https://www.serasa.com.br/
提交的 URL: https://www.serasa.com.br/
报告完成时间: 2024年12月31日 12:31:52 总结 安全性 Cookie 技术 网络 DOM 性能 名称 值 支持 信息 Strict-Transport-Security max-age =31536000良性 声明只能通过安全连接 (HTTPS) 访问网站。 X-Frame-Options SAMEORIGIN 良性 表明是否允许浏览器在 <frame>、<iframe>、<embed> 或 <object> 中渲染页面。 X-Content-Type-Options nosniff 良性 表明应该遵循 Content-Type 标头中公布的 MIME 类型,并且不得进行更改。 Content-Security-Policy default-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.builder.io builder.io *.datadome.co https://static.ads-twitter.com https://edge.fullstory.com *.hotjar.io *.hotjar.com https://browser-intake-datadoghq.com *.tiktok.com https://cdnjs.cloudflare.com *.scorecardresearch.com *.audima.co vlibras.gov.br *.vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/vlibras-plugin.js; img-src 'self' data: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.twitter.com https://secure.gravatar.com *.ytimg.com *.hotjar.com *.scorecardresearch.com *.krxd.net *.navdmp.com *.builder.io *.tiktok.com s3-sa-east-1.amazonaws.com/frame-image-br/bg.png gpixel.globo.com t.co *.audima.co vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg; object-src 'none'; style-src 'unsafe-inline' *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googleapis.com *.datadome.co *.hotjar.com; connect-src 'self' *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.googleapis.com *.bing.com *.clarity.ms *.builder.io builder.io *.datadome.co https://browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://apigw-commons-prd.ecsbr.net https://apigw-commons-hml.ecsbr.net wss://*.hotjar.com *.hotjar.io *.hotjar.com *.tiktok.com *.facebook.com *.creativecdn.com *.criteo.com *.audima.co vlibras.gov.br *.vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/target/playerweb.json; frame-ancestors 'self' *.builder.io builder.io; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf04a976b916505501a2a6a2ad08ea01a&dd-evp-origin=content-security-policy&ddsource=csp-report; worker-src 'self' blob: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.builder.io builder.io https://browser-intake-datadoghq.com良性 控制允许用户代理为指定页面加载的资源。 Referrer-Policy — 良性 控制请求中应该包含多少引荐者信息。 Clear-Site-Data — 良性 控制客户端浏览器为来源服务器存储的数据。 X-Permitted-Cross-Domain-Policies — 良性 控制 Web 客户端(例如 Adobe Flash Player 或 Adobe Acrobat)是否拥有跨域处理数据的权限。 Permissions-Policy — 新 允许和拒绝在文档或 iframe 中使用浏览器功能。 Cross-Origin-Embedder-Policy — 新 配置将跨源资源嵌入到文档中。 Cross-Origin-Opener-Policy — 新 确保顶级文档不与跨源文档共享浏览背景组。 Cross-Origin-Resource-Policy — 新 请求浏览器阻止对给定资源的 no-cors 跨源/跨站点请求。 X-XSS-Protection — 停用 已弃用。当检测到页面遭受反射式跨站点脚本 (XSS) 攻击时,停止加载页面。 Feature-Policy — 停用 已弃用。替换为 Permissions-Policy 标头。 Expect-CT — 停用 已弃用。选择加入报告和/或执行证书透明度要求。 Public-Key-Pins — 停用 已弃用。允许 HTTPS 网站抵御攻击者使用错误颁发的或其他欺诈性证书进行假冒。
违规 类型 信息
资源 https://www.googletagmanager.com/gtm.js?id=GTM-WTCRQKP&l=dataLayer>m=45He4cc1v841553829za200
描述 Refused to load the script 'https://s3.glbimg.com/v1/AUTH_da787d4f4e8d46e3ad76d5fa568fe786/globo-pixel/prod/sendGloboPixelEvent.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.builder.io builder.io *.datadome.co https://static.ads-twitter.com https://edge.fullstory.com *.hotjar.io *.hotjar.com https://browser-intake-datadoghq.com *.tiktok.com https://cdnjs.cloudflare.com *.scorecardresearch.com *.audima.co vlibras.gov.br *.vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/vlibras-plugin.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
内容安全策略 控制允许用户代理为指定页面加载的资源。
资源 https://www.serasa.com.br/
描述 Refused to load the image 'https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-1JS4YZNRXE&cid=1818147950.1735648325>m=45je4cc1v876987706z8842612002za200zb842612002&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=1794599713' because it violates the following Content Security Policy directive: "img-src 'self' data: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.twitter.com https://secure.gravatar.com *.ytimg.com *.hotjar.com *.scorecardresearch.com *.krxd.net *.navdmp.com *.builder.io *.tiktok.com s3-sa-east-1.amazonaws.com/frame-image-br/bg.png gpixel.globo.com t.co *.audima.co vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg".
