https://www.serasa.com.br/
已提交的 URL: https://www.serasa.com.br/
報告完成時間: 2024年12月31日 12:31:52 摘要 安全性 Cookie 技術 網路 DOM 效能 名稱 價值 支援 資訊 Strict-Transport-Security max-age =31536000良性 宣佈僅可透過安全連線 (HTTPS) 存取網站。 X-Frame-Options SAMEORIGIN 良性 表明是否應允許瀏覽器在 <frame>、<iframe>、<embed> 或 <object> 中呈現頁面。 X-Content-Type-Options nosniff 良性 表明應遵循在 Content-Type 標頭中公告的 MIME 類型,不得變更。 Content-Security-Policy default-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.builder.io builder.io *.datadome.co https://static.ads-twitter.com https://edge.fullstory.com *.hotjar.io *.hotjar.com https://browser-intake-datadoghq.com *.tiktok.com https://cdnjs.cloudflare.com *.scorecardresearch.com *.audima.co vlibras.gov.br *.vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/vlibras-plugin.js; img-src 'self' data: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.twitter.com https://secure.gravatar.com *.ytimg.com *.hotjar.com *.scorecardresearch.com *.krxd.net *.navdmp.com *.builder.io *.tiktok.com s3-sa-east-1.amazonaws.com/frame-image-br/bg.png gpixel.globo.com t.co *.audima.co vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg; object-src 'none'; style-src 'unsafe-inline' *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googleapis.com *.datadome.co *.hotjar.com; connect-src 'self' *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.googleapis.com *.bing.com *.clarity.ms *.builder.io builder.io *.datadome.co https://browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://apigw-commons-prd.ecsbr.net https://apigw-commons-hml.ecsbr.net wss://*.hotjar.com *.hotjar.io *.hotjar.com *.tiktok.com *.facebook.com *.creativecdn.com *.criteo.com *.audima.co vlibras.gov.br *.vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/target/playerweb.json; frame-ancestors 'self' *.builder.io builder.io; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf04a976b916505501a2a6a2ad08ea01a&dd-evp-origin=content-security-policy&ddsource=csp-report; worker-src 'self' blob: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.builder.io builder.io https://browser-intake-datadoghq.com良性 控制允許使用者代理程式為給定頁面載入的資源。 Referrer-Policy — 良性 控制要求中應包含多少推薦人資訊。 Clear-Site-Data — 良性 控制用戶端瀏覽器為來源伺服器儲存的資料。 X-Permitted-Cross-Domain-Policies — 良性 控制 Web 用戶端(例如,Adobe Flash Player 或 Adobe Acrobat)是否有權跨網域處理資料。 Permissions-Policy — 新 允許和拒絕在文件或 iframe 中使用瀏覽器功能。 Cross-Origin-Embedder-Policy — 新 設定將跨來源資源嵌入至文件中。 Cross-Origin-Opener-Policy — 新 確保頂層文件不會與跨來源文件共用瀏覽上下文群組。 Cross-Origin-Resource-Policy — 新 要求瀏覽器封鎖對給定資源的 no-cors 跨來源/跨網站要求。 X-XSS-Protection — 已棄用 已棄用。偵測到反射式 Cross-site scripting (XSS) 攻擊時,阻止載入頁面。 Feature-Policy — 已棄用 已棄用。取代為 Permissions-Policy 標頭。 Expect-CT — 已棄用 已棄用。選擇加入報告和/或強制執行憑證透明度要求。 Public-Key-Pins — 已棄用 已棄用。允許 HTTPS 網站抵制攻擊者使用錯誤核發或詐騙性憑證進行假冒。
違規 類型 資訊
資源 https://www.googletagmanager.com/gtm.js?id=GTM-WTCRQKP&l=dataLayer>m=45He4cc1v841553829za200
描述 Refused to load the script 'https://s3.glbimg.com/v1/AUTH_da787d4f4e8d46e3ad76d5fa568fe786/globo-pixel/prod/sendGloboPixelEvent.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.builder.io builder.io *.datadome.co https://static.ads-twitter.com https://edge.fullstory.com *.hotjar.io *.hotjar.com https://browser-intake-datadoghq.com *.tiktok.com https://cdnjs.cloudflare.com *.scorecardresearch.com *.audima.co vlibras.gov.br *.vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/vlibras-plugin.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
內容安全性原則 控制允許使用者代理程式為給定頁面載入的資源。
資源 https://www.serasa.com.br/
描述 Refused to load the image 'https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-1JS4YZNRXE&cid=1818147950.1735648325>m=45je4cc1v876987706z8842612002za200zb842612002&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tag_exp=101925629~102067555~102067808~102081485~102198178&z=1794599713' because it violates the following Content Security Policy directive: "img-src 'self' data: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.twitter.com https://secure.gravatar.com *.ytimg.com *.hotjar.com *.scorecardresearch.com *.krxd.net *.navdmp.com *.builder.io *.tiktok.com s3-sa-east-1.amazonaws.com/frame-image-br/bg.png gpixel.globo.com t.co *.audima.co vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg".
