https://www.ubank.com.au/home-loans

風險 · 找到 0 個

Copy link

可能帶來安全風險的做法

  • 無分類

安全標頭 · 找到 7 個

Copy link

可增強 Web 應用程式安全性的 HTTP 回應標頭

瞭解更多...
名稱價值支援資訊
Strict-Transport-Securitymax-age=31536000; includeSubDomains; preload良性宣佈僅可透過安全連線 (HTTPS) 存取網站。

按一下以瞭解更多...
X-Frame-OptionsDENY良性表明是否應允許瀏覽器在 <frame>、<iframe>、<embed> 或 <object> 中呈現頁面。

按一下以瞭解更多...
X-Content-Type-Optionsnosniff良性表明應遵循在 Content-Type 標頭中公告的 MIME 類型,不得變更。

按一下以瞭解更多...
Content-Security-Policydefault-src 'self' cms.ubank.com.au; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.appsflyer.com *.jst.ai; font-src 'self' *.86400.com.au *.wpengine.com status.ubank.com.au fonts.gstatic.com; script-src 'self' pippio.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/jquery/ www.googleadservices.com/pagead/ *.widgetworks.com.au *.jobadder.com www.googletagmanager.com www.google-analytics.com analytics.google.com js.adsrvr.org connect.facebook.net *.appsflyer.com *.jst.ai https://*.optimizely.com https://cdn-assets-prod.s3.amazonaws.com *.bing.com tags.tiqcdn.com *.tealiumiq.com *.glassboxdigital.io *.gbqofs.com blob: 'unsafe-inline'; frame-src 'self' *.jst.ai *.jobadder.com *.widgetworks.com.au keyfactssheet.infochoice.com.au www.google.com recaptcha.google.com insight.adsrvr.org match.adsrvr.org *.flashtalking.com youtube.com www.youtube.com; img-src 'self' data: collect.tealiumiq.com *.appsflyer.com cms.ubank.com.au https://adservice.google.com https://adservice.google.com.au www.glassdoor.com.au apps.jobadder.com www.facebook.com *.doubleclick.net www.google-analytics.com www.google.com www.google.com.au www.googletagmanager.com https://cdn.optimizely.com *.jst.ai *.bing.com; connect-src 'self' *.gbqofs.io collect.tealiumiq.com www.google.com.au/ads/ analytics.google.com *.jst.ai www.google-analytics.com cms.ubank.com.au ubank2.wpengine.com stats.g.doubleclick.net *.appsflyer.com *.algolia.net *.algolianet.com *.algolia.io https://*.optimizely.com *.console.glassboxsaas.com *.report.gbss.io; object-src 'none'; 良性控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
Referrer-Policystrict-origin-when-cross-origin良性控制要求中應包含多少推薦人資訊。

按一下以瞭解更多...
Clear-Site-Data良性控制用戶端瀏覽器為來源伺服器儲存的資料。

按一下以瞭解更多...
X-Permitted-Cross-Domain-Policies良性控制 Web 用戶端(例如,Adobe Flash Player 或 Adobe Acrobat)是否有權跨網域處理資料。

按一下以瞭解更多...
Permissions-Policycamera=(); display-capture=(); microphone=(); geolocation=(); hid=(); magnetometer=(); serial=(); usb=()允許和拒絕在文件或 iframe 中使用瀏覽器功能。

按一下以瞭解更多...
Cross-Origin-Embedder-Policy設定將跨來源資源嵌入至文件中。

按一下以瞭解更多...
Cross-Origin-Opener-Policy確保頂層文件不會與跨來源文件共用瀏覽上下文群組。

按一下以瞭解更多...
Cross-Origin-Resource-Policy要求瀏覽器封鎖對給定資源的 no-cors 跨來源/跨網站要求。

按一下以瞭解更多...
X-XSS-Protection1; mode=block已棄用已棄用。偵測到反射式 Cross-site scripting (XSS) 攻擊時,阻止載入頁面。

按一下以瞭解更多...
Feature-Policy已棄用已棄用。取代為 Permissions-Policy 標頭。

按一下以瞭解更多...
Expect-CT已棄用已棄用。選擇加入報告和/或強制執行憑證透明度要求。

按一下以瞭解更多...
Public-Key-Pins已棄用已棄用。允許 HTTPS 網站抵制攻擊者使用錯誤核發或詐騙性憑證進行假冒。

按一下以瞭解更多...

