https://www.tiktok.com/tcn/scout_creators?use_spark=1&agency_scout_source=qr_code_leads&ShareLinkID=7417003637327661829

掃描 ID：: 8b0c3c6b-02f2-481a-b4e4-2c37e1bcd19a已完成
已提交的 URL：: https://www.tiktok.com/t/ZMhFQnoYJ/已重新導向
報告完成時間：: 2024年10月19日 17:15:17

風險 · 找到 0 個

可能帶來安全風險的做法

安全標頭 · 找到 3 個

可增強 Web 應用程式安全性的 HTTP 回應標頭

名稱	價值	支援	資訊
Strict-Transport-Security	—	良性	宣佈僅可透過安全連線 (HTTPS) 存取網站。按一下以瞭解更多...
X-Frame-Options	—	良性	表明是否應允許瀏覽器在 <frame>、<iframe>、<embed> 或 <object> 中呈現頁面。按一下以瞭解更多...
X-Content-Type-Options	nosniff	良性	表明應遵循在 Content-Type 標頭中公告的 MIME 類型，不得變更。按一下以瞭解更多...
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://.tiktok.com wss://.tiktokv.com wss://.tiktokv.eu wss://tiktok.com wss://tiktokv.com .adsco.re .adsintegrity.net .akamaized.net .amazonaws.com .arkoselabs.com .billetlugen.dk .bing.com .bitssec.com .bytedapm.com .bytedgame.com .bytehwm-row.com .byteicdn.com .byteintl.com .byteintl.net .byteintlapi.com .byteintlstatic.com .bytelemon.com .byteoversea.com .byteoversea.net .bytevcloudapi.com .capcut.com .cloudflare.com .ctfassets.net .doubleclick.net .entradas.com .evbuc.com .eventim.de .facebook.com .facebook.net .fbsbx.com .fcdnstatic-intl.com .fdmstatic.com .g-p-static.com .gauthmath.com .giphy.com .goofy-cdn.com .goofy.app .google-analytics.com .google.ae .google.at .google.be .google.bg .google.bj .google.by .google.ca .google.ch .google.co.cr .google.co.id .google.co.il .google.co.jp .google.co.kr .google.co.ma .google.co.nz .google.co.uk .google.co.za .google.com .google.com.ar .google.com.au .google.com.bd .google.com.br .google.com.cy .google.com.do .google.com.ec .google.com.gh .google.com.lb .google.com.mt .google.com.my .google.com.ng .google.com.pe .google.com.pk .google.com.sa .google.com.sg .google.com.tr .google.cz .google.de .google.dk .google.dz .google.ee .google.es .google.fi .google.fr .google.gr .google.hr .google.hu .google.ie .google.iq .google.is .google.it .google.lt .google.lu .google.lv .google.md .google.nl .google.no .google.pl .google.ps .google.pt .google.ro .google.rs .google.se .google.si .google.sk .google.td .google.tn .googleapis.com .googletagmanager.com .gstatic.com .hsforms.com .hsforms.net .ibytedtos.com .ibyteimg.com .isnssdk.com .jumio.ai .kakao.com .lemon8-app.com .lemon8cdn.com .licdn.com .linkedin.com .midtrans.com .muscdn.com .musical.ly .oecstatic.com .omise.co .pangle-ads.com .paypal.com .pipopay.com .redditstatic.com .resso.me .sgsnssdk.com .soundon.global .tableau.com .tenor.com .tiktok-row.net .tiktok.com .tiktok.ru .tiktok.vn .tiktokapis.com .tiktokcdn-eu.com .tiktokcdn-in.com .tiktokcdn-us.com .tiktokcdn.com .tiktokcreativeone.com .tiktokforbusinessoutbound.com .tiktokglobalshop.com .tiktokmusic.me .tiktokshop.com .tiktokstaticb.com .tiktokus.info .tiktokv.com .tiktokv.eu .tiktokv.us .tiktokw.eu .tiktokw.us .topbuzzcdn.com .ttlivecdn.com .ttlstatic.com .ttwstatic.com .vimeo.com .vodupload.com .yahoo.co.jp .yhgfb-static.com .youtube-nocookie.com .zhiliaoapp.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com media.ticketmaster.eu res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com unpkg.com vimeo.com; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://mon-i18n.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&ev_type=csp&revision=988610fa-4298-4be2-9c6d-db19c4ddae23&scene=1	良性	控制允許使用者代理程式為給定頁面載入的資源。按一下以瞭解更多...
Referrer-Policy	—	良性	控制要求中應包含多少推薦人資訊。按一下以瞭解更多...
Clear-Site-Data	—	良性	控制用戶端瀏覽器為來源伺服器儲存的資料。按一下以瞭解更多...
X-Permitted-Cross-Domain-Policies	—	良性	控制 Web 用戶端（例如，Adobe Flash Player 或 Adobe Acrobat）是否有權跨網域處理資料。按一下以瞭解更多...
Permissions-Policy	—	新	允許和拒絕在文件或 iframe 中使用瀏覽器功能。按一下以瞭解更多...
Cross-Origin-Embedder-Policy	—	新	設定將跨來源資源嵌入至文件中。按一下以瞭解更多...
Cross-Origin-Opener-Policy	—	新	確保頂層文件不會與跨來源文件共用瀏覽上下文群組。按一下以瞭解更多...
Cross-Origin-Resource-Policy	—	新	要求瀏覽器封鎖對給定資源的 no-cors 跨來源/跨網站要求。按一下以瞭解更多...
X-XSS-Protection	0	已棄用	已棄用。偵測到反射式 Cross-site scripting (XSS) 攻擊時，阻止載入頁面。按一下以瞭解更多...
Feature-Policy	—	已棄用	已棄用。取代為 Permissions-Policy 標頭。按一下以瞭解更多...
Expect-CT	—	已棄用	已棄用。選擇加入報告和/或強制執行憑證透明度要求。按一下以瞭解更多...
Public-Key-Pins	—	已棄用	已棄用。允許 HTTPS 網站抵制攻擊者使用錯誤核發或詐騙性憑證進行假冒。按一下以瞭解更多...

