https://www.span.eu/

ID da verificação: baba82c8-1047-4720-9c79-becbb54be727Concluído
URL enviado:: https://span.eu/Redirecionado
Relatório concluído:: 3 de fev. de 2025, 06:17:40

Riscos · 0 encontrado(s)

Práticas que podem representar riscos de segurança

Cabeçalhos de segurança · 6 encontrado(s)

Cabeçalhos de resposta HTTP que podem aumentar a segurança de um aplicativo web

Nome	Valor	Suporte	Info
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload	Bom	Declarar que um site só pode ser acessado por meio de uma conexão segura (HTTPS). Clique para saber mais...
X-Frame-Options	SAMEORIGIN	Bom	Indicar se um navegador deve ter permissão para renderizar uma página em <frame>, <iframe>, <embed> ou <object>. Clique para saber mais...
X-Content-Type-Options	nosniff	Bom	Indicar que os tipos MIME anunciados nos cabeçalhos Content-Type devem ser seguidos e não alterados. Clique para saber mais...
Content-Security-Policy	default-src 'self'; img-src 'self' blob data: https://wwwspaneu.azureedge.net https://saspanweb01.blob.core.windows.net/ .span.eu/ https://weu-span-web-test-cdn-static.azureedge.net https://saeuwespanwebtest01.blob.core.windows.net/ https://weu-span-web-prod-cdn-static.azureedge.net https://saeuwespanwebprod01.blob.core.windows.net/ https://saeuwespanwebdev01.blob.core.windows.net/ https://www.googletagmanager.com https://www.google.hr https://www.google.com .googleapis.com .gstatic.com https://www.facebook.com .facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://c.clarity.ms https://c.bing.com .highcharts.com .linkedin.com https://cdn.midas-network.com/ .ytimg.com .g.doubleclick.net .svc.dynamics.com/ .googletagmanager.com/ .reddit.com/ .umbraco.com/ .cookiebot.com https://cdn-test-span-web-gcbqcyeveuehewam.z01.azurefd.net .span.eu/ .lfeeder.com/ .bing.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://weu-span-web-test-cdn-static.azureedge.net https://saeuwespanwebtest01.blob.core.windows.net/ https://weu-span-web-prod-cdn-static.azureedge.net https://saeuwespanwebprod01.blob.core.windows.net/ https://saeuwespanwebdev01.blob.core.windows.net/ https://wwwspaneu.azureedge.net https://saspanweb01.blob.core.windows.net/ https://consentcdn.cookiebot.com/ .cookiebot.com .googletagmanager.com .googleapis.com https://www.google-analytics.com .facebook.net https://www.google.com https://www.gstatic.com https://stats.g.doubleclick.net https://www.clarity.ms/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://s7.addthis.com/ https://script.hotjar.com https://z.moatads.com .addthis.com .addthisedge.com .licdn.com https://static.hotjar.com https://trackcmp.net https://my.hellobar.com https://cdn.midas-network.com https://diffuser-cdn.app-us1.com/ .app-us1.com .clarity.ms https://region1.google-analytics.com/ .google-analytics.com/ https://mktdplp102cdn.azureedge.net/ .azureedge.net/ .instagram.com/embed.js .tiktok.com/embed.js .ttwstatic.com/ .redditstatic.com/ https://sc.lfeeder.com .lfeeder.com https://cdn-test-span-web-gcbqcyeveuehewam.z01.azurefd.net .span.eu/ .bing.com/ .snitcher.com/; style-src* 'self' 'unsafe-inline' 'unsafe-eval' https://weu-span-web-test-cdn-static.azureedge.net https://saeuwespanwebtest01.blob.core.windows.net/ https://weu-span-web-prod-cdn-static.azureedge.net https://saeuwespanwebprod01.blob.core.windows.net/ https://saeuwespanwebdev01.blob.core.windows.net/ https://wwwspaneu.azureedge.net https://saspanweb01.blob.core.windows.net/ https://use.fontawesome.com https://fonts.googleapis.com .googletagmanager.com/ .ttwstatic.com/ https://cdn-test-span-web-gcbqcyeveuehewam.z01.azurefd.net .span.eu/; frame-src* 'self' https://consentcdn.cookiebot.com/ .cookiebot.com https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ .addthis.com .facebook.com https://vars.hotjar.com/ .svc.dynamics.com/ https://www.instagram.com/ https://www.tiktok.com/ https://www.entrio.hr/; form-action 'self' .facebook.com https://export.highcharts.com/ .svc.dynamics.com/ .span.eu/ .microsoft.com/ .microsoftonline.com/; font-src* 'self' https://weu-span-web-test-cdn-static.azureedge.net https://saeuwespanwebtest01.blob.core.windows.net/ https://weu-span-web-prod-cdn-static.azureedge.net https://saeuwespanwebprod01.blob.core.windows.net/ https://saeuwespanwebdev01.blob.core.windows.net/ https://wwwspaneu.azureedge.net https://saspanweb01.blob.core.windows.net/ https://fonts.gstatic.com https://use.fontawesome.com .span.eu/ data:; connect-src* 'self' https://weu-span-web-test-cdn-static.azureedge.net https://saeuwespanwebtest01.blob.core.windows.net/ https://weu-span-web-prod-cdn-static.azureedge.net https://saeuwespanwebprod01.blob.core.windows.net/ https://saeuwespanwebdev01.blob.core.windows.net/ wss://www.span.eu wss://span.eu https://wwwspaneu.azureedge.net https://saspanweb01.blob.core.windows.net/ https://in.hotjar.com/ https://www.google-analytics.com https://stats.g.doubleclick.net .google.com .facebook.net https://www.clarity.ms/ .addthis.com https://e.clarity.ms/ https://consentcdn.cookiebot.com/ https://googleads.g.doubleclick.net/ https://vc.hotjar.io/ https://d.clarity.ms/ .clarity.ms .facebook.com https://region1.google-analytics.com/ .google-analytics.com/ .google.hr/ .linkedin.oribi.io/ https://306b49ace6c341dc83620312fbd34f1e.svc.dynamics.com/ .svc.dynamics.com/ wss://ws.hotjar.com/ .hotjar.com/ https://content.hotjar.io/ .hotjar.io/ .span.eu/ .linkedin.com/ .snitcher.com/ https://www.entrio.hr/ .entrio.hr/; media-src* 'self' https://weu-span-web-test-cdn-static.azureedge.net https://saeuwespanwebtest01.blob.core.windows.net/ https://weu-span-web-prod-cdn-static.azureedge.net https://saeuwespanwebprod01.blob.core.windows.net/ https://saeuwespanwebdev01.blob.core.windows.net/ *.span.eu/ https://sasdcspanwebprod01.blob.core.windows.net;	Bom	Controlar os recursos que o agente do usuário pode carregar para uma determinada página. Clique para saber mais...
Referrer-Policy	—	Bom	Controlar a quantidade de informações de referência que devem ser incluídas nas solicitações. Clique para saber mais...
Clear-Site-Data	—	Bom	Controlar os dados armazenados por um navegador cliente quanto às suas origens. Clique para saber mais...
X-Permitted-Cross-Domain-Policies	—	Bom	Controlar se um cliente web, como Adobe Flash Player ou Adobe Acrobat, tem permissão para controlar dados entre domínios. Clique para saber mais...
Permissions-Policy	geolocation=*	Recente	Permitir e negar o uso de recursos do navegador em um documento ou iframe. Clique para saber mais...
Cross-Origin-Embedder-Policy	—	Recente	Configurar a incorporação de recursos de origem cruzada no documento. Clique para saber mais...
Cross-Origin-Opener-Policy	—	Recente	Garantir que um documento de nível superior não compartilhe um grupo de contexto de navegação com documentos de origem cruzada. Clique para saber mais...
Cross-Origin-Resource-Policy	—	Recente	Solicitar que o navegador bloqueie solicitações de origem cruzada/entre sites no-cors para o recurso fornecido. Clique para saber mais...
X-XSS-Protection	1; mode=block	Descontinuado	Descontinuado Impede o carregamento de páginas quando detectam ataques refletidos de cross-site scripting (XSS). Clique para saber mais...
Feature-Policy	—	Descontinuado	Descontinuado Substituído pelo cabeçalho Permissions-Policy. Clique para saber mais...
Expect-CT	—	Descontinuado	Descontinuado Optar por relatar e/ou aplicar requisitos de transparência de certificados. Clique para saber mais...
Public-Key-Pins	—	Descontinuado	Descontinuado Permitir que sites HTTPS resistam à falsificação de invasores usando certificados emitidos incorretamente ou fraudulentos. Clique para saber mais...

