https://www.sanborns.com.mx/

Scan ID:: 40ff20a2-c3e5-4385-90d0-f69492351d7eFinished
Submitted URL:: https://www.sanborns.com.mx/
Report Finished:: Jan 15, 2025, 21:54:17

Risks · 0 found

Practices that may pose security risks

Security Headers · 3 found

HTTP response headers that can harden the security of a web application

Name	Value	Support	Info
Strict-Transport-Security	max-age=15724800; includeSubDomains	Good	Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more...
X-Frame-Options	—	Good	Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more...
X-Content-Type-Options	nosniff	Good	Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more...
Content-Security-Policy	default-src 'self' blob: https://event.syndigo.cloud https://.syndigo.com/ https://content.syndigo.com/ https://api.emarsys.net/api/v2/* https://yrjk5wm0ee-1.algolianet.com https://yrjk5wm0ee-2.algolianet.com https://yrjk5wm0ee-3.algolianet.com https://yrjk5wm0ee-dsn.algolia.net https://.algolia.io https://.algolia.net/ https://.scaletrk.com https://hotjar.com https://salesclix.net/ https://res.cloudinary.com/powerreviews/ https://ui.powerreviews.com/ https://t.powerreviews.com/ https://webchannel-content.eservice.emarsys.net/ https://cdn.taboola.com/ https://.googlesyndication.com/ https://.taboola.com/ https://.sanborns.com.mx https://.paypal.com/ https://pagead2.googlesyndication.com/ https://.safeframe.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://.uniko.co/ https://.instana.io/ https://seapi.sanborns.com.mx/ https://staticw2.yotpo.com/ https://.yotpo.com/ https://resources.claroshop.com/ https://.youtube.com https://.flixfacts.com/ https://.flixsyndication.net/ https://.flixfacts.co.uk/ https://.flixcar.com/ https://.flix360.com/ https://.go-mpulse.net https://s.go-mpulse.net https://pixel-sync.sitescout.com https://.poder.io/ https://www.clima.com https://www.googletagmanager.com https://www.sanborns.com.mx https://resources.sanborns.com.mx https://.zopim.io https://www.youtube.com https://staasobj-api.telmex.com https://staasobj-api.telmex.com https://.online-metrix.net/ https://.adsrvr.org https://.doubleclick.net https://dsync.rlcdn.com https://.facebook.com https://.facebook.net https://.gigya.com https://.googleadservices.com https://.google-analytics.com https://.googleapis.com https://.google.com https://.google.com.mx https://.googletagmanager.com https://.gstatic.com https://.hotjar.com https://ib.adnxs.com https://.jquery.com https://.krxd.net https://.pingdom.net https://.scarabresearch.com https://.thefancy.com https://.wisepops.com https://.criteo.com https://.creativecdn.com https://.zdassets.com https://.criteo.net https://checkout.payulatam.com https://graylog.hotjar.com:12443 wss://.hotjar.com/ wss://.zopim.com https://.zopim.com https://web-sdk-cdn.singular.net https://analytics.tiktok.com https://api.claropagos.com https://loginclaro.com https://.powerreviews.com data: 'unsafe-inline' 'unsafe-eval'	Good	Control resources the user agent is allowed to load for a given page. Click to learn more...
Referrer-Policy	—	Good	Control how much referrer information should be included with requests. Click to learn more...
Clear-Site-Data	—	Good	Control the data stored by a client browser for their origins. Click to learn more...
X-Permitted-Cross-Domain-Policies	—	Good	Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more...
Permissions-Policy	—	New	Allow and deny the use of browser features in a document or iframe. Click to learn more...
Cross-Origin-Embedder-Policy	—	New	Configure embedding cross-origin resources into the document. Click to learn more...
Cross-Origin-Opener-Policy	—	New	Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more...
Cross-Origin-Resource-Policy	—	New	Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more...
X-XSS-Protection	—	Deprecated	Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more...
Feature-Policy	—	Deprecated	Deprecated. Replaced by the Permissions-Policy header. Click to learn more...
Expect-CT	—	Deprecated	Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more...
Public-Key-Pins	—	Deprecated	Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more...