安全違規 · 找到 10 個

違反安全性原則的要求或資源

違規	類型	資訊
資源 https://www.tiktok.com/tcn/scout_creators?use_spark=1&agency_scout_source=qr_code_leads&ShareLinkID=7417003637327661829 描述 [Report Only] Refused to load the script 'https://sf16-website-login.neutral.tiktokcdn-eu.com/obj/tiktok_web_login_static_eu/ies/live_backstage_h5/static/js/builder-runtime.51404c6e.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net googletagmanager.com js.hcaptcha.com js.hsforms.net pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com ssl.bing.com ssl.google-analytics.com unpkg.com vimeo.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	內容安全性原則	控制允許使用者代理程式為給定頁面載入的資源。按一下以瞭解更多...
資源 https://www.tiktok.com/tcn/scout_creators?use_spark=1&agency_scout_source=qr_code_leads&ShareLinkID=7417003637327661829 描述 [Report Only] Refused to load the script 'https://sf16-website-login.neutral.tiktokcdn-eu.com/obj/tiktok_web_login_static_eu/ies/live_backstage_h5/static/js/lib-polyfill.e1219e83.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net googletagmanager.com js.hcaptcha.com js.hsforms.net pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com ssl.bing.com ssl.google-analytics.com unpkg.com vimeo.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	內容安全性原則	控制允許使用者代理程式為給定頁面載入的資源。按一下以瞭解更多...
資源 https://www.tiktok.com/tcn/scout_creators?use_spark=1&agency_scout_source=qr_code_leads&ShareLinkID=7417003637327661829 描述 [Report Only] Refused to load the script 'https://sf16-website-login.neutral.tiktokcdn-eu.com/obj/tiktok_web_login_static_eu/ies/live_backstage_h5/static/js/lib-router.2801dd06.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net googletagmanager.com js.hcaptcha.com js.hsforms.net pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com ssl.bing.com ssl.google-analytics.com unpkg.com vimeo.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	內容安全性原則	控制允許使用者代理程式為給定頁面載入的資源。按一下以瞭解更多...
資源 https://www.tiktok.com/tcn/scout_creators?use_spark=1&agency_scout_source=qr_code_leads&ShareLinkID=7417003637327661829 描述 [Report Only] Refused to load the script 'https://sf16-website-login.neutral.tiktokcdn-eu.com/obj/tiktok_web_login_static_eu/ies/live_backstage_h5/static/js/lib-react.00b1bfb0.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net googletagmanager.com js.hcaptcha.com js.hsforms.net pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com ssl.bing.com ssl.google-analytics.com unpkg.com vimeo.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	內容安全性原則	控制允許使用者代理程式為給定頁面載入的資源。按一下以瞭解更多...
資源 https://www.tiktok.com/tcn/scout_creators?use_spark=1&agency_scout_source=qr_code_leads&ShareLinkID=7417003637327661829 描述 [Report Only] Refused to load the script 'https://sf16-website-login.neutral.tiktokcdn-eu.com/obj/tiktok_web_login_static_eu/ies/live_backstage_h5/static/js/lib-axios.be0f1959.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net googletagmanager.com js.hcaptcha.com js.hsforms.net pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com ssl.bing.com ssl.google-analytics.com unpkg.com vimeo.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	內容安全性原則	控制允許使用者代理程式為給定頁面載入的資源。按一下以瞭解更多...
資源 https://www.tiktok.com/tcn/scout_creators?use_spark=1&agency_scout_source=qr_code_leads&ShareLinkID=7417003637327661829 描述 [Report Only] Refused to load the script 'https://sf16-website-login.neutral.tiktokcdn-eu.com/obj/tiktok_web_login_static_eu/ies/live_backstage_h5/static/js/lib-lodash.e6d81c84.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net googletagmanager.com js.hcaptcha.com js.hsforms.net pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com ssl.bing.com ssl.google-analytics.com unpkg.com vimeo.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	內容安全性原則	控制允許使用者代理程式為給定頁面載入的資源。按一下以瞭解更多...
