https://moovit.com/

ID da verificação: 582e4cd8-a52d-422a-9c78-19297158273cConcluído
URL enviado:: https://www.moovit.com/Redirecionado
Relatório concluído:: 1/04/2025, 12:47:10

Cookies · 3 encontrados

Cookies são pequenos arquivos de texto armazenados no dispositivo de um utilizador, frequentemente usados para lembrar as preferências do utilizador e proporcionar experiências personalizadas

Nome	Valor	Domínio	Caminho	Expira (UTC)	Seguro	Apenas HTTP
bcookie	"v=2&7a882f7f-9539-4535-8fa5-34249ed37da4"	.linkedin.com	/	1/04/2026, 12:47:20	Sim	Não
li_gc	MTswOzE3NDM1MTE2Mzg7MjswMjGY1YpvOvmYqETLkQXieooWt7EAUufSKtK9FP+axTOFeQ==	.linkedin.com	/	28/09/2025, 12:47:19	Sim	Não
lidc	"b=OGST09:s=O:r=O:a=O:p=O:g=3102:u=1:x=1:i=1743511639:t=1743598039:v=2:sig=AQFdCcFqlhPCvQae8zoiOoN3fy4-_P01"	.linkedin.com	/	2/04/2025, 12:47:20	Sim	Não

Variáveis JavaScript · 17 encontradas

Variáveis JavaScript globais carregadas no objeto janela de uma página são variáveis declaradas fora das funções e acessíveis de qualquer parte do código dentro do âmbito atual

Nome	Tipo
onbeforetoggle	object
documentPictureInPicture	object
onpageswap	object
onpagereveal	object
onscrollend	object
href	undefined
menuBurger	object
menuWrap	object
menuContainerWrap	object
RocketPreloadLinksConfig	object

Mensagens de registo da consola · 295 encontradas

Mensagens registadas na consola web

Level	Origem	Message
error	other	URL https://moovit.com/ Texto Unrecognized Content-Security-Policy directive 'prefetch-src'.
error	security	URL https://moovit.com/ Texto [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-77WmSGVq6PlE+/dOVkQSZGQWCrUBl6KIyLWH507dV1o='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
error	security	URL https://moovit.com/ Texto [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-kJPSENmxg3IQjT1NG6HXzjZoyyxenSrfifEKDZp0D9k='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
error	security	URL https://moovit.com/ Texto [Report Only] Refused to load the image 'https://moovit.com/wp-content/themes/moovit/assets/images/favicon.ico' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
error	security	URL https://moovit.com/ Texto [Report Only] Refused to load the image 'https://moovit.com/wp-content/themes/moovit/assets/images/favicon.png' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
error	security	URL https://moovit.com/ Texto [Report Only] Refused to load the image 'https://static-main.moovit.com/wp-content/uploads/2021/06/22140823/moovit-logo-website.svg' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
error	security	URL https://moovit.com/ Texto [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-gj3hXMTISjefzHKc3LvwPGkgIqBnMTl1JhLIdwcC/O8='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
error	security	URL https://moovit.com/ Texto [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-HDYY6U2YJ1OY+bJ5Wfjr2rSQUWfvwIH2JVCtfSjiHPM='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
error	security	URL https://moovit.com/ Texto [Report Only] Refused to load the stylesheet 'https://moovit.com/wp-includes/css/dist/block-library/style.min.css' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
error	security	URL https://moovit.com/ Texto [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-XxyVGB1dUaFxHwiinIxtAhDJ9XMKnTfbtnUqq/mk+wI='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Cabeçalhos de segurança · 2 encontrados

