https://www.teamusa.com/

스캔 ID:: 5ab1765e-e77a-4e11-9d4c-1566c123ddbc완료
제출된 URL:: https://www.teamusa.com/
보고서 완료:: 2024년 12월 29일 19:08:34

위험 · 0개 결과

보안 위험을 초래할 수 있는 관행

보안 헤더 · 1개 결과

웹 애플리케이션의 보안을 강화할 수 있는 HTTP 응답 헤더

이름	값	지원	정보
Strict-Transport-Security	—	양호	보안 연결(HTTPS)을 통해서만 웹 사이트에 접속할 수 있음을 선언합니다. 클릭하여 자세히 알아보기...
X-Frame-Options	—	양호	브라우저가 <frame>, <iframe>, <embed> 또는 <object> 요소 안에 페이지를 렌더링할 수 있는지 여부를 표시합니다. 클릭하여 자세히 알아보기...
X-Content-Type-Options	—	양호	Content-Type 헤더에 언급된 MIME 유형을 준수하며 변경해서는 안 된다는 사실을 표시합니다. 클릭하여 자세히 알아보기...
Content-Security-Policy	default-src 'self' teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/; connect-src 'self' .addthis.com .adtrafficquality.google .clarity.ms .cookielaw.org .doubleverify.com .evergage.com .g.doubleclick.net .google-analytics.com .google.com .googleusercontent.com .hs-banner.com .hsforms.com .hscollectedforms.net .hubspot.com .mktoresp.com .mktoutil.com .onetrust.com .teamusa.org ad.doubleclick.net analytics.tiktok.com api.airbrake.io attestation.android.com bcbolt446c5271-a.akamaihd.net cdn.jsdelivr.net cdn.linkedin.oribi.io csi.gstatic.com csp.withgoogle.com dw5zrj66pk.execute-api.us-east-1.amazonaws.com d.agkn.com doublethedonation.com edge.api.brightcove.com failover-k8s-widgets.sports.gracenote.com gtm-w82hjxd-otazy.uc.r.appspot.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io ogdemo-api.sports.gracenote.com og2022-api.sports.gracenote.com og2020-api.sports.gracenote.com og2024-api.sports.gracenote.com pagead2.googlesyndication.com pixel.adsafeprotected.com px.ads.linkedin.com region1.analytics.google.com rum-collector-2.pingdom.net sdk.classy.org siteintercept.qualtrics.com sportapi-widgets.sports.gracenote.com sportapi.widgets.sports.gracenote.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ typeahead.formassembly.com usopc.tfaforms.net widgets.sports.gracenote.com widgetfailover.sports.gracenote.com ws://.teamusadev.com:24678/ ws://.usopcdev.com:24678/ ws://localhost:24678/ ws://.teamusadev.com:24678/ ws://.usopcdev.com:24678/ ws://local.usopcdev.org:24678/ www.facebook.com www.trackwrestling.com; font-src 'self' cdnjs.cloudflare.com data://* data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com use.typekit.net doublethedonation.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.trackwrestling.com; form-action 'self' support.teamusa.com/campaign/622581/donate/ .twitter.com analytics.clickdimensions.com bbox.blackbaudhosting.com feedback.teamusa.org form.usoc.org la28.qualtrics.com link.teamusa.org teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ usoc.tfaforms.net usopc.tfaforms.net www.facebook.com; frame-ancestors* 'self' .olympics.com; frame-src* 'self' .addthis.com .emailmeform.com .facebook.com .fls.doubleclick.net .g.doubleclick.net .google.com .hsforms.com .hsforms.net .hubspot.com .olympics.com .olympics.com/olympic-family-iframe-olympics/ .safeframe.googlesyndication.com .sport80.com .teamusa.com .teamusadev.com .teamusadev.com:3000 .tiktok.com .tourneymachine.com .tournamentinabox.com .ttwstatic.com .twitter.com .usopc.org .usopcdev.org .wufoo.com abc11.com ad.doubleclick.net anchor.fm app-ab22.marketo.com airtable.com archivist.teamusa.org bbox.blackbaudhosting.com c.streamhoster.com cdn.flipsnack.com console.googletagservices.com content.usawmembership.com draftable.com embed.fitrankings.com embed.gettyimages.com ep2.adtrafficquality.google free.timeanddate.com https://cheer-generator-website-git-feature-status-page-dogstudio.vercel.app/ https://cheer-generator-website.vercel.app/ https://fencingtimelive.com https://usfencingresults.org/rankings/ gc.com www.googleadservices.com geosnapshot.com giphy.com imasdk.googleapis.com indd.adobe.com https://e.issuu.com judoreferee.com kingsumo.com livestream.com la28.qualtrics.com mdm-iframe.teamusa.com olympics.com olympics.com/olympic-family-iframe-olympics/ online.anyflip.com photos.pixlee.co player.vimeo.com players.brightcove.net public.tableau.