https://www.ooka.com/

掃描 ID:
be0d4c00-3fa1-4abf-8482-1b34f087dad1已完成
已提交的 URL:
https://ooka.com/已重新導向
報告完成時間:

風險 · 找到 0 個

可能帶來安全風險的做法

  • 無分類

安全標頭 · 找到 6 個

可增強 Web 應用程式安全性的 HTTP 回應標頭

瞭解更多...
名稱價值支援資訊
Strict-Transport-Securitymax-age=31557600良性宣佈僅可透過安全連線 (HTTPS) 存取網站。

按一下以瞭解更多...
X-Frame-OptionsSAMEORIGIN良性表明是否應允許瀏覽器在 <frame>、<iframe>、<embed> 或 <object> 中呈現頁面。

按一下以瞭解更多...
X-Content-Type-Optionsnosniff良性表明應遵循在 Content-Type 標頭中公告的 MIME 類型,不得變更。

按一下以瞭解更多...
Content-Security-Policyobject-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' static.hsappstatic.net mcprod.hookah-shisha.com www.googletagmanager.com cdn.statstrk01.com js-eu1.hs-scripts.com cdn-widgetsrepository.yotpo.com *.yotpo.com js-eu1.usemessages.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net www.youtube.com static.doubleclick.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.ryzeo.com www.google-analytics.com *.signifyd.com *.spreedly.com *.privy.com www.hookah-shisha.com pop1.screenpopper.com www.googleoptimize.com *.surfside.io *.mczbf.com growth-hit.s3.us-west-2.amazonaws.com smct.co js.smct.io js.alocdn.com *.shop.pe d3rr3d0n31t48m.cloudfront.net static.bouncepilot.com addshoppers.s3.amazonaws.com static.addtoany.com imgs.cdn-btsg.com js-eu1.hsforms.net www.google.com/recaptcha/ *.klarnacdn.net *.vr-pay-ecommerce.de *.hotjar.com *.hotjar.io *.klaviyo.com connect.facebook.net cdn01.basis.net www.google.com *.pagesense.io *.zohopublic.com *.zohocdn.com *.zohostatic.com track.omguk.com addshoppers.com d2mjzob2nc713b.cloudfront.net *.traversedlp.com voltn.com wt.rqtrk.eu *.criteo.com shop.pe/widget/conv shop.pe/widget/conv/* shop.pe/widget/main/init/params shop.pe/widget/widget_async.js https://shop.pe/widget/conv https://shop.pe/widget/conv/params https://shop.pe/widget/conv/params* *.hookah-shisha.com *.southsmoke.com js-eu1.hubspotfeedback.com maps.googleapis.com player.vimeo.com us.ooka.com usa.ooka.com h64.online-metrix.net 3liglobal.github.io cdn.mida.so consent.cookiefirst.com; report-uri /.webscale/csp-report良性控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
Referrer-Policyorigin; no-referrer; no-referrer-when-downgrade; origin-when-cross-origin; same-origin; strict-origin; strict-origin-when-cross-origin; unsafe-url良性控制要求中應包含多少推薦人資訊。

按一下以瞭解更多...
Clear-Site-Data良性控制用戶端瀏覽器為來源伺服器儲存的資料。

按一下以瞭解更多...
X-Permitted-Cross-Domain-Policies良性控制 Web 用戶端(例如,Adobe Flash Player 或 Adobe Acrobat)是否有權跨網域處理資料。

按一下以瞭解更多...
Permissions-Policy允許和拒絕在文件或 iframe 中使用瀏覽器功能。

按一下以瞭解更多...
Cross-Origin-Embedder-Policy設定將跨來源資源嵌入至文件中。

按一下以瞭解更多...
Cross-Origin-Opener-Policy確保頂層文件不會與跨來源文件共用瀏覽上下文群組。

按一下以瞭解更多...
Cross-Origin-Resource-Policy要求瀏覽器封鎖對給定資源的 no-cors 跨來源/跨網站要求。

按一下以瞭解更多...
X-XSS-Protection1已棄用已棄用。偵測到反射式 Cross-site scripting (XSS) 攻擊時,阻止載入頁面。