Cabeçalhos de resposta HTTP que podem reforçar a segurança de uma aplicação web

Nome	Valor	Apoio ao cliente	Informação
Strict-Transport-Security	max-age=63072000	Bom	Declarar que um só site pode ser acedido através de uma ligação segura (HTTPS). Clique para saber mais...
X-Frame-Options	—	Bom	Indicar se um navegador deve ter permissão para renderizar uma página em <frame>, <iframe>, <embed> ou <object>. Clique para saber mais...
X-Content-Type-Options	—	Bom	Indicar que os tipos MIME anunciados nos cabeçalhos Tipo de conteúdo devem ser seguidos e não alterados. Clique para saber mais...
Content-Security-Policy	connect-src 350-wjf-388.mktoresp.com 350-wjf-388.mktoutil.com cdn.acsbapp.com cdn.cookielaw.org cdn.linkedin.oribi.io forms.hubspot.com mlp.moovit.com privacyportal-eu.onetrust.com stats.g.doubleclick.net www.google-analytics.com 'self' 1637314617.rsc.cdn77.org 1986635568.rsc.cdn77.org acsbap.com acsbapp.com adtonus.com analytics.google.com api.adblockertool.com api.adblocknext.com api.amcreativemedia.com api.awesomeblocker.com api.datacloudstat.com api.fbanalytics.org api.mkmediaworks.com api.redirect.li api.solarspireconsulting.com api.trongrid.io api.ultimateaderaser.com browser.translate.yandex.net cdn--prod-acsb-system.acsbapp.com cdn-pr-151--acsb-system--test.acsb-test.com cdn.ampproject.org cdn.contentful.com cdnmd.global-cache.online clientstream.launchdarkly.com code.jquery.com data: detector.scamsniffer.io distillery.wistia.com doublestat.info embed-cloudfront.wistia.com en.wikipedia.org es.wikipedia.org fast.wistia.com fcgt742.com fg8vvsvnieiv3ej16jby.litix.io fr.wikipedia.org get663.com he.wikipedia.org hm.baidu.com infragrid.v.network localhost:49506 meetlookup.com metrics-dra.dt.dbankcloud.cn metrics-dre.dt.dbankcloud.cn moovit.atlassian.net my.wpengine.com notallowed-fibi.co.il pipedream.wistia.com process.acsbapp.com rdtds.net readaloud.googleapis.com redmarket.online region1.analytics.google.com searchaggr-dra.dt.dbankcloud.com searchaggr-dre.dt.dbankcloud.com ssl.google-analytics.com static-main.moovit.com tl.ytlogs.ru translate.googleapis.com triplestat.online w88p9x.com ws://localhost:56792 www.google.co.il www.google.com www.google.com.br www.googletagmanager.com yoast.com yt-skip-ads.com zone1-services-cdn.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' 350-wjf-388.mktoresp.com acsbap.com acsbapp.com app-lon09.marketo.com auth.monday.com blob: cdn.acsbapp.com cdn.cookielaw.org cdn.linkedin.oribi.io company.moovit.com config.mi:8888 data: file forms.hubspot.com forms.monday.com img.youtube.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net munchkin.marketo.net privacyportal-eu.onetrust.com px.ads.linkedin.com px4.ads.linkedin.com self snap.licdn.com static-main.moovit.com stats.g.doubleclick.net track.hubspot.com www.comeet.co www.google-analytics.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.co.id www.google.co.il www.google.co.in www.google.co.nz www.google.co.uk www.google.com www.google.com.ar www.google.com.br www.google.com.ec www.google.com.hk www.google.com.mx www.google.com.my www.google.com.tw www.google.com.uy www.google.cz www.google.de www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.hu www.google.ie www.google.it www.google.lu www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.se www.google.sk www.googleoptimize.com www.googletagmanager.com www.linkedin.com www.youtube.com; font-src 'self' fonts.gstatic.com acsbapp.com api.rabatta.app at.alicdn.com cdn.acsbapp.com cdn.goin.cloud cdn.jsdelivr.net cdn.megabonus.com cdn.scite.ai chrome-extension data: db.onlinewebfonts.com fast.wistia.com fast.wistia.net fonts.bunny.net fonts.cdnfonts.com fonts.googleapis.com github.com maxcdn.bootstrapcdn.com moz-extension qncdn.aoscdn.com ray.st