https://www.npci.org.in/what-we-do/rupay/merchant-category-code

ID da verificação: fb70fb9f-05e4-4f59-af45-357ecadec82bConcluído
URL enviado:: https://www.npci.org.in/what-we-do/rupay/merchant-category-code
Relatório concluído:: 20/11/2024, 07:08:01

Riscos · 0 encontrados

Práticas que podem representar riscos de segurança

Cabeçalhos de segurança · 4 encontrados

Cabeçalhos de resposta HTTP que podem reforçar a segurança de uma aplicação web

Nome	Valor	Apoio ao cliente	Informação
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload	Bom	Declarar que um só site pode ser acedido através de uma ligação segura (HTTPS). Clique para saber mais...
X-Frame-Options	SAMEORIGIN	Bom	Indicar se um navegador deve ter permissão para renderizar uma página em <frame>, <iframe>, <embed> ou <object>. Clique para saber mais...
X-Content-Type-Options	—	Bom	Indicar que os tipos MIME anunciados nos cabeçalhos Tipo de conteúdo devem ser seguidos e não alterados. Clique para saber mais...
Content-Security-Policy	default-src 'self' 'unsafe-inline' data: blob: https://.npci.org.in https://.upichalega.com https://.rupay.co.in https://.netc.org.in https://.bhimupi.org.in https://.bharatbillpay.com https://.googletagmanager.com https://.linodeobjects.com https://.facebook.net https://.twitter.com https://.linkedin.com https://.corover.mobi https://.youtube.com https://.google.com https://10655493.fls.doubleclick.net https://9916724.fls.doubleclick.net https://www.google-analytics.com https://securepubads.g.doubleclick.net https://cdn.syndication.twimg.com https://.google.co.in https://fed1f71ba754a949498e84bf7234e4f2.safeframe.googlesyndication.com https://uiresource.blob.core.windows.net https://10001767.fls.doubleclick.net https://.doubleclick.net https://.googlesyndication.com https://.android.com https://.fbcdn.net https://.instagram.com https://.adobe.com https://.adobe.io https://.blob.core.windows.net https://.express https://.amazonaws.com https://.flaticon.com https://api-branddb.jcb.jp; frame-ancestors https://.npci.org.in https://.upichalega.com https://.rupay.co.in https://.netc.org.in https://.bhimupi.org.in https://.bharatbillpay.com https://.adobe.com https://.adobe.io https://.google.com https://.googlesyndication.com https://.blob.core.windows.net; frame-src* 'self' https://career.npci.org.in https://.linodeobjects.com https://.googlesyndication.com https://.facebook.com https://.twitter.com https://.linkedin.com https://.corover.mobi https://.youtube.com https://.adobe.com https://.adobe.io https://.google.com https://digisaathi.info https://.blob.core.windows.net https://.express https://.amazonaws.com; img-src* 'self' data: https://.npci.org.in https://.upichalega.com https://.rupay.co.in https://.netc.org.in https://.bhimupi.org.in https://.bharatbillpay.com https://.corover.mobi https://www.google-analytics.com https://.linodeobjects.com https://.google.com https://.google.co.in https://.googlesyndication.com https://.doubleclick.net https://.twimg.com https://.twitter.com https://.adobe.com https://.adobe.io https://.blob.core.windows.net https://storage.googleapis.com; script-src* 'self' 'unsafe-inline' 'unsafe-eval' https://.npci.org.in https://.upichalega.com https://.rupay.co.in https://.netc.org.in https://.bhimupi.org.in https://.bharatbillpay.com https://.google.com https://.googletagmanager.com https://.linodeobjects.com