- Scan ID:
- a29a090d-4ba8-41cd-b280-46534a1bfad0Finished
- Submitted URL:
- https://pipedrive.comRedirected
- Report Finished:
Risks · 0 found
Practices that may pose security risks
Security Headers · 6 found
HTTP response headers that can harden the security of a web application
Learn more...| Name | Value | Support | Info |
|---|---|---|---|
| Strict-Transport-Security | max-age=31536000; includeSubDomains | Good | Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more... |
| X-Frame-Options | SAMEORIGIN | Good | Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more... |
| X-Content-Type-Options | nosniff | Good | Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more... |
| Content-Security-Policy | base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.dub-1.pipedriveassets.com cdn.segment.com *.pipedrive.com *.pipedriveassets.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com snippet.growsumo.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com www.gstatic.cn connect.facebook.net *.hotjar.com *.outbrain.com www.redditstatic.com www.youtube.com play.vidyard.com *.doubleclick.net *.taboola.com app.livestorm.co www.googleadservices.com static.ads-twitter.com https://*.browser-intake-datadoghq.com www-cms.pipedriveassets.com bat.bing.com *.quora.com js.grsm.io analytics.tiktok.com c.amazon-adsystem.com www.recaptcha.net recaptcha.net js.adsrvr.org secure.adnxs.com acdn.adnxs.com vitals.vercel-insights.com a.omappapi.com googleadservices.com tpc.googlesyndication.com analytics.twitter.com; style-src 'self' 'unsafe-inline' cdn.dub-1.pipedriveassets.com fonts.googleapis.com www.googletagmanager.com www-cms.pipedriveassets.com a.omappapi.com; frame-src cdn.dub-1.pipedriveassets.com *.cdn.optimizely.com *.cdn-pci.optimizely.com www.facebook.com www.youtube.com www.youtube-nocookie.com www.google.com play.vidyard.com *.doubleclick.net app.livestorm.co tpc.googlesyndication.com airtable.com webforms.pipedrive.com s.amazon-adsystem.com www.recaptcha.net recaptcha.net *.adsrvr.org *.hotjar.com; img-src 'self' data: https://*; object-src 'none'; worker-src 'self' blob:; ; report-uri https://www.pipedrive.com/api/csp-reports | Good | Control resources the user agent is allowed to load for a given page. Click to learn more... |
| Referrer-Policy | no-referrer-when-downgrade | Good | Control how much referrer information should be included with requests. Click to learn more... |
| Clear-Site-Data | — | Good | Control the data stored by a client browser for their origins. Click to learn more... |
| X-Permitted-Cross-Domain-Policies | — | Good | Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more... |
| Permissions-Policy | — | New | Allow and deny the use of browser features in a document or iframe. Click to learn more... |
| Cross-Origin-Embedder-Policy | — | New | Configure embedding cross-origin resources into the document. Click to learn more... |
| Cross-Origin-Opener-Policy | — | New | Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more... |
| Cross-Origin-Resource-Policy | — | New | Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more... |
| X-XSS-Protection | 1; mode=block | Deprecated | Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more... |
| Feature-Policy | — | Deprecated | Deprecated. Replaced by the Permissions-Policy header. Click to learn more... |
| Expect-CT | — | Deprecated | Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more... |
| Public-Key-Pins | — | Deprecated | Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more... |
Security Violations · 0 found
Requests or resources offending security policies
Certificates · 8 found
SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification
| Subject | Issue date | Expiry date |
|---|---|---|
| pipedrive.com | Sep 24, 2024, 11:17:43 | Dec 23, 2024, 12:17:40 |
| pipedriveassets.com | Oct 4, 2024, 21:43:50 | Jan 2, 2025, 21:43:49 |
| cookielaw.org | Aug 13, 2024, 18:36:46 | Nov 11, 2024, 19:36:43 |
| growsumo.com | Aug 31, 2024, 12:54:53 | Nov 29, 2024, 13:49:24 |
| grsm.io | Sep 17, 2024, 15:15:56 | Dec 16, 2024, 15:15:55 |
| geolocation.onetrust.com | Aug 13, 2024, 18:27:06 | Nov 11, 2024, 19:27:02 |
| aff.trypipedrive.com | Sep 9, 2024, 20:41:47 | Dec 8, 2024, 20:41:46 |
| partnerlinks.io | Sep 5, 2024, 23:20:14 | Dec 4, 2024, 23:20:13 |