saperne di più...
Permissions-Policy	—	Nuovo	Consenti e nega l'uso delle funzionalità del browser in un documento o iframe. Fai clic per saperne di più...
Cross-Origin-Embedder-Policy	—	Nuovo	Configura l'incorporamento di risorse multiorigine nel documento. Fai clic per saperne di più...
Cross-Origin-Opener-Policy	—	Nuovo	Assicurati che un documento di livello superiore non condivida un gruppo di contesti di navigazione con documenti di più origini. Fai clic per saperne di più...
Cross-Origin-Resource-Policy	—	Nuovo	Richiedere che il browser blocchi le richieste multiorigine/tra siti no-cor alla risorsa specificata. Fai clic per saperne di più...
X-XSS-Protection	1; mode=block	Obsoleto	Obsoleto. Impedisce il caricamento delle pagine quando rilevano attacchi XSS (cross-site scripting) riflessi. Fai clic per saperne di più...
Feature-Policy	—	Obsoleto	Obsoleto. Sostituito dall'intestazione Permissions-Policy. Fai clic per saperne di più...
Expect-CT	—	Obsoleto	Obsoleto. Accetta la segnalazione e/o l'applicazione dei requisiti di trasparenza dei certificati. Fai clic per saperne di più...
Public-Key-Pins	—	Obsoleto	Obsoleto. Consente ai siti Web HTTPS di resistere alla rappresentazione da parte di autori di attacchi che utilizzano certificati emessi erroneamente o altrimenti fraudolenti. Fai clic per saperne di più...

Violazioni della sicurezza · 2 trovate

Richieste o risorse che violano le politiche di sicurezza

Violazione	Tipo	Info
Risorsa https://3commas.io/ Descrizione Refused to load the script 'https://3commas.io/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'strict-dynamic' 'nonce-YjA1NTA5MmQtMjA2Yi00ZTUxLWEyMTAtOThjMTI1NjAwOGMy' 'nonce-T2ZOU240R0xfRm1NX0tKTjBWXzVf'". Note that 'strict-dynamic' is present, so host-based allowlisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	Criteri di sicurezza dei contenuti	Controlla le risorse che l'agente utente può caricare per una determinata pagina. Fai clic per saperne di più...
Risorsa https://3commas.io/ Descrizione Access to fetch at 'https://app.3commas.io/wapi/current_user/status' from origin 'https://3commas.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.	Cross-Origin Resource Sharing	Controls which external origins are allowed load resources. Fai clic per saperne di più...

Certificati · 7 trovati

I certificati SSL/TLS consentono ai siti Web di crittografare le transazioni tra il client e il server e fornire la verifica dell'identità del server

Oggetto	Data di emissione	Data di scadenza
3commas.io	14 nov 2024, 09:57:34	12 feb 2025, 10:57:31
intercom-attachments-9.com	18 dic 2024, 00:00:00	16 gen 2026, 23:59:59
d.adroll.com	9 set 2024, 00:00:00	9 ott 2025, 23:59:59
cloudflareinsights.com	30 dic 2024, 10:58:15	30 mar 2025, 11:58:10
*.google-analytics.com	2 dic 2024, 08:35:56	24 feb 2025, 08:35:55
cookiehub.net	31 dic 2024, 00:00:00	28 gen 2026, 23:59:59
eu1.clevertap-prod.com	20 apr 2024, 00:00:00	19 mag 2025, 23:59:59