https://www.hdfclife.com/

Scan ID:: 9b617a3c-2925-4a56-9f08-ba70c9af2b3fFinished
Submitted URL:: https://hdfclife.comRedirected
Report Finished:: Oct 7, 2024, 17:27:40

Risks · 0 found

Practices that may pose security risks

Security Headers · 7 found

HTTP response headers that can harden the security of a web application

Name	Value	Support	Info
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload	Good	Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more...
X-Frame-Options	SAMEORIGIN	Good	Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more...
X-Content-Type-Options	nosniff	Good	Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more...
Content-Security-Policy	default-src 'self' blob: .lemnisk.co .vzeesp.com .mfilterit.net youtube.googleapis.com api.twitter.com graph.facebook.com .hdfclife.net .hdfclife.tech .hdfclife.com www.google-analytics.com www.googletagmanager.com static.cloudflareinsights.com .notifyvisitors.com; img-src* 'self' c.bing.com .lemnisk.co .vzeesp.com .clarity.ms c.clarity.ms p1.zemanta.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com hdfclifecjauat.112.2o7.net .visualwebsiteoptimizer.com maps.gstatic.com .mfilterit.net dm.hybrid.ai dss.hybrid.ai mediasmart.io 3ma79ae7cua.com adgebra.co.in data: dpm.demdex.net .adsymptotic.com t.co s7ap1.scene7.com analytics.twitter.com .fbcdn.net .quora.com alb.reddit.com advertiser.inmobiapis.com p.adsymptotic.com www.linkedin.com s0.2mdn.net .notifyvisitors.com tr.outbrain.com sp.analytics.yahoo.com s7ap1.scene7.com connect.facebook.net .doubleclick.net .taboola.com hdfclife.sc.omtrdc.net ade.clmbtech.com ade.clmbtech.com www.googletagmanager.com i.ytimg.com cm.everesttech.net pixel.mathtag.com maps.googleapis.com .hdfclife.com .hdfclife.tech .hdfclife.net www.google-analytics.com www.google.com www.google.co.in px.ads.linkedin.com www.facebook.com; script-src 'self' blob: cdn.kommunicate.io .lemnisk.co .vzeesp.com .visualwebsiteoptimizer.com app.vwo.com .mfilterit.net 'unsafe-inline' 'unsafe-eval' .hdfclife.com .hdfclife.tech .hdfclife.net www.instagram.com platform.twitter.com cdnjs.cloudflare.com cdn.jsdelivr.net www.google.com assets.adobedtm.com static.cloudflareinsights.com www.googletagmanager.com pixel.mathtag.com www.google-analytics.com unpkg.com .vizury.com lifeai.api-hdfclife.com .doubleclick.net connect.facebook.net snap.licdn.com www.googletagservices.com pagead2.googlesyndication.com www.gstatic.com www.youtube.com maps.googleapis.com hdfclife.demdex.net .taboola.com s3.amazonaws.com s.yimg.com amplify.outbrain.com ajax.googleapis.com tr.outbrain.com www.googletagmanager.com hdfclife.demdex.net www.google-analytics.com assets.adobedtm.com .notifyvisitors.com static.cloudflareinsights.com; font-src* 'self' fonts.gstatic.com .lemnisk.co .vzeesp.com .mfilterit.net .notifyvisitors.com fonts.gstatic.com .hdfclife.com .hdfclife.tech .hdfclife.net data:; style-src* 'self' 'unsafe-inline' fonts.googleapis.com v1.fontapi.ir .lemnisk.co .vzeesp.com .visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com .mfilterit.net .hdfclife.com .hdfclife.tech .hdfclife.net cdn.jsdelivr.net; style-src-elem* 'self' 'unsafe-inline' cdn.jsdelivr.net .hdfclife.com .hdfclife.tech .hdfclife.net fonts.googleapis.com .mfilterit.net .notifyvisitors.com cdn.jsdelivr.net; frame-src* 'self' m.facebook.com .lemnisk.co .vzeesp.com hdfclife.peppysurvey.com .visualwebsiteoptimizer.com app.vwo.com spa.gy ak.gotrackier.com adgebra.co.in .mfilterit.net td.doubleclick.net emd.hybrid.ai tsdtocl.com cdn1.spa.gy lms.mdsmedia.co.in lifeai-widget.apps-hdfclife.com www.facebook.com www.linkedin.com .notifyvisitors.com .twitter.com www.instagram.com .doubleclick.net .fls.doubleclick.net www.youtube.com youtube.com hdfclife.demdex.net .hdfclife.com .hdfclife.tech .hdfclife.net pixel.mathtag.com sg-pl.vizury.com www.google.com; connect-src* 'self' mist.api-hdfclife.com .lemnisk.co .vzeesp.com mu-pl.lemnisk.co amplify.outbrain.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com edge.adobedc.net .clarity.ms adobedc.demdex.net p.clarity.ms px.ads.linkedin.com tr.outbrain.com api.fido.id .visualwebsiteoptimizer.com app.vwo.com fpf.hybrid.ai cdn.linkedin.oribi.io cuberatechnology.piwik.pro cubera.services pixel.cubera.services .mfilterit.net .hdfclife.com vspagy.com bcp.crwdcntrl.net .hdfclife.tech .hdfclife.net s.yimg.com .taboola.com hdfclife.sc.omtrdc.net .google.com maps.googleapis.com .doubleclick.net www.google-analytics.com wss://wsshm.notifyvisitors.com dpm.demdex.net hdfclife.tt.omtrdc.net .notifyvisitors.com; script-src-elem 'self' .quora.com anuvadak.in cdn.kommunicate.io .lemnisk.co .vzeesp.com cdn12.lemnisk.co cdn25.lemnisk.co www.clarity.ms js-tag.zemanta.com a.quora.com wave.outbrain.com app.vwo.com code.fido.id script.mfilterit.net .visualwebsiteoptimizer.com .hdfclife.com .hdfclife.tech .hdfclife.net 'unsafe-inline' cubera.containers.piwik.pro googleads.g.doubleclick.net www.googleadservices.com pixel.cubera.services www.googleadservices.com .hybrid.ai cuberatechnology.containers.piwik.pro cubera.services assets.adobedtm.com .notifyvisitors.com static.cloudflareinsights.com www.googletagmanager.com lifeai.api-hdfclife.com cdn.jsdelivr.net www.google-analytics.com www.instagram.com .twitter.com cdnjs.cloudflare.com hdfclife.demdex.net ad.doubleclick.net connect.facebook.net .taboola.com snap.licdn.com s.yimg.com www.googletagservices.com pagead2.googlesyndication.com unpkg.com t.co static.ads-twitter.com www.youtube.com tsdtocl.com amplify.outbrain.com www.google.com www.redditstatic.com .inmobicdn.net tr.outbrain.com ajax.googleapis.com www.gstatic.com maps.googleapis.com tags.crwdcntrl.net; worker-src 'self' blob:	Good	Control resources the user agent is allowed to load for a given page. Click to learn more...
Referrer-Policy	strict-origin	Good	Control how much referrer information should be included with requests. Click to learn more...
Clear-Site-Data	—	Good	Control the data stored by a client browser for their origins. Click to learn more...
X-Permitted-Cross-Domain-Policies	—	Good	Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more...
Permissions-Policy	geolocation=(); midi=(); sync-xhr=(); microphone=(); camera=(); magnetometer=(); gyroscope=(); fullscreen=('self' https://.youtube.com https://youtube.com); payment*=()	New	Allow and deny the use of browser features in a document or iframe. Click to learn more...
Cross-Origin-Embedder-Policy	—	New	Configure embedding cross-origin resources into the document. Click to learn more...
Cross-Origin-Opener-Policy	—	New	Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more...
Cross-Origin-Resource-Policy	—	New	Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more...
X-XSS-Protection	1; mode=block	Deprecated	Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more...
Feature-Policy	—	Deprecated	Deprecated. Replaced by the Permissions-Policy header. Click to learn more...
Expect-CT	—	Deprecated	Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more...
Public-Key-Pins	—	Deprecated	Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more...