按一下以瞭解更多...
Feature-Policy已棄用已棄用。取代為 Permissions-Policy 標頭。

按一下以瞭解更多...
Expect-CT已棄用已棄用。選擇加入報告和/或強制執行憑證透明度要求。

按一下以瞭解更多...
Public-Key-Pins已棄用已棄用。允許 HTTPS 網站抵制攻擊者使用錯誤核發或詐騙性憑證進行假冒。

按一下以瞭解更多...

安全違規 · 找到 5 個

違反安全性原則的要求或資源

違規類型資訊
資源
https://www.googletagmanager.com/gtm.js?id=GTM-KBNQPP8
描述
Refused to load the script 'https://sc-static.net/scevent.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' static.hsappstatic.net mcprod.hookah-shisha.com www.googletagmanager.com cdn.statstrk01.com js-eu1.hs-scripts.com cdn-widgetsrepository.yotpo.com *.yotpo.com js-eu1.usemessages.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net www.youtube.com static.doubleclick.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.ryzeo.com www.google-analytics.com *.signifyd.com *.spreedly.com *.privy.com www.hookah-shisha.com pop1.screenpopper.com www.googleoptimize.com *.surfside.io *.mczbf.com growth-hit.s3.us-west-2.amazonaws.com smct.co js.smct.io js.alocdn.com *.shop.pe d3rr3d0n31t48m.cloudfront.net static.bouncepilot.com addshoppers.s3.amazonaws.com static.addtoany.com imgs.cdn-btsg.com js-eu1.hsforms.net www.google.com/recaptcha/ *.klarnacdn.net *.vr-pay-ecommerce.de *.hotjar.com *.hotjar.io *.klaviyo.com connect.facebook.net cdn01.basis.net www.google.com *.pagesense.io *.zohopublic.com *.zohocdn.com *.zohostatic.com track.omguk.com addshoppers.com d2mjzob2nc713b.cloudfront.net *.traversedlp.com voltn.com wt.rqtrk.eu *.criteo.com shop.pe/widget/conv shop.pe/widget/conv/* shop.pe/widget/main/init/params shop.pe/widget/widget_async.js https://shop.pe/widget/conv https://shop.pe/widget/conv/params https://shop.pe/widget/conv/params* *.hookah-shisha.com *.southsmoke.com js-eu1.hubspotfeedback.com maps.googleapis.com player.vimeo.com us.ooka.com usa.ooka.com h64.online-metrix.net 3liglobal.github.io cdn.mida.so consent.cookiefirst.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
描述
Refused to load the script 'https://www.clickcease.com/monitor/stat.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' static.hsappstatic.net mcprod.hookah-shisha.com www.googletagmanager.com cdn.statstrk01.com js-eu1.hs-scripts.com cdn-widgetsrepository.yotpo.com *.yotpo.com js-eu1.usemessages.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net www.youtube.com static.doubleclick.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.ryzeo.com www.google-analytics.com *.signifyd.com *.spreedly.com *.privy.com www.hookah-shisha.com pop1.screenpopper.com www.googleoptimize.com *.surfside.io *.mczbf.com growth-hit.s3.us-west-2.amazonaws.com smct.co js.smct.io js.alocdn.com *.shop.pe d3rr3d0n31t48m.cloudfront.net static.bouncepilot.com addshoppers.s3.amazonaws.com static.addtoany.com imgs.cdn-btsg.com js-eu1.hsforms.net www.google.com/recaptcha/ *.klarnacdn.net *.vr-pay-ecommerce.de *.hotjar.com *.hotjar.io *.klaviyo.com connect.facebook.net cdn01.basis.net www.google.com *.pagesense.io *.zohopublic.com *.zohocdn.com *.zohostatic.com track.omguk.com addshoppers.com d2mjzob2nc713b.cloudfront.net *.traversedlp.com voltn.com wt.rqtrk.eu *.criteo.com shop.pe/widget/conv shop.pe/widget/conv/* shop.pe/widget/main/init/params shop.pe/widget/widget_async.js https://shop.pe/widget/conv https://shop.pe/widget/conv/params https://shop.pe/widget/conv/params* *.hookah-shisha.com *.southsmoke.com js-eu1.hubspotfeedback.com maps.googleapis.com player.vimeo.com us.ooka.com usa.ooka.com h64.online-metrix.net 3liglobal.github.io cdn.mida.so consent.cookiefirst.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