https://digisaathi.info https://.twitter.com https://www.linkedin.com https://.youtube.com https://10655493.fls.doubleclick.net https://9916724.fls.doubleclick.net https://www.google-analytics.com https://securepubads.g.doubleclick.net https://cdn.syndication.twimg.com https://.facebook.net https://.google.co.in https://.googlesyndication.com https://uiresource.blob.core.windows.net https://10001767.fls.doubleclick.net https://.doubleclick.net https://.googlesyndication.com https://.corover.mobi https://.corover.ai https://.googletagservices.com https://.fbcdn.net https://.instagram.com https://.adobe.com https://.android.com https://.adobe.io https://.pdfjs.express https://.amazonaws.com blob:; style-src 'self' 'unsafe-inline' https://.npci.org.in https://.upichalega.com https://.rupay.co.in https://.netc.org.in https://.bhimupi.org.in https://.bharatbillpay.com https://.googletagmanager.com https://.linodeobjects.com https://.facebook.net https://.twitter.com https://www.linkedin.com https://.youtube.com https://10655493.fls.doubleclick.net https://9916724.fls.doubleclick.net https://www.google-analytics.com https://securepubads.g.doubleclick.net https://.twimg.com https://.google.co.in https://.googlesyndication.com https://uiresource.blob.core.windows.net https://10001767.fls.doubleclick.net https://.doubleclick.net https://ton.twimg.com https://.googlesyndication.com https://.google.com https://.googletagservices.com https://.corover.mobi https://.fbcdn.net https://.instagram.com https://.android.com; object-src * 'self' blob:;	Bom	Controlar os recursos que o agente do utilizador tem permissão para carregar para uma determinada página. Clique para saber mais...
Referrer-Policy	—	Bom	Controlar a quantidade de informações de referência que deve ser incluída nos pedidos. Clique para saber mais...
Clear-Site-Data	—	Bom	Controlar os dados armazenados por um navegador cliente quanto às suas origens. Clique para saber mais...
X-Permitted-Cross-Domain-Policies	—	Bom	Controlar se um cliente web, como o Adobe Flash Player ou o Adobe Acrobat tem permissão para controlar dados entre domínios. Clique para saber mais...
Permissions-Policy	—	Novo	Permitir e negar o uso de recursos do navegador num documento ou iframe. Clique para saber mais...
Cross-Origin-Embedder-Policy	—	Novo	Configurar a incorporação de recursos de origem cruzada no documento. Clique para saber mais...
Cross-Origin-Opener-Policy	—	Novo	Garantir que um documento de nível máximo não partilha um grupo de contexto de navegação com documentos de origem cruzada. Clique para saber mais...
Cross-Origin-Resource-Policy	—	Novo	Solicitar que o navegador bloqueie pedidos sem CORS de origem cruzada/entre sites para o recurso fornecido. Clique para saber mais...
X-XSS-Protection	0	Descontinuado	Descontinuado. Impede o carregamento de páginas quando detetam ataques refletidos de scripting entre sites (XSS). Clique para saber mais...
Feature-Policy	—	Descontinuado	Descontinuado. Substituído pelo cabeçalho Permissões-política. Clique para saber mais...
Expect-CT	—	Descontinuado	Descontinuado. Optar por relatar e/ou aplicar requisitos de transparência de certificados. Clique para saber mais...
Public-Key-Pins	—	Descontinuado	Descontinuado. Permitir que sites HTTPS resistam à falsificação de invasores usando certificados emitidos incorretamente ou fraudulentos. Clique para saber mais...