資源 https://www.tiktok.com/tcn/scout_creators?use_spark=1&agency_scout_source=qr_code_leads&ShareLinkID=7417003637327661829 描述 [Report Only] Refused to load the script 'https://sf16-website-login.neutral.tiktokcdn-eu.com/obj/tiktok_web_login_static_eu/ies/live_backstage_h5/static/js/451.708111bb.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net googletagmanager.com js.hcaptcha.com js.hsforms.net pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com ssl.bing.com ssl.google-analytics.com unpkg.com vimeo.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	內容安全性原則	控制允許使用者代理程式為給定頁面載入的資源。按一下以瞭解更多...
資源 https://www.tiktok.com/tcn/scout_creators?use_spark=1&agency_scout_source=qr_code_leads&ShareLinkID=7417003637327661829 描述 [Report Only] Refused to load the script 'https://sf16-website-login.neutral.tiktokcdn-eu.com/obj/tiktok_web_login_static_eu/ies/live_backstage_h5/static/js/759.3df0a385.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net googletagmanager.com js.hcaptcha.com js.hsforms.net pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com ssl.bing.com ssl.google-analytics.com unpkg.com vimeo.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	內容安全性原則	控制允許使用者代理程式為給定頁面載入的資源。按一下以瞭解更多...
資源 https://www.tiktok.com/tcn/scout_creators?use_spark=1&agency_scout_source=qr_code_leads&ShareLinkID=7417003637327661829 描述 [Report Only] Refused to load the script 'https://sf16-website-login.neutral.tiktokcdn-eu.com/obj/tiktok_web_login_static_eu/ies/live_backstage_h5/static/js/130.29cecb91.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net googletagmanager.com js.hcaptcha.com js.hsforms.net pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com ssl.bing.com ssl.google-analytics.com unpkg.com vimeo.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	內容安全性原則	控制允許使用者代理程式為給定頁面載入的資源。按一下以瞭解更多...
資源 https://www.tiktok.com/tcn/scout_creators?use_spark=1&agency_scout_source=qr_code_leads&ShareLinkID=7417003637327661829 描述 [Report Only] Refused to load the script 'https://sf16-website-login.neutral.tiktokcdn-eu.com/obj/tiktok_web_login_static_eu/ies/live_backstage_h5/static/js/scout_creators.4e3ab4ba.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' apis.google.com c.paypal.com cdn.ampproject.org cdnjs.cloudflare.com client-api.arkoselabs.com code.jquery.com connect.facebook.net developers.kakao.com googleads.g.doubleclick.net googletagmanager.com js.hcaptcha.com js.hsforms.net pay.google.com recaptcha.google.com s20.tiktokcdn.com s3.amazonaws.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com ssl.bing.com ssl.google-analytics.com unpkg.com vimeo.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.gstatic.com www.vimeo.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	內容安全性原則	控制允許使用者代理程式為給定頁面載入的資源。按一下以瞭解更多...

憑證 · 找到 8 個

SSL/TLS 憑證可讓網站加密用戶端與伺服器之間的交易，並提供伺服器身分識別驗證

主旨	核發日期	到期日
*.www.tiktok.com	2023年11月9日 00:00:00	2024年12月9日 23:59:59
*.neutral.ttwstatic.com	2024年7月2日 00:00:00	2025年7月1日 23:59:59
*.neutral.tiktokcdn-eu.com	2024年3月18日 00:00:00	2025年4月18日 23:59:59
*.tiktokv.com	2024年8月20日 00:00:00	2025年9月20日 23:59:59
*.tiktokw.eu	2024年8月13日 00:00:00	2025年9月13日 23:59:59
*.tiktok.com	2024年7月15日 00:00:00	2025年7月15日 23:59:59
*.tiktokcdn.com	2024年2月19日 00:00:00	2025年3月21日 23:59:59
*.ttwstatic.com	2023年11月15日 00:00:00	2024年12月15日 23:59:59