Security Violations · 2 found

Requests or resources offending security policies

Violation	Type	Info
Resource https://www.sanborns.com.mx/ Description Refused to load the image 'https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-9JTKT3F2ZS&cid=1172137844.1736978081&gtm=45je51e0v888583879z8859033452za200zb859033452&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=648610869' because it violates the following Content Security Policy directive: "default-src 'self' blob: https://event.syndigo.cloud https://.syndigo.com/ https://content.syndigo.com/ https://api.emarsys.net/api/v2/* https://yrjk5wm0ee-1.algolianet.com https://yrjk5wm0ee-2.algolianet.com https://yrjk5wm0ee-3.algolianet.com https://yrjk5wm0ee-dsn.algolia.net https://.algolia.io https://.algolia.net/ https://.scaletrk.com https://hotjar.com https://salesclix.net/ https://res.cloudinary.com/powerreviews/ https://ui.powerreviews.com/ https://t.powerreviews.com/ https://webchannel-content.eservice.emarsys.net/ https://cdn.taboola.com/ https://.googlesyndication.com/ https://.taboola.com/ https://.sanborns.com.mx https://.paypal.com/ https://pagead2.googlesyndication.com/ https://.safeframe.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://.uniko.co/ https://.instana.io/ https://seapi.sanborns.com.mx/ https://staticw2.yotpo.com/ https://.yotpo.com/ https://resources.claroshop.com/ https://.youtube.com https://.flixfacts.com/ https://.flixsyndication.net/ https://.flixfacts.co.uk/ https://.flixcar.com/ https://.flix360.com/ https://.go-mpulse.net https://s.go-mpulse.net https://pixel-sync.sitescout.com https://.poder.io/ https://www.clima.com https://www.googletagmanager.com https://www.sanborns.com.mx https://resources.sanborns.com.mx https://.zopim.io https://www.youtube.com https://staasobj-api.telmex.com https://staasobj-api.telmex.com https://.online-metrix.net/ https://.adsrvr.org https://.doubleclick.net https://dsync.rlcdn.com https://.facebook.com https://.facebook.net https://.gigya.com https://.googleadservices.com https://.google-analytics.com https://.googleapis.com https://.google.com https://.google.com.mx https://.googletagmanager.com https://.gstatic.com https://.hotjar.com https://ib.adnxs.com https://.jquery.com https://.krxd.net https://.pingdom.net https://.scarabresearch.com https://.thefancy.com https://.wisepops.com https://.criteo.com https://.creativecdn.com https://.zdassets.com https://.criteo.net https://checkout.payulatam.com https://graylog.hotjar.com:12443 wss://.hotjar.com/ wss://.zopim.com https://.zopim.com https://web-sdk-cdn.singular.net https://analytics.tiktok.com https://api.claropagos.com https://loginclaro.com https://.powerreviews.com data: 'unsafe-inline' 'unsafe-eval'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.	Content Security Policy	Controls resources the user agent is allowed to load for a given page. Click to learn more...
Resource https://www.sanborns.com.mx/ Description Refused to load the image 'https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-WY79FXJDVQ&cid=1172137844.1736978081&gtm=45je51e0v9179674181za200zb859033452&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102123607~102198178&tag_exp=101925629~102067555~102067808~102081485~102123607~102198178&z=687682506' because it violates the following Content Security Policy directive: "default-src 'self' blob: https://event.syndigo.cloud https://.syndigo.com/ https://content.syndigo.com/ https://api.emarsys.net/api/v2/* https://yrjk5wm0ee-1.algolianet.com https://yrjk5wm0ee-2.algolianet.com https://yrjk5wm0ee-3.algolianet.com https://yrjk5wm0ee-dsn.algolia.net https://.algolia.io https://.algolia.net/ https://.scaletrk.com https://hotjar.com https://salesclix.net/ https://res.cloudinary.com/powerreviews/ https://ui.powerreviews.com/ https://t.powerreviews.com/ https://webchannel-content.eservice.emarsys.net/ https://cdn.taboola.com/ https://.googlesyndication.com/ https://.taboola.com/ https://.sanborns.com.mx https://.paypal.com/ https://pagead2.googlesyndication.com/ https://.safeframe.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://.uniko.co/ https://.instana.io/ https://seapi.sanborns.com.mx/ https://staticw2.yotpo.com/ https://.yotpo.com/ https://resources.claroshop.com/ https://.youtube.com https://.flixfacts.com/ https://.flixsyndication.net/ https://.flixfacts.co.uk/ https://.flixcar.com/ https://.flix360.com/ https://.go-mpulse.net https://s.go-mpulse.net https://pixel-sync.sitescout.com https://.poder.io/ https://www.clima.com https://www.googletagmanager.com https://www.sanborns.com.mx https://resources.sanborns.com.mx https://.zopim.io https://www.youtube.com https://staasobj-api.telmex.com https://staasobj-api.telmex.com https://.online-metrix.net/ https://.adsrvr.org https://.doubleclick.net https://dsync.rlcdn.com https://.facebook.com https://.facebook.net https://.gigya.com https://.googleadservices.com https://.google-analytics.com https://.googleapis.com https://.google.com https://.google.com.mx https://.googletagmanager.com https://.gstatic.com https://.hotjar.com https://ib.adnxs.com https://.jquery.com https://.krxd.net https://.pingdom.net https://.scarabresearch.com https://.thefancy.com https://.wisepops.com https://.criteo.com https://.creativecdn.com https://.zdassets.com https://.criteo.net https://checkout.payulatam.com https://graylog.hotjar.com:12443 wss://.hotjar.com/ wss://.zopim.com https://.zopim.com https://web-sdk-cdn.singular.net https://analytics.tiktok.com https://api.claropagos.com https://loginclaro.com https://.powerreviews.com data: 'unsafe-inline' 'unsafe-eval'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.	Content Security Policy	Controls resources the user agent is allowed to load for a given page. Click to learn more...

Certificates · 11 found

SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification

Subject	Issue date	Expiry date
sanborns.com.mx	Sep 10, 2024, 00:00:00	Sep 10, 2025, 23:59:59
*.gstatic.com	Dec 9, 2024, 08:37:20	Mar 3, 2025, 08:37:19
*.powerreviews.com	Oct 26, 2024, 00:00:00	Nov 23, 2025, 23:59:59
s2.go-mpulse.net	Dec 3, 2024, 14:00:32	Mar 3, 2025, 14:00:31
*.google-analytics.com	Dec 9, 2024, 08:36:18	Mar 3, 2025, 08:36:17
*.instana.io	Apr 10, 2024, 00:00:00	Apr 10, 2025, 23:59:59
*.scarabresearch.com	Jul 19, 2024, 00:00:00	Aug 16, 2025, 23:59:59
upload.video.google.com	Dec 9, 2024, 08:37:20	Mar 3, 2025, 08:37:19
*.g.doubleclick.net	Dec 9, 2024, 08:36:17	Mar 3, 2025, 08:36:16
www.google.com	Dec 9, 2024, 08:38:06	Mar 3, 2025, 08:38:05