Violações de segurança · 4 encontradas

Pedidos ou recursos que ofendem as políticas de segurança

Violação	Tipo	Informação
Recurso https://www.googletagmanager.com/gtag/js?id=G-HCGYNL0JL5&l=dataLayer&cx=c&gtm=45He4bj0v812973151za200 Descrição Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-HCGYNL0JL5&gtm=45je4bj0v868710318z8812973151za200zb812973151&_p=1732086496978&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1354922233.1732086499&ul=en-us&sr=1x1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1732086499&sct=1&seg=0&dl=https%3A%2F%2Fwww.npci.org.in%2Fwhat-we-do%2Frupay%2Fmerchant-category-code&dt=Merchant%20Category%20Code&en=page_view&_fv=1&_ss=1&tfd=2610' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' data: blob: https://.npci.org.in https://.upichalega.com https://.rupay.co.in https://.netc.org.in https://.bhimupi.org.in https://.bharatbillpay.com https://.googletagmanager.com https://.linodeobjects.com https://.facebook.net https://.twitter.com https://.linkedin.com https://.corover.mobi https://.youtube.com https://.google.com https://10655493.fls.doubleclick.net https://9916724.fls.doubleclick.net https://www.google-analytics.com https://securepubads.g.doubleclick.net https://cdn.syndication.twimg.com https://.google.co.in https://fed1f71ba754a949498e84bf7234e4f2.safeframe.googlesyndication.com https://uiresource.blob.core.windows.net https://10001767.fls.doubleclick.net https://.doubleclick.net https://.googlesyndication.com https://.android.com https://.fbcdn.net https://.instagram.com https://.adobe.com https://.adobe.io https://.blob.core.windows.net https://.express https://.amazonaws.com https://.flaticon.com https://api-branddb.jcb.jp". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.	Política de segurança de conteúdo	Controlar os recursos que o agente do utilizador tem permissão para carregar para uma determinada página. Clique para saber mais...
Recurso https://www.googletagmanager.com/gtag/js?id=G-HCGYNL0JL5&l=dataLayer&cx=c&gtm=45He4bj0v812973151za200 Descrição Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-HCGYNL0JL5&gtm=45je4bj0v868710318z8812973151za200zb812973151&_p=1732086496978&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=1354922233.1732086499&ul=en-us&sr=1x1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1732086499&sct=1&seg=0&dl=https%3A%2F%2Fwww.npci.org.in%2Fwhat-we-do%2Frupay%2Fmerchant-category-code&dt=Merchant%20Category%20Code&en=page_view&_fv=1&_ss=1&tfd=2610' because it violates the document's Content Security Policy.	Política de segurança de conteúdo	Controlar os recursos que o agente do utilizador tem permissão para carregar para uma determinada página. Clique para saber mais...
Recurso https://www.npci.org.in/what-we-do/rupay/merchant-category-code Descrição Refused to load media from 'https://cdn.jsdelivr.net/gh/corover/assets@latest/Pai_assets/blod-popup.mp3' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' data: blob: https://.npci.org.in https://.upichalega.com https://.rupay.co.in https://.netc.org.in https://.bhimupi.org.in https://.bharatbillpay.com https://.googletagmanager.com https://.linodeobjects.com https://.facebook.net https://.twitter.com https://.linkedin.com https://.corover.mobi https://.youtube.com https://.google.com https://10655493.fls.doubleclick.net https://9916724.fls.doubleclick.net https://www.google-analytics.com https://securepubads.g.doubleclick.net https://cdn.syndication.twimg.com https://.google.co.in https://fed1f71ba754a949498e84bf7234e4f2.safeframe.googlesyndication.com https://uiresource.blob.core.windows.net https://10001767.fls.doubleclick.net https://.doubleclick.net https://.googlesyndication.com https://.android.com https://.fbcdn.net https://.instagram.com https://.adobe.com https://.adobe.io https://.blob.core.windows.net https://.express https://.amazonaws.com https://.flaticon.com https://api-branddb.jcb.jp". Note that 'media-src' was not explicitly set, so 'default-src' is used as a fallback.	Política de segurança de conteúdo	Controlar os recursos que o agente do utilizador tem permissão para carregar para uma determinada página. Clique para saber mais...
Recurso https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202411180101/pubads_impl.js?cb=31089086 Descrição Refused to connect to 'https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202411180101&st=env' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' data: blob: https://.npci.org.in https://.upichalega.com https://.rupay.co.in https://.netc.org.in https://.bhimupi.org.in https://.bharatbillpay.com https://.googletagmanager.com https://.linodeobjects.com https://.facebook.net https://.twitter.com https://.linkedin.com https://.corover.mobi https://.youtube.com https://.google.com https://10655493.fls.doubleclick.net https://9916724.fls.doubleclick.net https://www.google-analytics.com https://securepubads.g.doubleclick.net https://cdn.syndication.twimg.com https://.google.co.in https://fed1f71ba754a949498e84bf7234e4f2.safeframe.googlesyndication.com https://uiresource.blob.core.windows.net https://10001767.fls.doubleclick.net https://.doubleclick.net https://.googlesyndication.com https://.android.com https://.fbcdn.net https://.instagram.com https://.adobe.com https://.adobe.io https://.blob.core.windows.net https://.express https://.amazonaws.com https://.flaticon.com https://api-branddb.jcb.jp". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.	Política de segurança de conteúdo	Controlar os recursos que o agente do utilizador tem permissão para carregar para uma determinada página. Clique para saber mais...

Certificados · 5 encontrados

Os certificados SSL/TLS permitem que os sites encriptem transações entre o cliente e o servidor e forneçam a verificação de identidade do servidor

Assunto	Data de emissão	Data de validade
www.npci.org.in	8/10/2024, 00:00:00	8/11/2025, 23:59:59
*.google-analytics.com	21/10/2024, 08:36:57	13/01/2025, 08:36:56
*.g.doubleclick.net	21/10/2024, 08:36:57	13/01/2025, 08:36:56
npci.corover.ai	4/11/2024, 08:28:49	2/02/2025, 08:28:48
storage.googleapis.com	21/10/2024, 08:40:53	13/01/2025, 08:40:52