https://www.claro.com.ec/personas/

Scan ID:: e4187b4c-3dd0-4c19-bd0a-ad9a3f4e2b79Finished
Submitted URL:: https://claro.com.ec/Redirected
Report Finished:: Sep 22, 2024, 03:50:42

Risks · 0 found

Practices that may pose security risks

Security Headers · 1 found

HTTP response headers that can harden the security of a web application

Name	Value	Support	Info
Strict-Transport-Security	—	Good	Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more...
X-Frame-Options	—	Good	Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more...
X-Content-Type-Options	—	Good	Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more...
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://.hotjar.com http://.hotjar.com:* http://.hotjar.io http://.inbenta.chat:* http://.inbenta.io http://.inbenta.com http://.googletagmanager.com http://.google-analytics.com http://.google.com http://.google.com.mx http://.gstatic.com http://.googleapis.com https://.visualwebsiteoptimizer.com https://app.vwo.com https://wingify-assets.s3.amazonaws.com https://s3.amazonaws.com http://.youtube.com http://.facebook.com http://.facebook.net http://.ads-twitter.com http://.twitter.com http://t.co http://.doubleclick.net http://.adform.net http://ajax.aspnetcdn.com http://claroecuador.s1gateway.com http://.claro.com.ec http://miclaro.com.ec http://.geodata.com.ec http://.clarovideo.net http://.claromusica.com https://.hotjar.com: https://.hotjar.io https://.inbenta.chat:* https://.inbenta.io https://.inbenta.com https://.googletagmanager.com https://.google-analytics.com https://.google.com https://.google.com.mx https://.gstatic.com https://.googleapis.com https://.youtube.com https://.facebook.com https://.facebook.net https://.ads-twitter.com https://.twitter.com https://t.co https://api-prod-ec.prod.clarodigital.net https://.adform.net https://ajax.aspnetcdn.com https://claroecuador.s1gateway.com https://.claro.com.ec https://miclaro.com.ec https://.geodata.com.ec https://snap.licdn.com https://.clarovideo.net https://catalogo.claro.com.ec https://api-prod-general.prod.clarodigital.net https://.ggpht.com https://polyfill.io https://.claromusica.com https://.linkedin.com https://.oribi.io https://.clarity.ms https://.googleadservices.com https://.doubleclick.net https://.google.com.ec https://.ytimg.com https://www.youtube-nocookie.com; media-src mediastream:; worker-src 'self' blob:;	Good	Control resources the user agent is allowed to load for a given page. Click to learn more...
Referrer-Policy	—	Good	Control how much referrer information should be included with requests. Click to learn more...
Clear-Site-Data	—	Good	Control the data stored by a client browser for their origins. Click to learn more...
X-Permitted-Cross-Domain-Policies	—	Good	Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more...
Permissions-Policy	—	New	Allow and deny the use of browser features in a document or iframe. Click to learn more...
Cross-Origin-Embedder-Policy	—	New	Configure embedding cross-origin resources into the document. Click to learn more...
Cross-Origin-Opener-Policy	—	New	Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more...
Cross-Origin-Resource-Policy	—	New	Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more...
X-XSS-Protection	—	Deprecated	Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more...
Feature-Policy	—	Deprecated	Deprecated. Replaced by the Permissions-Policy header. Click to learn more...
Expect-CT	—	Deprecated	Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more...
Public-Key-Pins	—	Deprecated	Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more...