安全違規 · 找到 10 個

Copy link

違反安全性原則的要求或資源

違規類型資訊
資源
https://www.googletagmanager.com/gtm.js?id=GTM-NPLGFD6&l=dataLayer
描述
Refused to connect to 'https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.ubank.com.au%2Fhome-loans&scrsrc=www.googletagmanager.com&frm=0&rnd=528774094.1737676463&dt=Compare%20Home%20Loan%20Rates%20and%20Mortgages%20-%20ubank&auid=754650048.1737676463&navt=n&npa=1&gtm=45He51n0v832251066za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&tft=1737676462980&tfd=4848&apve=1' because it violates the following Content Security Policy directive: "connect-src 'self' *.gbqofs.io collect.tealiumiq.com www.google.com.au/ads/ analytics.google.com *.jst.ai www.google-analytics.com cms.ubank.com.au ubank2.wpengine.com stats.g.doubleclick.net *.appsflyer.com *.algolia.net *.algolianet.com *.algolia.io https://*.optimizely.com *.console.glassboxsaas.com *.report.gbss.io".
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
資源
https://www.googletagmanager.com/
描述
Refused to frame 'https://www.googletagmanager.com/' because it violates the following Content Security Policy directive: "frame-src 'self' *.jst.ai *.jobadder.com *.widgetworks.com.au keyfactssheet.infochoice.com.au www.google.com recaptcha.google.com insight.adsrvr.org match.adsrvr.org *.flashtalking.com youtube.com www.youtube.com".
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
資源
https://www.ubank.com.au/polyfills.eb56b09ea2b7fbd7.js
描述
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-Q5RTL7QSLF&gtm=45je51n0h2v876950557z8832251066za200zb832251066&_p=1737676461848&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&cid=505529493.1737676463&ul=en-us&sr=1x1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&frm=0&pscdl=noapi&_s=1&dt=Compare%20Home%20Loan%20Rates%20and%20Mortgages%20-%20ubank&sid=1737676463&sct=1&seg=0&dl=https%3A%2F%2Fwww.ubank.com.au%2Fhome-loans&en=page_view&_fv=1&_ss=1&ep.page_path_clean=https%3A%2F%2Fwww.ubank.com.au%2Fhome-loans&tfd=5545' because it violates the following Content Security Policy directive: "connect-src 'self' *.gbqofs.io collect.tealiumiq.com www.google.com.au/ads/ analytics.google.com *.jst.ai www.google-analytics.com cms.ubank.com.au ubank2.wpengine.com stats.g.doubleclick.net *.appsflyer.com *.algolia.net *.algolianet.com *.algolia.io https://*.optimizely.com *.console.glassboxsaas.com *.report.gbss.io".
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
資源
https://www.ubank.com.au/polyfills.eb56b09ea2b7fbd7.js
描述
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-Q5RTL7QSLF&gtm=45je51n0h2v876950557z8832251066za200zb832251066&_p=1737676461848&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=102067555~102067808~102081485~102123608&cid=505529493.1737676463&ul=en-us&sr=1x1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&frm=0&pscdl=noapi&_s=1&dt=Compare%20Home%20Loan%20Rates%20and%20Mortgages%20-%20ubank&sid=1737676463&sct=1&seg=0&dl=https%3A%2F%2Fwww.ubank.com.au%2Fhome-loans&en=page_view&_fv=1&_ss=1&ep.page_path_clean=https%3A%2F%2Fwww.ubank.com.au%2Fhome-loans&tfd=5545' because it violates the document's Content Security Policy.
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
資源
https://www.ubank.com.au/home-loans
描述
