- Scan ID:
- f66fa50a-bee8-4515-93df-fcbf9795dff1Finished
- Submitted URL:
- https://avosdim.com/
- Report Finished:
Risks · 0 found
Practices that may pose security risks
Security Headers · 4 found
HTTP response headers that can harden the security of a web application
Learn more...| Name | Value | Support | Info |
|---|---|---|---|
| Strict-Transport-Security | — | Good | Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more... |
| X-Frame-Options | SAMEORIGIN SAMEORIGIN | Good | Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more... |
| X-Content-Type-Options | nosniff | Good | Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more... |
| Content-Security-Policy | font-src fonts.gstatic.com *.fontawesome.com https://api.systempay.fr/static/ https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://fonts.bunny.net https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.avosdim.local www.facebook.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ www.facebook.com ct.pinterest.com secure-gateway.hipay-tpp.com stage-secure-gateway.hipay-tpp.com *.hipay.com *.paypal.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io 'self' data: blob: *.avosdim.com avosdim.com avosdim.local bo.avosdim.local http://dam.avosdim-web-staging.local www.facebook.com bat.bing.com img.youtube.com ct.pinterest.com www.google.fr files.smartsuppcdn.com widget-v2.smartsuppcdn.com twemoji.maxcdn.com axeptio.imgix.net favicons.axept.io *.gstatic.com *.viamichelin.com *.zopim.io avosdim1060.zendesk.com *.googleusercontent.com *.zdusercontent.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ https://firebasestorage.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ *.avosdim.com avosdim.local v2.zopim.com chimpstatic.com static.zdassets.com connect.facebook.net bat.bing.com www.clarity.ms *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com s.pinimg.com www.google.com *.viamichelin.com libs.hipay.com secure-gateway.hipay-tpp.com static.axept.io mpsnare.iesnare.com js-agent.newrelic.com static.hotjar.com downloads.mailchimp.com *.list-manage.com stage-secure-gateway.hipay-tpp.com *.hipay.com *.paypal.com https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.googleapis.com *.google.com *.gstatic.com *.avada.io https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.avosdim.com avosdim.local *.viamichelin.com fonts.googleapis.com maxcdn.bootstrapcdn.com downloads.mailchimp.com *.fontawesome.com *.hipay.com https://api.systempay.fr/static/ *.googleapis.com *.google.com *.gstatic.com https://fonts.bunny.net https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.smartsuppcdn.com static.zdassets.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://widgets.rr.skeepers.io/ https://api-product-reviews.rr.skeepers.io/ https://cl-ppr.rr.skeepers.io/ 'self' data: stats.g.doubleclick.net ekr.zdassets.com *.zopim.com wss://widget-mediator.zopim.com region1.analytics.google.com *.clarity.ms *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com/ wss://websocket-visitors.smartsupp.com ct.pinterest.com api-preprod.avosdim.com bat.bing.com *.google.fr *.facebook.com api-adresse.data.gouv.fr api.avosdim.com avosdim1060.zendesk.com *.axept.io *.avosdim.com http://dam.avosdim-web-staging.local ec.europa.eu www.xtento.com bam.nr-data.net secure-gateway.hipay-tpp.com stage-secure-gateway.hipay-tpp.com *.hipay.com wss://mpsnare.iesnare.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; | Good | Control resources the user agent is allowed to load for a given page. Click to learn more... |
| Referrer-Policy | — | Good | Control how much referrer information should be included with requests. Click to learn more... |
| Clear-Site-Data | — | Good | Control the data stored by a client browser for their origins. Click to learn more... |
| X-Permitted-Cross-Domain-Policies | — | Good | Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more... |
| Permissions-Policy | — | New | Allow and deny the use of browser features in a document or iframe. Click to learn more... |
| Cross-Origin-Embedder-Policy | — | New | Configure embedding cross-origin resources into the document. Click to learn more... |
| Cross-Origin-Opener-Policy | — | New | Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more... |
| Cross-Origin-Resource-Policy | — | New | Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more... |
| X-XSS-Protection | 1; mode=block | Deprecated | Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more... |
| Feature-Policy | — | Deprecated | Deprecated. Replaced by the Permissions-Policy header. Click to learn more... |
| Expect-CT | — | Deprecated | Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more... |
| Public-Key-Pins | — | Deprecated | Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more... |
Security Violations · 1 found
Requests or resources offending security policies
| Violation | Type | Info |
|---|---|---|
| Content Security Policy | Control resources the user agent is allowed to load for a given page. Click to learn more... |
Certificates · 14 found
SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification
| Subject | Issue date | Expiry date |
|---|---|---|
| *.avosdim.com | Feb 16, 2024, 00:00:00 | Mar 18, 2025, 23:59:59 |
| upload.video.google.com | Aug 12, 2024, 07:18:03 | Nov 4, 2024, 07:18:02 |
| wildcardsan.us15.list-manage.com | Jun 28, 2024, 00:00:00 | Jun 28, 2025, 23:59:59 |
| *.google-analytics.com | Aug 12, 2024, 06:33:44 | Nov 4, 2024, 06:33:43 |
| *.gstatic.com | Aug 12, 2024, 07:17:58 | Nov 4, 2024, 07:17:57 |
| static.axeptio.eu | May 19, 2024, 00:00:00 | Jun 17, 2025, 23:59:59 |
| zdassets.com | Sep 5, 2024, 13:35:12 | Dec 4, 2024, 14:35:10 |
| client.axept.io | Jul 3, 2024, 00:00:00 | Jul 31, 2025, 23:59:59 |
| *.g.doubleclick.net | Aug 12, 2024, 06:33:43 | Nov 4, 2024, 06:33:42 |
| avosdim1060.zendesk.com | Dec 3, 2023, 00:00:00 | Dec 2, 2024, 23:59:59 |