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ share.transistor.fm snapwidget.com stage-schedules.nbcolympics.com schedules.nbcolympics.com st.chatango.com streaming.enetlive.tv support.teamusa.org tableau.usoc.org td.doubleclick.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ themat.tv tournamentinabox.com tpc.googlesyndication.com universe.queue-it.net uploads.knightlab.com usa.asasoftball.com usakaratenationalkaratedofoundation.formstack.com usaboxing.webpoint.us usadiving.ticketspice.com usatt.simplycompete.com usawaterski.org usopc.tfaforms.net vplayer.nbcolympics.com vplayer.nbcsports.com widgets.scribblemaps.com www.bullseyelocations.com www.buzzsprout.com www.classy.org www.givedirect.org www.googletagmanager.com www.instagram.com www.omegawatches.com www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.surveymonkey.com www.thorne.com www.universe.com www.usakaratemembership.com www.usaracquetballevents.com www.usawaterski.org www.usawmembership.com www.youtube.com www.youtube-nocookie.com; img-src 'self' https://usat-production.s3.amazonaws.com/ .2mdn.net .ads.linkedin.com .adsafeprotected.com .doubleverify.com .evergage.com .g.doubleclick.net .google-analytics.com .googlesyndication.com .gstatic.com .hsforms.com .hsforms.net .hubspot.com .twimg.com .qualtrics.com .twitter.com ad.doubleclick.net barbend.com bbox.blackbaudhosting.com c.bing.com c.clarity.ms cdn.cookielaw.org cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net clients1.google.com connect.facebook.net content.themat.com data: doublethedonation.com ep1.adtrafficquality.google i.ytimg.com images.contentstack.io images.sports.gracenote.com images.teamusa.org img.youtube.com iwf.sport learningacademy1.usadiving.org mcusercontent.com/93fe0d952f40d98f22a93f8e4/images/ metrics.brightcove.com p.adsymptotic.com p.typekit.net pixel.quantserve.com public.tableau.com reg.usajudo.net region1.analytics.google.com res.cloudinary.com storage.googleapis.com siteintercept.qualtrics.com sjc1.qualtrics.com s3.amazonaws.com/photos.usacycling.org/ t.co t.paypal.com teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ tw-ads.s3-us-west-2.amazonaws.com tw-ads.s3.us-west-2.amazonaws.com upload.wikimedia.org/wikipedia/commons/3/32/Sarah_Docter_1980.jpg usa.asasoftball.com usoc.tfaforms.net usopc.tfaforms.net widgets.sports.gracenote.com www.facebook.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.ua www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.com www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg www.googleapis.com www.googletagmanager.com www.iwf.net www.linkedin.com www.nationalspeedskatingmuseum.org www.officialgear.com www.paypalobjects.com www.trackwrestling.com; media-src* 'self' blob: .evergage.com bcbolt446c5271-a.akamaihd.net bcovlive-a.akamaihd.net manifest.prod.boltdns.net; script-src* 'strict-dynamic' 'unsafe-eval' 'nonce-ax40r+iZMx5qM1LKJ5JqMA==' .addthis.com .adsafeprotected.com .britecove.com .cdc.gov .clarity.ms .clickdimensions.com .cookielaw.org .evergage.com .g.doubleclick.net .google-analytics.com .googleadservices.com .googlesyndication.com .googleusercontent.com .hs-analytics.net .hs-banner.com .hscollectedforms.net .hsforms.com .hsforms.net .hsleadflows.net .hs-scripts.com .hubspotfeedback.com .hubspot.com .instagram.com .pxlecdn.com .tiktok.com .ttwstatic.com .twitter.com .wufoo.com .youtube.