資源
https://track.omguk.com/e/qs/?action=Content&MID=2353428&PID=55472&ref=https%3A//www.ooka.com/
描述
Refused to load the script 'https://userjournies.com/journey.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' static.hsappstatic.net mcprod.hookah-shisha.com www.googletagmanager.com cdn.statstrk01.com js-eu1.hs-scripts.com cdn-widgetsrepository.yotpo.com *.yotpo.com js-eu1.usemessages.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net www.youtube.com static.doubleclick.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.ryzeo.com www.google-analytics.com *.signifyd.com *.spreedly.com *.privy.com www.hookah-shisha.com pop1.screenpopper.com www.googleoptimize.com *.surfside.io *.mczbf.com growth-hit.s3.us-west-2.amazonaws.com smct.co js.smct.io js.alocdn.com *.shop.pe d3rr3d0n31t48m.cloudfront.net static.bouncepilot.com addshoppers.s3.amazonaws.com static.addtoany.com imgs.cdn-btsg.com js-eu1.hsforms.net www.google.com/recaptcha/ *.klarnacdn.net *.vr-pay-ecommerce.de *.hotjar.com *.hotjar.io *.klaviyo.com connect.facebook.net cdn01.basis.net www.google.com *.pagesense.io *.zohopublic.com *.zohocdn.com *.zohostatic.com track.omguk.com addshoppers.com d2mjzob2nc713b.cloudfront.net *.traversedlp.com voltn.com wt.rqtrk.eu *.criteo.com shop.pe/widget/conv shop.pe/widget/conv/* shop.pe/widget/main/init/params shop.pe/widget/widget_async.js https://shop.pe/widget/conv https://shop.pe/widget/conv/params https://shop.pe/widget/conv/params* *.hookah-shisha.com *.southsmoke.com js-eu1.hubspotfeedback.com maps.googleapis.com player.vimeo.com us.ooka.com usa.ooka.com h64.online-metrix.net 3liglobal.github.io cdn.mida.so consent.cookiefirst.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
資源
https://track.omguk.com/e/qs/?action=Content&MID=2353428&PID=55472&ref=https%3A//www.ooka.com/
描述
Refused to load the script 'https://abhiwebdd.com/audience.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' static.hsappstatic.net mcprod.hookah-shisha.com www.googletagmanager.com cdn.statstrk01.com js-eu1.hs-scripts.com cdn-widgetsrepository.yotpo.com *.yotpo.com js-eu1.usemessages.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net www.youtube.com static.doubleclick.