- Scan ID:
- c0ffeafe-0818-4421-aa44-a9c4d0a32ed8Finished
- Submitted URL:
- https://www.dominos.com/en/pages/customer/#!/ccpa/Redirected
- Report Finished:
Risks · 0 found
Practices that may pose security risks
Security Headers · 2 found
HTTP response headers that can harden the security of a web application
Learn more...| Name | Value | Support | Info |
|---|---|---|---|
| Strict-Transport-Security | — | Good | Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more... |
| X-Frame-Options | SAMEORIGIN | Good | Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more... |
| X-Content-Type-Options | — | Good | Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more... |
| Content-Security-Policy | upgrade-insecure-requests; default-src 'unsafe-eval' 'unsafe-inline' 'self' *.dominos.com; font-src data: *.dominos.com fonts.gstatic.com storage.googleapis.com cash-f.squarecdn.com; style-src 'unsafe-inline' blob: *.bing.com *.dominos.com *.gstatic.com *.here.com fonts.googleapis.com www.youtube.com rafd.bingstatic.com *.cash.app; script-src-elem 'unsafe-eval' 'unsafe-inline' *.abmr.net *.appdynamics.com *.bing.com *.demdex.net *.dominos.com *.doubleclick.net *.facebook.com *.google.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.here.com *.mathtag.com *.moatads.com *.ntv.io *.omtrdc.net *.raygun.com *.raygun.io *.turn.com *.vertamedia.com *.virtualearth.net ad.atdmt.com assets.braintreegateway.com c.paypal.com cdnssl.clicktale.net connect.facebook.net ct.pinterest.com ds-aksb-a.akamaihd.net js.braintreegateway.com s.pinimg.com s.yimg.com s.ytimg.com sc-static.net *.snapchat.com ssl.google-analytics.com static.xx.fbcdn.net tags.tiqcdn.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.youtube.com rafd.bingstatic.com web.btncdn.com ink1001.com.micpn.com www.googletagmanager.com analytics.tiktok.com *.liadm.com www.redditstatic.com cdn.quantummetric.com *.go-mpulse.net *.kaptcha.com static-us.afterpay.com static.afterpay.com *.amplitude.com *.cash.app *.sentry.io; script-src 'unsafe-eval' 'unsafe-inline' *.abmr.net *.appdynamics.com *.bing.com *.demdex.net *.dominos.com *.doubleclick.net *.facebook.com *.google.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.here.com *.mathtag.com *.moatads.com *.ntv.io *.omtrdc.net *.raygun.com *.raygun.io *.turn.com *.vertamedia.com *.virtualearth.net ad.atdmt.com assets.braintreegateway.com c.paypal.com cdnssl.clicktale.net connect.facebook.net ct.pinterest.com ds-aksb-a.akamaihd.net js.braintreegateway.com s.pinimg.com s.yimg.com s.ytimg.com sc-static.net *.snapchat.com ssl.google-analytics.com static.xx.fbcdn.net tags.tiqcdn.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.youtube.com rafd.bingstatic.com web.btncdn.com ink1001.com.micpn.com www.googletagmanager.com analytics.tiktok.com *.liadm.com cdn.quantummetric.com *.go-mpulse.net *.kaptcha.com; img-src data: blob: *.akamaihd.net *.bing.com *.clicktale.net *.demdex.net *.dominos.com *.doubleclick.net *.everesttech.net *.googleapis.com *.gstatic.com *.here.com *.ispot.tv *.mathtag.com *.paypal.com www.paypalobjects.com *.pinterest.com *.postrelease.com *.turn.com *.virtualearth.net *.yp.com assets.braintreegateway.com checkout.paypal.com *.agkn.com dsum-sec.casalemedia.com i.ytimg.com pinterest.adsymptotic.com *.tapad.com px.moatads.com ssl.google-analytics.com static.xx.fbcdn.net t.co www.facebook.com www.google.com s.amazon-adsystem.com rp.liadm.com/ beacon.krxd.net click.exacttarget.com click.s11.exacttarget.com analytics.tiktok.com *.liadm.com alb.reddit.com/ *.akstat.io www.googleadservices.com trkn.us *.kaptcha.com *.w55c.net pixel.rubiconproject.com idsync.rlcdn.com *.cash.app; frame-src blob: data: *.appdynamics.com *.cardinalcommerce.com *.demdex.net *.dominos.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.kaptcha.com *.pinterest.com *.snapchat.com assets.braintreegateway.com *.paypal.com cdnssl.clicktale.net d.agkn.com pixel.mathtag.com pixel.tapad.com r.dlx.addthis.com snap.adbrn.com so.rlcdn.com www.youtube.com x.skimresources.com bytedance: sslocal: *.powerbi.com www.paypalobjects.com *.cash.app; child-src blob: *.dominos.com assets.braintreegateway.com c.paypal.com cdnssl.clicktale.net *.kaptcha.com; worker-src blob: *.dominos.com cdnssl.clicktale.net; connect-src blob: *.akamaihd.net *.bing.com *.braintree-api.com *.clicktale.net *.demdex.net *.dominos.com *.doubleclick.net *.facebook.com *.google-analytics.com *.here.com *.moatads.com *.omtrdc.net *.raygun.com *.raygun.io *.vertamedia.com *.virtualearth.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com col.eum-appdynamics.com ct.pinterest.com ssp.lkqd.net *.paypal.com *.launchdarkly.com *.cybersource.com *.aciondemand.com *.googleapis.com *.liadm.com/ analytics.tiktok.com *.snapchat.com *.quantummetric.com *.akstat.io *.go-mpulse.net *.kaptcha.com *.googlesyndication.com *.microsoftonline.com www.redditstatic.com pixel-config.reddit.com *.pinterest.com *.tealiumiq.com *.amplitude.com *.sentry.io *.afterpay.com *.google.com google.com; report-uri https://dominoscsp.report-uri.com/r/t/csp/enforce; | Good | Control resources the user agent is allowed to load for a given page. Click to learn more... |
| Referrer-Policy | — | Good | Control how much referrer information should be included with requests. Click to learn more... |
| Clear-Site-Data | — | Good | Control the data stored by a client browser for their origins. Click to learn more... |
| X-Permitted-Cross-Domain-Policies | — | Good | Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more... |
| Permissions-Policy | — | New | Allow and deny the use of browser features in a document or iframe. Click to learn more... |
| Cross-Origin-Embedder-Policy | — | New | Configure embedding cross-origin resources into the document. Click to learn more... |
| Cross-Origin-Opener-Policy | — | New | Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more... |
| Cross-Origin-Resource-Policy | — | New | Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more... |
| X-XSS-Protection | — | Deprecated | Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more... |
| Feature-Policy | — | Deprecated | Deprecated. Replaced by the Permissions-Policy header. Click to learn more... |
| Expect-CT | — | Deprecated | Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more... |
| Public-Key-Pins | — | Deprecated | Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more... |
Security Violations · 0 found
Requests or resources offending security policies
Certificates · 3 found
SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification
| Subject | Issue date | Expiry date |
|---|---|---|
| www.dominos.com | Mar 25, 2024, 18:20:37 | Feb 24, 2025, 18:20:36 |
| www.google.com | Aug 26, 2024, 07:15:49 | Nov 18, 2024, 07:15:48 |
| *.gstatic.com | Aug 26, 2024, 07:12:45 | Nov 18, 2024, 07:12:44 |