内容安全策略 控制允许用户代理为指定页面加载的资源。
资源 https://www.serasa.com.br/
描述 Refused to load the image 'https://lh3.googleusercontent.com/R2tUIZjz4UGs2IV4HQJKoT8V2uZf6rEHWPfxdBcN41B2DiHZzxCd3NejLbrPmxARAjw0xfrthcS48pvNLPVHOUBPcnJX1FhX09CstFjdspPK0E54WLtD=h60' because it violates the following Content Security Policy directive: "img-src 'self' data: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.twitter.com https://secure.gravatar.com *.ytimg.com *.hotjar.com *.scorecardresearch.com *.krxd.net *.navdmp.com *.builder.io *.tiktok.com s3-sa-east-1.amazonaws.com/frame-image-br/bg.png gpixel.globo.com t.co *.audima.co vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg".
内容安全策略 控制允许用户代理为指定页面加载的资源。
资源 https://www.serasa.com.br/
描述 Refused to load the image 'https://www.google.es/pagead/1p-conversion/1001559605/?random=520327230&cv=11&fst=1735648324983&bg=ffffff&guid=ON&async=1>m=45be4cc1v9181782636z8842612002za201zb842612002&gcd=13l3lPl2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1&u_h=1&url=https%3A%2F%2Fwww.serasa.com.br%2F&label=nBH1CKnWqf0BELWsyt0D&hn=www.googleadservices.com&frm=0&tiba=Serasa%20-%20Sua%20vida%20financeira%20mais%20saud%C3%A1vel%20e%20segura.&value=0&npa=1&pscdl=noapi&auid=1178985704.17356483...ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAg&pscrd=IhMIp7D87oHSigMVnJonAh1fFS14MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhpodHRwczovL3d3dy5zZXJhc2EuY29tLmJyL0JXQ2hBSWdNbk91d1lRaXMzR19mejR1S1FqRWkwQUJwVlZIdllpWW05dF90aEdESzIzX1ladHBOWDlQSFZBLU5SVUxkTVlSd3hkYndXWmZ3Rk5ZMzhDZktB&is_vtc=1&cid=CAQSKQCa7L7d4bHplOXK6WUqMDNkqa-UrlbpSG-L4xsR1h7tDAxfjXIvIhJb&eitems=ChEIgMnOuwYQlOmlrP-m27f0ARIdAHkonAoS314xuObYDswr3ZNGmwk3XOlyizLDCjg&random=2755486223&ipr=y' because it violates the following Content Security Policy directive: "img-src 'self' data: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.twitter.com https://secure.gravatar.com *.ytimg.com *.hotjar.com *.scorecardresearch.com *.krxd.net *.navdmp.com *.builder.io *.tiktok.com s3-sa-east-1.amazonaws.com/frame-image-br/bg.png gpixel.globo.com t.co *.audima.co vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg".
内容安全策略 控制允许用户代理为指定页面加载的资源。
主题 颁发日期 到期日期 *.serasaexperian.com.br 2024年7月1日 16:51:03 2025年8月2日 16:51:02 *.builder.io 2024年8月30日 00:00:00 2025年9月27日 23:59:59 *.google-analytics.com 2024年12月2日 08:35:56 2025年2月24日 08:35:55 *.gstatic.com 2024年12月2日 08:36:58 2025年2月24日 08:36:57 *.g.doubleclick.net 2024年12月2日 08:35:56 2025年2月24日 08:35:55 *.hotjar.com 2024年5月22日 00:00:00 2025年6月20日 23:59:59 *.browser-intake-datadoghq.com 2024年5月14日 00:00:00 2025年5月17日 23:59:59 cdnjs.cloudflare.com 2024年11月26日 07:25:18 2025年2月24日 07:25:17 *.tiktok.com 2024年7月15日 00:00:00 2025年7月15日 23:59:59 *.scorecardresearch.com 2024年2月15日 00:00:00 2025年2月14日 23:59:59