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.com adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se ajax.googleapis.com analytics.tiktok.com app-ab22.marketo.com assets.pixlee.com/assets/fp.js az124611.vo.msecnd.net/web/v10/CDWidget.js bbox.blackbaudhosting.com c.bing.com cdn.doubleverify.com cdn.evgnet.com cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net console.googletagservices.com countdown.omegawatches.com cse.google.com doublethedonation.com feedback.hubapi.com images.teamusa.org kit.fontawesome.com lf16-tiktok-web.tiktokcdn-us.com maxcdn.bootstrapcdn.com munchkin.marketo.net players.brightcove.net public.tableau.com qa-widgets.sports.gracenote.com reg.usajudo.net rules.quantcount.com rum-static.pingdom.net sdk.classy.org secure.givelively.org secure.quantserve.com snap.licdn.com snapwidget.com siteintercept.qualtrics.com stackpath.bootstrapcdn.com static.ads-twitter.com storage.cloud.google.com storage.googleapis.com tableau.usoc.org teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ tps.doubleverify.com use.typekit.net usoc.tfaforms.net usopc.tfaforms.net v1.addthisedge.com vjs.zencdn.net widget.surveymonkey.com widgets.flickr.com widgets.sports.gracenote.com www.buzzsprout.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.olympicchannel.com www.paypal.com www.paypalobjects.com www.trackwrestling.com www.universe.com zn6x64ufidwjzj7w2-la28.siteintercept.qualtrics.com; style-src* 'self' 'unsafe-inline' .evergage.com .googleusercontent.com bbox.blackbaudhosting.com cdn-images.mailchimp.com cdn-us.clickdimensions.com cdn.fonts.net cdnjs.cloudflare.com code.jquery.com doublethedonation.com fonts.googleapis.com images.teamusa.org www.google.com/cse/ lf16-tiktok-web.tiktokcdn-us.com lf16-tiktok-web.ttwstatic.com maxcdn.bootstrapcdn.com p.typekit.net platform.twitter.com reg.usajudo.net static.ctctcdn.com/h/contacts-embedded-signup-assets/1.0.2/css/signup-form.css storage.cloud.google.com storage.googleapis.com teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ use.typekit.net usoc.tfaforms.net usopc.tfaforms.net www.instagram.com www.teamusa.org www.trackwrestling.com; worker-src 'self' blob: https://teamusa.report-uri.com/r/d/csp/enforce; report-uri;	양호	사용자 에이전트가 주어진 페이지에서 로드할 수 있는 리소스를 제어합니다. 클릭하여 자세히 알아보기...
Referrer-Policy	—	양호	요청에 포함되어야 하는 참조 페이지 정보의 양을 제어합니다. 클릭하여 자세히 알아보기...
Clear-Site-Data	—	양호	클라이언트 브라우저가 원본에 대해 저장하는 데이터를 제어합니다. 클릭하여 자세히 알아보기...
X-Permitted-Cross-Domain-Policies	—	양호	Adobe Flash Player 또는 Adobe Acrobat 같은 웹 클라이언트에 다른 도메인의 데이터를 처리할 수 있는 권한을 부여할지 제어합니다. 클릭하여 자세히 알아보기...
Permissions-Policy	—	신규	문서 또는 iframe 내에서 브라우저 기능을 허용하거나 거부합니다. 클릭하여 자세히 알아보기...
Cross-Origin-Embedder-Policy	—	신규	문서에 교차 출처 리소스를 임베딩하도록 구성합니다. 클릭하여 자세히 알아보기...
Cross-Origin-Opener-Policy	—	신규	최상위 문서가 교차 출처 문서와 동일한 브라우징 컨텍스트 그룹을 사용하지 않도록 합니다. 클릭하여 자세히 알아보기...
Cross-Origin-Resource-Policy	—	신규	브라우저에 주어진 리소스에 대한 no-cors 교차 출처/교차 사이트 요청을 차단하도록 요청합니다. 클릭하여 자세히 알아보기...
X-XSS-Protection	—	사용 중단	사용이 중단되었습니다. 반사형 교차 사이트 스크립팅(Cross-site scripting, XSS) 공격이 감지되면 페이지 로딩을 중단합니다. 클릭하여 자세히 알아보기...
Feature-Policy	—	사용 중단	사용이 중단되었습니다. Permissions-Policy 헤더로 대체되었습니다. 클릭하여 자세히 알아보기...
Expect-CT	—	사용 중단	사용이 중단되었습니다. 인증서 투명성(Certificate Transparency) 요구 사항 보고 및/또는 시행에 옵트인합니다. 클릭하여 자세히 알아보기...
Public-Key-Pins	—	사용 중단	사용이 중단되었습니다. 잘못 발급되었거나 위조된 인증서를 사용하는 공격자로부터 HTTPS 웹 사이트를 방어할 수 있도록 합니다. 클릭하여 자세히 알아보기...