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.ryzeo.com www.google-analytics.com *.signifyd.com *.spreedly.com *.privy.com www.hookah-shisha.com pop1.screenpopper.com www.googleoptimize.com *.surfside.io *.mczbf.com growth-hit.s3.us-west-2.amazonaws.com smct.co js.smct.io js.alocdn.com *.shop.pe d3rr3d0n31t48m.cloudfront.net static.bouncepilot.com addshoppers.s3.amazonaws.com static.addtoany.com imgs.cdn-btsg.com js-eu1.hsforms.net www.google.com/recaptcha/ *.klarnacdn.net *.vr-pay-ecommerce.de *.hotjar.com *.hotjar.io *.klaviyo.com connect.facebook.net cdn01.basis.net www.google.com *.pagesense.io *.zohopublic.com *.zohocdn.com *.zohostatic.com track.omguk.com addshoppers.com d2mjzob2nc713b.cloudfront.net *.traversedlp.com voltn.com wt.rqtrk.eu *.criteo.com shop.pe/widget/conv shop.pe/widget/conv/* shop.pe/widget/main/init/params shop.pe/widget/widget_async.js https://shop.pe/widget/conv https://shop.pe/widget/conv/params https://shop.pe/widget/conv/params* *.hookah-shisha.com *.southsmoke.com js-eu1.hubspotfeedback.com maps.googleapis.com player.vimeo.com us.ooka.com usa.ooka.com h64.online-metrix.net 3liglobal.github.io cdn.mida.so consent.cookiefirst.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...
描述
Refused to load the script 'https://stringmodule.com/mod.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' static.hsappstatic.net mcprod.hookah-shisha.com www.googletagmanager.com cdn.statstrk01.com js-eu1.hs-scripts.com cdn-widgetsrepository.yotpo.com *.yotpo.com js-eu1.usemessages.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net www.youtube.com static.doubleclick.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.ryzeo.com www.google-analytics.com *.signifyd.com *.spreedly.com *.privy.com www.hookah-shisha.com pop1.screenpopper.com www.googleoptimize.com *.surfside.io *.mczbf.com growth-hit.s3.us-west-2.amazonaws.com smct.co js.smct.io js.alocdn.com *.shop.pe d3rr3d0n31t48m.cloudfront.net static.bouncepilot.com addshoppers.s3.amazonaws.com static.addtoany.com imgs.cdn-btsg.com js-eu1.hsforms.net www.google.com/recaptcha/ *.klarnacdn.net *.vr-pay-ecommerce.de *.hotjar.com *.hotjar.io *.klaviyo.com connect.facebook.net cdn01.basis.net www.google.com *.pagesense.io *.zohopublic.com *.zohocdn.com *.zohostatic.com track.omguk.com addshoppers.com d2mjzob2nc713b.cloudfront.net *.traversedlp.com voltn.com wt.rqtrk.eu *.criteo.com shop.pe/widget/conv shop.pe/widget/conv/* shop.pe/widget/main/init/params shop.pe/widget/widget_async.js https://shop.pe/widget/conv https://shop.pe/widget/conv/params https://shop.pe/widget/conv/params* *.hookah-shisha.com *.southsmoke.com js-eu1.hubspotfeedback.com maps.googleapis.com player.vimeo.com us.ooka.com usa.ooka.com h64.online-metrix.net 3liglobal.github.io cdn.mida.so consent.cookiefirst.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
內容安全性原則控制允許使用者代理程式為給定頁面載入的資源。

按一下以瞭解更多...

憑證 · 找到 47 個

SSL/TLS 憑證可讓網站加密用戶端與伺服器之間的交易,並提供伺服器身分識別驗證

主旨核發日期到期日
ooka.com2024年2月21日 00:00:002025年3月8日 23:59:59
*.google.com2024年11月4日 08:37:472025年1月27日 08:37:46
use.typekit.net2024年12月10日 00:00:002026年1月10日 23:59:59
*.google-analytics.com2024年11月4日 08:37:472025年1月27日 08:37:46
hs-scripts.com2024年11月24日 01:27:542025年2月22日 01:27:53
hs-banner.com2024年11月22日 22:12:572025年2月20日 22:12:56
hs-analytics.net2024年12月5日 00:50:142025年3月5日 00:50:13
usemessages.com2024年12月4日 15:37:552025年3月4日 15:37:54
*.cookiefirst.com2024年12月3日 00:00:002025年12月16日 23:59:59
*.hotjar.com2024年5月22日 00:00:002025年6月20日 23:59:59