Security Violations · 2 found

Requests or resources offending security policies

Violation	Type	Info
Resource https://www.claro.com.ec/personas/ Description Refused to load the image 'https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-YXY0V1HC9G&cid=1977731503.1726977055&gtm=45je49j0v878339693z877043400za200zb77043400&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=1106629457' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://.hotjar.com http://.hotjar.com:* http://.hotjar.io http://.inbenta.chat:* http://.inbenta.io http://.inbenta.com http://.googletagmanager.com http://.google-analytics.com http://.google.com http://.google.com.mx http://.gstatic.com http://.googleapis.com https://.visualwebsiteoptimizer.com https://app.vwo.com https://wingify-assets.s3.amazonaws.com https://s3.amazonaws.com http://.youtube.com http://.facebook.com http://.facebook.net http://.ads-twitter.com http://.twitter.com http://t.co http://.doubleclick.net http://.adform.net http://ajax.aspnetcdn.com http://claroecuador.s1gateway.com http://.claro.com.ec http://miclaro.com.ec http://.geodata.com.ec http://.clarovideo.net http://.claromusica.com https://.hotjar.com: https://.hotjar.io https://.inbenta.chat:* https://.inbenta.io https://.inbenta.com https://.googletagmanager.com https://.google-analytics.com https://.google.com https://.google.com.mx https://.gstatic.com https://.googleapis.com https://.youtube.com https://.facebook.com https://.facebook.net https://.ads-twitter.com https://.twitter.com https://t.co https://api-prod-ec.prod.clarodigital.net https://.adform.net https://ajax.aspnetcdn.com https://claroecuador.s1gateway.com https://.claro.com.ec https://miclaro.com.ec https://.geodata.com.ec https://snap.licdn.com https://.clarovideo.net https://catalogo.claro.com.ec https://api-prod-general.prod.clarodigital.net https://.ggpht.com https://polyfill.io https://.claromusica.com https://.linkedin.com https://.oribi.io https://.clarity.ms https://.googleadservices.com https://.doubleclick.net https://.google.com.ec https://.ytimg.com https://www.youtube-nocookie.com". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.	Content Security Policy	Control resources the user agent is allowed to load for a given page. Click to learn more...
Resource https://www.claro.com.ec/personas/ Description Refused to load the image 'https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=2476852D50DD4DC7BA040D806F1C8D18&RedC=c.clarity.ms&MXFR=0C86534F3F356BDE3962464D3B3565ED' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://.hotjar.com http://.hotjar.com:* http://.hotjar.io http://.inbenta.chat:* http://.inbenta.io http://.inbenta.com http://.googletagmanager.com http://.google-analytics.com http://.google.com http://.google.com.mx http://.gstatic.com http://.googleapis.com https://.visualwebsiteoptimizer.com https://app.vwo.com https://wingify-assets.s3.amazonaws.com https://s3.amazonaws.com http://.youtube.com http://.facebook.com http://.facebook.net http://.ads-twitter.com http://.twitter.com http://t.co http://.doubleclick.net http://.adform.net http://ajax.aspnetcdn.com http://claroecuador.s1gateway.com http://.claro.com.ec http://miclaro.com.ec http://.geodata.com.ec http://.clarovideo.net http://.claromusica.com https://.hotjar.com: https://.hotjar.io https://.inbenta.chat:* https://.inbenta.io https://.inbenta.com https://.googletagmanager.com https://.google-analytics.com https://.google.com https://.google.com.mx https://.gstatic.com https://.googleapis.com https://.youtube.com https://.facebook.com https://.facebook.net https://.ads-twitter.com https://.twitter.com https://t.co https://api-prod-ec.prod.clarodigital.net https://.adform.net https://ajax.aspnetcdn.com https://claroecuador.s1gateway.com https://.claro.com.ec https://miclaro.com.ec https://.geodata.com.ec https://snap.licdn.com https://.clarovideo.net https://catalogo.claro.com.ec https://api-prod-general.prod.clarodigital.net https://.ggpht.com https://polyfill.io https://.claromusica.com https://.linkedin.com https://.oribi.io https://.clarity.ms https://.googleadservices.com https://.doubleclick.net https://.google.com.ec https://.ytimg.com https://www.youtube-nocookie.com". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.	Content Security Policy	Control resources the user agent is allowed to load for a given page. Click to learn more...

Certificates · 13 found

SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification

Subject	Issue date	Expiry date
*.claro.com.ec	Apr 30, 2024, 00:00:00	Apr 29, 2025, 23:59:59
*.google-analytics.com	Aug 26, 2024, 06:33:47	Nov 18, 2024, 06:33:46
upload.video.google.com	Aug 26, 2024, 07:12:45	Nov 18, 2024, 07:12:44
*.visualwebsiteoptimizer.com	Jun 29, 2024, 05:16:26	Jul 31, 2025, 05:16:26
*.hotjar.com	May 22, 2024, 00:00:00	Jun 20, 2025, 23:59:59
www.clarity.ms	Sep 4, 2024, 00:00:00	Sep 4, 2025, 23:59:59
*.facebook.com	Jul 1, 2024, 00:00:00	Sep 29, 2024, 23:59:59
*.gstatic.com	Aug 26, 2024, 07:12:45	Nov 18, 2024, 07:12:44
*.g.doubleclick.net	Aug 26, 2024, 06:33:44	Nov 18, 2024, 06:33:43
a.clarity.ms	Jun 23, 2024, 10:17:34	Jun 18, 2025, 10:17:34