themes.googleusercontent.com use.fontawesome.com use.typekit.net www.slant.co; frame-ancestors moovitapp.com .moovitapp.com moovit.com .moovit.com 'self' about; frame-src www.comeet.co 'self' acestream.me app-lon09.marketo.com auth.monday.com forms.monday.com gateway.zscloud.net m.youtube.com mozbar.moz.com null purplestats.com pwm-image.trendmicro.com remove.video td.doubleclick.net widgets.moovit.com www-developers-moovit-com.filesusr.com www.googletagmanager.com www.payback.it www.youtube.com; img-src 'self' cdn.acsbapp.com data: px.ads.linkedin.com static-main.moovit.com track.hubspot.com www.google-analytics.com www.google.co.il www.google.com www.google.com.ar www.google.com.br www.google.es www.google.fr www.google.it www.googletagmanager.com www.linkedin.com abs.twimg.com accessibe.com acsbapp.com agenciabrasil.ebc.com.br blob: cdn.cookielaw.org cdn.css-tricks.com cdn.honey.io company.moovit.com dify.wpengine.com elmundoporrecorrer.com embed-fastly.wistia.com embed-ssl.wistia.com embedwistia-a.akamaihd.net exceptions.hs-embed-reporting.com fast.wistia.com fast.wistia.net favicon.yandex.net fonts.gstatic.com hm.baidu.com i.ytimg.com img.youtube.com live.staticflickr.com m.megafonpro.ru mc.yandex.ru moovitapp.com mstat.acestream.net mwg-internal pb.sogou.com pos.baidu.com px4.ads.linkedin.com s.w.org searchlog.html5.qq.com secure.gravatar.com ssl.google-analytics.com static.moovitapp.com static.wixstatic.com stg-company.moovit.com translate.google.com translate.googleapis.com uploads-ssl.webflow.com v.gwdang.com web1.acsbapp.com widgets.moovit.com www.google.ad www.google.ae www.google.al www.google.am www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.cr www.google.co.id www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.com.af www.google.com.ag www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.fi www.google.ge www.google.gl www.google.gm www.google.gr www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.je www.google.jo www.google.kg www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.mn www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.si www.google.sk www.google.sm www.google.sn www.google.sr www.google.tg www.google.tm www.google.tn www.google.tt www.google.vu www.gstatic.com www.saogoncalo.rj.gov.br www.stackoverflow.com www.youtube.com yastatic.net; script-src-elem 'self' 'unsafe-inline' acsbap.com app-lon09.marketo.com cdn.cookielaw.org data: js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net munchkin.marketo.net snap.licdn.com www.comeet.co www.google-analytics.com www.googleoptimize.com www.googletagmanager.com 10.17.16.106:15871 192.168.190.113:15871 192.168.190.114:15871 7896543.s3.amazonaws.com acsbapp.com agadata.online apis.google.com app.wistia.com bawimu.tifideyoye.com bokezu.tijapixuno.com cdn.ampproject.org cdn.credithub.com.br cdn.mathjax.org cdnjs.cloudflare.com code.jquery.com connect.facebook.net conoret.com data1.bemitch.com data1.bevuak.com data1.bmi-result.com data1.caliculo.com data1.cevdecer.com data1.elopaqe.com data1.fertoul.com data1.intramys.com data1.lacedefe.com data1.minoporso.com data1.pletar.com data1.pomrolo.com data1.siwathe.com data1.thetto.com fast.wistia.com fast.wistia.net fidoapi.com get663.com javascript.browser.wasscan.tenable localhost:49506 menoli.nuwipidaro.com mstat.acestream.net notallowed-fibi.co.il pilaff-up.ru plaff-go.ru s2.pstatp.com search.imtt.qq.com sijeno.fufesikera.com soidngru.colloquiumz.com ssl.google-analytics.com tafopo.navahididi.com translate-pa.googleapis.com translate.google.com translate.googleapis.com unlockcontent.online veronamile.com widgets.moovit.com www.pagespeed-mod.com yastatic.net; script-src 'self' 'unsafe-inline' acsbap.com cdn.cookielaw.org data: js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net