Security Violations · 1 found

Requests or resources offending security policies

Violation	Type	Info
Resource https://www.hdfclife.com/ Description Refused to load the image 'https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RJ2NZX0VBX&cid=804381152.1728322075&gtm=45je4a20v885101060z8861769971za200zb861769971&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101671035~101747727&tag_exp=101671035~101747727&z=1128442495' because it violates the following Content Security Policy directive: "img-src 'self' c.bing.com .lemnisk.co .vzeesp.com .clarity.ms c.clarity.ms p1.zemanta.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com hdfclifecjauat.112.2o7.net .visualwebsiteoptimizer.com maps.gstatic.com .mfilterit.net dm.hybrid.ai dss.hybrid.ai mediasmart.io 3ma79ae7cua.com adgebra.co.in data: dpm.demdex.net .adsymptotic.com t.co s7ap1.scene7.com analytics.twitter.com .fbcdn.net .quora.com alb.reddit.com advertiser.inmobiapis.com p.adsymptotic.com www.linkedin.com s0.2mdn.net .notifyvisitors.com tr.outbrain.com sp.analytics.yahoo.com s7ap1.scene7.com connect.facebook.net .doubleclick.net .taboola.com hdfclife.sc.omtrdc.net ade.clmbtech.com ade.clmbtech.com www.googletagmanager.com i.ytimg.com cm.everesttech.net pixel.mathtag.com maps.googleapis.com .hdfclife.com .hdfclife.tech .hdfclife.net www.google-analytics.com www.google.com www.google.co.in px.ads.linkedin.com www.facebook.com".	Content Security Policy	Control resources the user agent is allowed to load for a given page. Click to learn more...

Certificates · 16 found

SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification

Subject	Issue date	Expiry date
hdfclife.com	Sep 14, 2024, 23:15:48	Dec 14, 2024, 00:15:23
assets.adobedtm.com	Jul 9, 2024, 00:00:00	Aug 9, 2025, 23:59:59
*.tt.omtrdc.net	Feb 26, 2024, 00:00:00	Mar 28, 2025, 23:59:59
adobedc.demdex.net	Oct 22, 2023, 00:00:00	Nov 21, 2024, 23:59:59
cloudflareinsights.com	Sep 3, 2024, 08:38:23	Dec 2, 2024, 08:38:22
*.google-analytics.com	Sep 16, 2024, 08:55:43	Dec 9, 2024, 08:55:42
notifyvisitors.com	May 14, 2024, 00:00:00	Jun 12, 2025, 23:59:59
*.lemnisk.co	Oct 19, 2023, 00:00:00	Nov 5, 2024, 23:59:59
*.g.doubleclick.net	Sep 16, 2024, 08:55:42	Dec 9, 2024, 08:55:41
*.scene7.com	Nov 26, 2023, 00:00:00	Nov 26, 2024, 23:59:59