https://www.bentley.com/

Scan ID:: 355cc41a-e177-450d-9fef-99de1775066fFinished
Submitted URL:: https://bentley.com/Redirected
Report Finished:: Jan 31, 2025, 22:33:41

Risks · 0 found

Practices that may pose security risks

Security Headers · 6 found

HTTP response headers that can harden the security of a web application

Name	Value	Support	Info
Strict-Transport-Security	max-age=31536000	Good	Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more...
X-Frame-Options	—	Good	Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more...
X-Content-Type-Options	nosniff	Good	Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more...
Content-Security-Policy	default-src 'self' blob:; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' data: app-ab56.marketo.com cdn.jsdelivr.net d2c7xlmseob604.cloudfront.net js.hs-scripts.com munchkin.marketo.net translate.google.com/translate_a/element.js web.bentley.com .ads.linkedin.com .ads-twitter.com .amazonaws.com .bentley.com .bing.com .brightcove.net .byspotify.com www.clarity.ms .cloudflare.com .cloudfront.net .company-target.com .demandbase.com .doubleclick.net .facebook.net .feedbackify.com .flockler.com .getsmartling.com .google-analytics.com .google.com googleads.g.doubleclick.net .googleadservices.com .googleapis.com .googletagmanager.com www.google-analytics.com www.google.com .gstatic.cn .gstatic.com .hsforms.net .jotform.com .marketo.com .marketo.net .mouseflow.com .onetrust.com .pagespeed-mod.com .pingdom.net pixel.byspotify.com qvdt3feo.com .recaptcha.net .redditstatic.com static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js .salesloft.com .surveysparrow.com tags.srv.stackadapt.com .tourial.com .twitter.com .userway.org .zencdn.net 1.safecdn01.com accessibilityserver.org api.hubspot.com bat.bing.com/bat.js beacon-v2.helpscout.net/ bentleypocstg.wpengine.com blibok.com c.itaozi.cn cdn.cookielaw.org cdn.mathjax.org cdn.mouseflow.com click.easypower.com client.prod.mplat-ppcprotect.com connect.facebook.net conoret.com cookie-cdn.cookiepro.com d2c7xlmseob604.cloudfront.net fast.wistia.com form.jotform.com/static/feedback.js forms.hubspot.com gateway.on24.com images.uc.cn js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectforms.net js.hsforms.net js.hsleadflows.net js.hubspot.com js.usemessages.com mstat.acestream.net munchkin.marketo.net ob.segreencolumn.com pixel.byspotify.com players.brightcove.net relatedgamesnet-a.akamaihd.net scout-cdn.salesloft.com search.imtt.qq.com service.excentos.com snap.licdn.com snap.licdn.com/li.lms-analytics/insight.min.js static.ads-twitter.com tag.demandbase.com tags.srv.stackadapt.com ucads-cdn.ucweb.com unpkg.com unpkg.zhimg.com vjs.zencdn.net w8o39.m70vee7.com .youtube.com .visualwebsiteoptimizer.com app.vwo.com; style-src* 'self' 'report-sample' 'unsafe-inline' data: app-ab56.marketo.com .bentley.com .googleapis.com cdn.jsdelivr.net .easypower.com service.excentos.com s3.amazonaws.com tags.srv.stackadapt.com .visualwebsiteoptimizer.com app.vwo.com .userway.org web.bentley.com; object-src* 'self' .brightcove.net; connect-src* 'self' data: localhost: ad.doubleclick.net gjtrack.ucweb.com https: .doubleclick.net .hubspot.com adservice.google.com bcbolt446c5271-a.akamaihd.net bcsecure01-a.akamaihd.net forms.hubspot.com manifest.prod.boltdns.net stats.g.doubleclick.net wss://www.bentley.com .visualwebsiteoptimizer.com app.vwo.com; font-src* 'self' data: themes.googleusercontent.com https:; frame-ancestors 'self' .bentley.com .docebosaas.com/ bentleysystems.gcs-web.com/ bentleysystems-preview.gcs-web.com/; frame-src 7668309.hs-sites.com/ app-ab56.marketo.com www.facebook.com .bentley.com .brightcove.net .core.windows.net .doubleclick.net .facebook.com .flickr.com .getsmartling.com .google.com .googletagmanager.com .hs-scripts.com .hsforms.com .hsforms.net .hubspot.com .jotform.com .menlosecurity.com .on24.com .onetrust.com .podbean.com .recaptcha.net .surveysparrow.com .tourial.com .twitter.com .userway.org .wpengine.com .youtube.com .zscalerthree.net 7rx80283.ibosscloud.com block.opendns.com blocked.freedom.to bpb.opendns.com cdn.cookielaw.org click.easypower.com div.show gateway.zscaler.net gateway.zscalertwo.net gateway.zscloud.net leap13.github.io login.zscloud.net mozbar.moz.com .statuspage.io remove.video s.company-target.com skytraf.xyz www.ciuvo.com zswpmanager.wip.mmc.com wp-rocket.me/ app.vwo.com .visualwebsiteoptimizer.com; img-src 'self' blob: data: www.bentley.com https: t.co .visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; manifest-src* 'self' www.bentley.com; media-src 'self' blob: data: https:; report-uri 6449169ef1e3671a29137d52.endpoint.csper.io?v=7; worker-src 'self' blob:;	Good	Control resources the user agent is allowed to load for a given page. Click to learn more...
Referrer-Policy	no-referrer-when-downgrade	Good	Control how much referrer information should be included with requests. Click to learn more...
Clear-Site-Data	—	Good	Control the data stored by a client browser for their origins. Click to learn more...
X-Permitted-Cross-Domain-Policies	—	Good	Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more...
Permissions-Policy	camera=(); microphone=()	New	Allow and deny the use of browser features in a document or iframe. Click to learn more...
Cross-Origin-Embedder-Policy	—	New	Configure embedding cross-origin resources into the document. Click to learn more...
Cross-Origin-Opener-Policy	—	New	Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more...
Cross-Origin-Resource-Policy	—	New	Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more...
X-XSS-Protection	—	Deprecated	Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more...
Feature-Policy	camera=(); microphone=()	Deprecated	Deprecated. Replaced by the Permissions-Policy header. Click to learn more...
Expect-CT	—	Deprecated	Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more...
Public-Key-Pins	—	Deprecated	Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more...

Security Violations · 0 found

Requests or resources offending security policies

Certificates · 10 found

SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification

Subject	Issue date	Expiry date
www.bentley.com	Jan 1, 2025, 07:45:53	Apr 1, 2025, 08:45:47
upload.video.google.com	Jan 20, 2025, 08:37:08	Apr 14, 2025, 08:37:07
*.visualwebsiteoptimizer.com	Jun 29, 2024, 05:16:26	Jul 31, 2025, 05:16:26
*.google-analytics.com	Jan 20, 2025, 08:36:04	Apr 14, 2025, 08:36:03
*.gstatic.com	Jan 20, 2025, 08:37:07	Apr 14, 2025, 08:37:06
cookielaw.org	Dec 9, 2024, 19:16:11	Mar 9, 2025, 20:16:09
1667503734.rsc.cdn77.org	Dec 4, 2024, 04:53:02	Mar 4, 2025, 04:53:01
geolocation.onetrust.com	Dec 9, 2024, 18:59:53	Mar 9, 2025, 19:59:51
api.userway.org	Aug 2, 2024, 00:00:00	Aug 31, 2025, 23:59:59
1784939676.rsc.cdn77.org	Dec 27, 2024, 22:51:53	Mar 27, 2025, 22:51:52