munchkin.marketo.net snap.licdn.com www.google-analytics.com www.googleoptimize.com www.googletagmanager.com 'unsafe-eval' 10.112.125.205:9369 10.112.126.225:9415 10.112.25.211:9228 10.217.23.43:9297 10.54.130.156:9330 acsbapp.com app-lon09.marketo.com cdn.ampproject.org code.jquery.com connect.facebook.net fast.wistia.com fast.wistia.net wasm-eval www.comeet.co; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' app-lon09.marketo.com blob: cdn.honey.io data: fonts.bunny.net fonts.googleapis.com pwm-image.trendmicro.com www.comeet.com www.gstatic.com; style-src 'self' 'unsafe-inline' app-lon09.marketo.com cdn.honey.io data: www.gstatic.com; child-src app-lon09.marketo.com forms.monday.com www.comeet.co www.googletagmanager.com www.youtube.com; form-action 'self'; media-src blob: data: embed-fastly.wistia.com embedwistia-a.akamaihd.net static-main.moovit.com web1.acsbapp.com; prefetch-src 'self' static-main.moovit.com; script-src-attr 'unsafe-inline'; worker-src 'self' blob:	Bom	Controlar os recursos que o agente do utilizador tem permissão para carregar para uma determinada página. Clique para saber mais...
Referrer-Policy	—	Bom	Controlar a quantidade de informações de referência que deve ser incluída nos pedidos. Clique para saber mais...
Clear-Site-Data	—	Bom	Controlar os dados armazenados por um navegador cliente quanto às suas origens. Clique para saber mais...
X-Permitted-Cross-Domain-Policies	—	Bom	Controlar se um cliente web, como o Adobe Flash Player ou o Adobe Acrobat tem permissão para controlar dados entre domínios. Clique para saber mais...
Permissions-Policy	—	Novo	Permitir e negar o uso de recursos do navegador num documento ou iframe. Clique para saber mais...
Cross-Origin-Embedder-Policy	—	Novo	Configurar a incorporação de recursos de origem cruzada no documento. Clique para saber mais...
Cross-Origin-Opener-Policy	—	Novo	Garantir que um documento de nível máximo não partilha um grupo de contexto de navegação com documentos de origem cruzada. Clique para saber mais...
Cross-Origin-Resource-Policy	—	Novo	Solicitar que o navegador bloqueie pedidos sem CORS de origem cruzada/entre sites para o recurso fornecido. Clique para saber mais...
X-XSS-Protection	—	Descontinuado	Descontinuado. Impede o carregamento de páginas quando detetam ataques refletidos de scripting entre sites (XSS). Clique para saber mais...
Feature-Policy	—	Descontinuado	Descontinuado. Substituído pelo cabeçalho Permissões-política. Clique para saber mais...
Expect-CT	—	Descontinuado	Descontinuado. Optar por relatar e/ou aplicar requisitos de transparência de certificados. Clique para saber mais...
Public-Key-Pins	—	Descontinuado	Descontinuado. Permitir que sites HTTPS resistam à falsificação de invasores usando certificados emitidos incorretamente ou fraudulentos. Clique para saber mais...

A interface PerformanceNavigationTiming fornece métricas relativas aos eventos de navegação de documentos do navegador

Processar evento de descarga

Evento	Cronometragem (ms)
unloadEventStart	0
unloadEventEnd	0

Redirecionar

Evento	Cronometragem (ms)
redirectStart	0
redirectEnd	0

Inicialização do Service Worker

Evento	Cronometragem (ms)
workerStart	0

Evento de recolha do Service Worker

Evento	Cronometragem (ms)
fetchStart	272

DNS

Evento	Cronometragem (ms)
domainLookupStart	272
domainLookupEnd	272

TCP

Evento	Cronometragem (ms)
connectStart	274
secureConnectionStart	281
connectEnd	304

Pedido

Evento	Cronometragem (ms)
requestStart	304

Resposta

Evento	Cronometragem (ms)
responseStart	436
responseEnd	483

A processar

Evento	Cronometragem (ms)
domInteractive	997
domContentLoadedEventStart	997
domContentLoadedEventEnd	999
domComplete	1791

Carregar

Evento	Cronometragem (ms)
loadEventStart	1792
loadEventEnd	1792