보안 위반 · 3개 결과

보안 정책을 위반하는 요청 또는 리소스

위반	유형	정보
리소스 https://www.teamusa.com/ 설명 Refused to load the image 'https://pixel-ssn.quantserve.com/pixel;r=1693364183;source=gtm;labels=_fp.event.Default;rf=0;a=p-fa_jnF-p0URt3;url=https%3A%2F%2Fwww.teamusa.com%2F;ns=0;ce=1;qjs=1;qv=6cdb9339-20241218104323;ref=;dst=0;et=1735499327853;tzo=0;ogl=image.https%3A%2F%2Fres%252Ecloudinary%252Ecom%2Fusopc-prod%2Fimage%2Fupload%2Fc_fill%252Cw_600%2Fc_mpad%252Ch_630%252Cw_1%2Ctitle.Home%2Curl.https%3A%2F%2Fwww%252Eteamusa%252Ecom%2Fhome%2Ctype.website;ses=19563b1e-30fa-4bba-9002-9df504f2fe5d;d=teamusa.com;uht=2;fpan=1;fpa=P0-537181492-1735499327860;pbc=;gdpr=0;mdl=;dip=ac5cc34b-5140-4ed2-b11b-3301d56d9598' because it violates the following Content Security Policy directive: "img-src 'self' https://usat-production.s3.amazonaws.com/ .2mdn.net .ads.linkedin.com .adsafeprotected.com .doubleverify.com .evergage.com .g.doubleclick.net .google-analytics.com .googlesyndication.com .gstatic.com .hsforms.com .hsforms.net .hubspot.com .twimg.com .qualtrics.com *.twitter.com ad.doubleclick.net barbend.com bbox.blackbaudhosting.com c.bing.com c.clarity.ms cdn.cookielaw.org cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net clients1.google.com connect.facebook.net content.themat.com data: doublethedonation.com ep1.adtrafficquality.google i.ytimg.com images.contentstack.io images.sports.gracenote.com images.teamusa.org img.youtube.com iwf.sport learningacademy1.usadiving.org mcusercontent.com/93fe0d952f40d98f22a93f8e4/images/ metrics.brightcove.com p.adsymptotic.com p.typekit.net pixel.quantserve.com public.tableau.com reg.usajudo.net region1.analytics.google.com res.cloudinary.com storage.googleapis.com siteintercept.qualtrics.com sjc1.qualtrics.com s3.amazonaws.com/photos.usacycling.org/ t.co t.paypal.com teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ tw-ads.s3-us-west-2.amazonaws.com tw-ads.s3.us-west-2.amazonaws.com upload.wikimedia.org/wikipedia/commons/3/32/Sarah_Docter_1980.jpg usa.asasoftball.com usoc.tfaforms.net usopc.tfaforms.net widgets.sports.gracenote.com www.facebook.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.ua www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.com www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg www.googleapis.com www.googletagmanager.com www.iwf.net www.linkedin.com www.nationalspeedskatingmuseum.org www.officialgear.com www.paypalobjects.com www.trackwrestling.com".	콘텐츠 보안 정책	사용자 에이전트가 주어진 페이지에서 로드할 수 있는 리소스를 제어합니다. 클릭하여 자세히 알아보기...
리소스 https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js 설명 [GPT] Invalid arguments: SizeMappingBuilder.addSize([320, 0], [['fluid']]). https://goo.gle/gpt-message#96	certificate	certificate
리소스 https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js 설명 [GPT] Size mapping is null because invalid mappings were added: [[[320,0],[["fluid"]]]]. https://goo.gle/gpt-message#34	certificate	certificate

인증서 · 18개 결과

SSL/TLS 인증서를 사용하면 웹 사이트는 클라이언트와 서버 간의 트랜잭션을 암호화하고 서버의 신원 확인을 제공할 수 있습니다

제목	발급일	만료일
*.teamusa.com	2024년 4월 8일 15:30:30	2025년 4월 21일 18:54:41
cookielaw.org	2024년 12월 9일 19:16:11	2025년 3월 9일 20:16:09
*.tfaforms.net	2024년 4월 15일 00:00:00	2025년 5월 14일 23:59:59
*.cloudinary.com	2024년 4월 23일 13:44:07	2025년 5월 25일 13:44:07
storage.googleapis.com	2024년 12월 2일 08:39:53	2025년 2월 24일 08:39:52
*.g.doubleclick.net	2024년 12월 2일 08:35:56	2025년 2월 24일 08:35:55
geolocation.onetrust.com	2024년 12월 9일 18:59:53	2025년 3월 9일 19:59:51
use.typekit.net	2024년 12월 10일 00:00:00	2026년 1월 10일 23:59:59
*.google-analytics.com	2024년 12월 2일 08:35:56	2025년 2월 24일 08:35:55
quantserve.com	2024년 12월 21일 12:45:37	2025년 3월 21일 12:45:36