Violações de segurança · 3 encontrada(s)

Solicitações ou recursos que ofendem as políticas de segurança

Violação	Tipo	Informações
Recurso https://www.googletagmanager.com/gtm.js?id=GTM-W5HR3V Descrição Refused to connect to 'https://pagead2.googlesyndication.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.span.eu%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=333247987.1738563470&navt=n&npa=1&us_privacy=1---&gtm=45He51u0v71951893za200&gcs=G100&gcd=13p3p3p2p5l1&dma_cps=-&dma=1&tag_exp=102067808~102081485~102123608~102482433~102528644~102539968~102546754&tft=1738563470006&tfd=2284&apve=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://weu-span-web-test-cdn-static.azureedge.net https://saeuwespanwebtest01.blob.core.windows.net/ https://weu-span-web-prod-cdn-static.azureedge.net https://saeuwespanwebprod01.blob.core.windows.net/ https://saeuwespanwebdev01.blob.core.windows.net/ wss://www.span.eu wss://span.eu https://wwwspaneu.azureedge.net https://saspanweb01.blob.core.windows.net/ https://in.hotjar.com/ https://www.google-analytics.com https://stats.g.doubleclick.net .google.com .facebook.net https://www.clarity.ms/ .addthis.com https://e.clarity.ms/ https://consentcdn.cookiebot.com/ https://googleads.g.doubleclick.net/ https://vc.hotjar.io/ https://d.clarity.ms/ .clarity.ms .facebook.com https://region1.google-analytics.com/ .google-analytics.com/ .google.hr/ .linkedin.oribi.io/ https://306b49ace6c341dc83620312fbd34f1e.svc.dynamics.com/ .svc.dynamics.com/ wss://ws.hotjar.com/ .hotjar.com/ https://content.hotjar.io/ .hotjar.io/ .span.eu/ .linkedin.com/ .snitcher.com/ https://www.entrio.hr/ *.entrio.hr/".	Política de segurança de conteúdo	Controlar os recursos que o agente do usuário pode carregar para uma determinada página. Clique para saber mais...
Recurso https://www.googletagmanager.com/gtag/destination?id=AW-11021259004&l=dataLayer&cx=c&gtm=45He51u0v71951893za200 Descrição Refused to load the script 'https://pagead2.googlesyndication.com/pagead/conversion/11021259004/?random=1738563469312&cv=11&fst=1738563469312&bg=ffffff&guid=ON&async=1&gtm=45be51u0v896570622z871951893za201zb71951893&gcs=G100&gcd=13p3p3p2p5l1&dma_cps=-&dma=1&tag_exp=102067808~102081485~102123608~102482432~102528644~102539968~102546754~102556565&u_w=1&u_h=1&url=https%3A%2F%2Fwww.span.eu&label=DiNHCJ-Cop0YEPyhrIcp&hn=www.googleadservices.com&frm=0&tiba=Span.eu%20-%20A%20great%20IT%20partnership%20is%20more%20than%20the%20sum%20of%20its%20parts&value=0&did=dMWZhNz&gdid=dMWZhNz&edid=dMWZhNz&bttype=purchase&npa=1&us_privacy=1---&pscdl=denied&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=Sw&data=ads_data_redaction%3Dtrue&rfmt=3&fmt=4' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://weu-span-web-test-cdn-static.azureedge.net https://saeuwespanwebtest01.blob.core.windows.net/ https://weu-span-web-prod-cdn-static.azureedge.net https://saeuwespanwebprod01.blob.core.windows.net/ https://saeuwespanwebdev01.blob.core.windows.net/ https://wwwspaneu.azureedge.net https://saspanweb01.blob.core.windows.net/ https://consentcdn.cookiebot.com/ .cookiebot.com .googletagmanager.com .googleapis.com https://www.google-analytics.com .facebook.net https://www.google.com https://www.gstatic.com https://stats.g.doubleclick.net https://www.clarity.ms/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://s7.addthis.com/ https://script.hotjar.com https://z.moatads.com .addthis.com .addthisedge.com .licdn.com https://static.hotjar.com https://trackcmp.net https://my.hellobar.com https://cdn.midas-network.com https://diffuser-cdn.app-us1.com/ .app-us1.com .clarity.ms https://region1.google-analytics.com/ .google-analytics.com/ https://mktdplp102cdn.azureedge.net/ .azureedge.net/ .instagram.com/embed.js .tiktok.com/embed.js .ttwstatic.com/ .redditstatic.com/ https://sc.lfeeder.com .lfeeder.com https://cdn-test-span-web-gcbqcyeveuehewam.z01.azurefd.net .span.eu/ .bing.com/ *.snitcher.com/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	Política de segurança de conteúdo	Controlar os recursos que o agente do usuário pode carregar para uma determinada página. Clique para saber mais...
Recurso https://www.googletagmanager.com/ Descrição Refused to frame 'https://www.googletagmanager.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://consentcdn.cookiebot.com/ .cookiebot.com https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ .addthis.com .facebook.com https://vars.hotjar.com/ .svc.dynamics.com/ https://www.instagram.com/ https://www.tiktok.com/ https://www.entrio.hr/".	Política de segurança de conteúdo	Controlar os recursos que o agente do usuário pode carregar para uma determinada página. Clique para saber mais...

Certificados · 10 encontrado(s)

Os certificados SSL/TLS permitem que os sites criptografem transações entre o cliente e o servidor e forneçam verificação de identidade do servidor

Assunto	Data de emissão	Data de validade
*.span.eu	19 de fev. de 2024, 00:00:00	21 de mar. de 2025, 23:59:59
www.google.com	20 de jan. de 2025, 08:37:54	14 de abr. de 2025, 08:37:53
*.google-analytics.com	20 de jan. de 2025, 08:36:04	14 de abr. de 2025, 08:36:03
*.gstatic.com	20 de jan. de 2025, 08:37:07	14 de abr. de 2025, 08:37:06
*.hotjar.com	22 de mai. de 2024, 00:00:00	20 de jun. de 2025, 23:59:59
consent.cookiebot.com	30 de dez. de 2024, 00:00:00	7 de jan. de 2026, 23:59:59
www.clarity.ms	4 de set. de 2024, 00:00:00	4 de set. de 2025, 23:59:59
*.cookiebot.com	29 de dez. de 2024, 00:00:00	7 de jan. de 2026, 23:59:59
a.clarity.ms	23 de jun. de 2024, 10:17:34	18 de jun. de 2025, 10:17:34
*.hotjar.io	1 de jan. de 2025, 00:00:00	31 de jan. de 2026, 23:59:59