內容安全性原則 控制允許使用者代理程式為給定頁面載入的資源。
資源 https://www.serasa.com.br/
描述 Refused to load the image 'https://lh3.googleusercontent.com/R2tUIZjz4UGs2IV4HQJKoT8V2uZf6rEHWPfxdBcN41B2DiHZzxCd3NejLbrPmxARAjw0xfrthcS48pvNLPVHOUBPcnJX1FhX09CstFjdspPK0E54WLtD=h60' because it violates the following Content Security Policy directive: "img-src 'self' data: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.twitter.com https://secure.gravatar.com *.ytimg.com *.hotjar.com *.scorecardresearch.com *.krxd.net *.navdmp.com *.builder.io *.tiktok.com s3-sa-east-1.amazonaws.com/frame-image-br/bg.png gpixel.globo.com t.co *.audima.co vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg".
內容安全性原則 控制允許使用者代理程式為給定頁面載入的資源。
資源 https://www.serasa.com.br/
描述 Refused to load the image 'https://www.google.es/pagead/1p-conversion/1001559605/?random=520327230&cv=11&fst=1735648324983&bg=ffffff&guid=ON&async=1>m=45be4cc1v9181782636z8842612002za201zb842612002&gcd=13l3lPl2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1&u_h=1&url=https%3A%2F%2Fwww.serasa.com.br%2F&label=nBH1CKnWqf0BELWsyt0D&hn=www.googleadservices.com&frm=0&tiba=Serasa%20-%20Sua%20vida%20financeira%20mais%20saud%C3%A1vel%20e%20segura.&value=0&npa=1&pscdl=noapi&auid=1178985704.17356483...ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQII08WxAg&pscrd=IhMIp7D87oHSigMVnJonAh1fFS14MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhpodHRwczovL3d3dy5zZXJhc2EuY29tLmJyL0JXQ2hBSWdNbk91d1lRaXMzR19mejR1S1FqRWkwQUJwVlZIdllpWW05dF90aEdESzIzX1ladHBOWDlQSFZBLU5SVUxkTVlSd3hkYndXWmZ3Rk5ZMzhDZktB&is_vtc=1&cid=CAQSKQCa7L7d4bHplOXK6WUqMDNkqa-UrlbpSG-L4xsR1h7tDAxfjXIvIhJb&eitems=ChEIgMnOuwYQlOmlrP-m27f0ARIdAHkonAoS314xuObYDswr3ZNGmwk3XOlyizLDCjg&random=2755486223&ipr=y' because it violates the following Content Security Policy directive: "img-src 'self' data: *.serasa.dev serasa.dev *.serasa.com.br serasa.com.br *.ecsbr.net *.googlesyndication.com *.google.com *.google.com.sg *.google.com.br *.google-analytics.com *.doubleclick.net *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.googleoptimize.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.twitter.com https://secure.gravatar.com *.ytimg.com *.hotjar.com *.scorecardresearch.com *.krxd.net *.navdmp.com *.builder.io *.tiktok.com s3-sa-east-1.amazonaws.com/frame-image-br/bg.png gpixel.globo.com t.co *.audima.co vlibras.gov.br https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_icon.svg https://cdn.jsdelivr.net/gh/spbgovbr-vlibras/vlibras-portal@dev/app/assets/access_popup.jpg".
內容安全性原則 控制允許使用者代理程式為給定頁面載入的資源。
主旨 核發日期 到期日 *.serasaexperian.com.br 2024年7月1日 16:51:03 2025年8月2日 16:51:02 *.builder.io 2024年8月30日 00:00:00 2025年9月27日 23:59:59 *.google-analytics.com 2024年12月2日 08:35:56 2025年2月24日 08:35:55 *.gstatic.com 2024年12月2日 08:36:58 2025年2月24日 08:36:57 *.g.doubleclick.net 2024年12月2日 08:35:56 2025年2月24日 08:35:55 *.hotjar.com 2024年5月22日 00:00:00 2025年6月20日 23:59:59 *.browser-intake-datadoghq.com 2024年5月14日 00:00:00 2025年5月17日 23:59:59 cdnjs.cloudflare.com 2024年11月26日 07:25:18 2025年2月24日 07:25:17 *.tiktok.com 2024年7月15日 00:00:00 2025年7月15日 23:59:59 *.scorecardresearch.com 2024年2月15日 00:00:00 2025年2月14日 23:59:59