Refused to load the image 'https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Q5RTL7QSLF&cid=505529493.1737676463&gtm=45je51n0h2v876950557z8832251066za200zb832251066&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102067555~102067808~102081485~102123608&tag_exp=102067555~102067808~102081485~102123608&z=1598216598' because it violates the following Content Security Policy directive: "img-src 'self' data: collect.tealiumiq.com *.appsflyer.com cms.ubank.com.au https://adservice.google.com https://adservice.google.com.au www.glassdoor.com.au apps.jobadder.com www.facebook.com *.doubleclick.net www.google-analytics.com www.google.com www.google.com.au www.googletagmanager.com https://cdn.optimizely.com *.jst.ai *.bing.com".
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
資源
https://www.ubank.com.au/home-loans
描述
Refused to load the image 'https://match.adsrvr.org/track/cmf/generic?ttd_pid=tealium&ttd_tpi=1&gdpr=0&domain=ubank.com.au' because it violates the following Content Security Policy directive: "img-src 'self' data: collect.tealiumiq.com *.appsflyer.com cms.ubank.com.au https://adservice.google.com https://adservice.google.com.au www.glassdoor.com.au apps.jobadder.com www.facebook.com *.doubleclick.net www.google-analytics.com www.google.com www.google.com.au www.googletagmanager.com https://cdn.optimizely.com *.jst.ai *.bing.com".
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
資源
https://www.ubank.com.au/polyfills.eb56b09ea2b7fbd7.js
描述
Refused to connect to 'https://bat.bing.com/p/insights/c/h' because it violates the following Content Security Policy directive: "connect-src 'self' *.gbqofs.io collect.tealiumiq.com www.google.com.au/ads/ analytics.google.com *.jst.ai www.google-analytics.com cms.ubank.com.au ubank2.wpengine.com stats.g.doubleclick.net *.appsflyer.com *.algolia.net *.algolianet.com *.algolia.io https://*.optimizely.com *.console.glassboxsaas.com *.report.gbss.io".
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
資源
https://www.ubank.com.au/polyfills.eb56b09ea2b7fbd7.js
描述
Refused to connect to 'https://bat.bing.com/p/insights/c/h' because it violates the following Content Security Policy directive: "connect-src 'self' *.gbqofs.io collect.tealiumiq.com www.google.com.au/ads/ analytics.google.com *.jst.ai www.google-analytics.com cms.ubank.com.au ubank2.wpengine.com stats.g.doubleclick.net *.appsflyer.com *.algolia.net *.algolianet.com *.algolia.io https://*.optimizely.com *.console.glassboxsaas.com *.report.gbss.io".
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
資源
https://bat.bing.com/p/insights/s/0.7.63
描述
Refused to connect to 'https://bat.bing.com/p/insights/c/h' because it violates the following Content Security Policy directive: "connect-src 'self' *.gbqofs.io collect.tealiumiq.com www.google.com.au/ads/ analytics.google.com *.jst.ai www.google-analytics.com cms.ubank.com.au ubank2.wpengine.com stats.g.doubleclick.net *.appsflyer.com *.algolia.net *.algolianet.com *.algolia.io https://*.optimizely.com *.console.glassboxsaas.com *.report.gbss.io".
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
資源
https://bat.bing.com/p/insights/s/0.7.63
描述
Refused to connect to 'https://bat.bing.com/p/insights/c/h' because it violates the following Content Security Policy directive: "connect-src 'self' *.gbqofs.io collect.tealiumiq.com www.google.com.au/ads/ analytics.google.com *.jst.ai www.google-analytics.com cms.ubank.com.au ubank2.wpengine.com stats.g.doubleclick.net *.appsflyer.com *.algolia.net *.algolianet.com *.algolia.io https://*.optimizely.com *.console.glassboxsaas.com *.report.gbss.io".
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...

憑證 · 找到 14 個

Copy link

SSL/TLS 憑證可讓網站加密用戶端與伺服器之間的交易,並提供伺服器身分識別驗證

主旨核發日期到期日
www.ubank.com.au
cms.ubank.com.au
*.google-analytics.com
cdn.optimizely.com
www.bing.com
*.facebook.com
*.adsrvr.org
gbqofs.com
cdn3.optimizely.com
tags.tiqcdn.com