urlscan.io logo urlscan.io
SecurityTrails logo

www.corecloud.com.tw Open in urlscan Pro
61.220.142.239  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.corecloud.com.tw/corecloud/pages/news/news_23.html
Submission: On August 01 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 15 HTTP transactions. The main IP is 61.220.142.239, located in Taoyuan District, Taiwan and belongs to HINET Data Communication Business Group, TW. The main domain is www.corecloud.com.tw.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 24th 2024. Valid for: a year.
This is the only time www.corecloud.com.tw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 61.220.142.239 3462 (HINET Dat...)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
15 6
6    61.220.142.239 (Taoyuan District, Taiwan)

ASN3462 (HINET Data Communication Business Group, TW)
PTR: 61-220-142-239.hinet-ip.hinet.net
www.corecloud.com.tw
4    2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
Apex Domain
Subdomains		 Transfer
6 corecloud.com.tw
www.corecloud.com.tw
37 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
383 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
21 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
258 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
878 B
0 google.de Failed
www.google.de Failed
15 6
Domain Requested by
6 www.corecloud.com.tw www.corecloud.com.tw
4 www.googletagmanager.com www.corecloud.com.tw
www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 fonts.googleapis.com www.corecloud.com.tw
0 www.google.de Failed www.corecloud.com.tw
15 6

This site contains links to these domains. Also see Links.

Domain
www.ithome.com.tw
www.netfos.com.tw
www.diyatech.com.tw
www.cloudmall.com.tw
Subject Issuer Validity Valid
*.corecloud.com.tw
Sectigo RSA Domain Validation Secure Server CA		 2024-01-24 -
2025-02-23		 a year crt.sh
*.google-analytics.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
upload.video.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.corecloud.com.tw/corecloud/pages/news/news_23.html
Frame ID: 55B7E51367FEC80EA9EE98F0E621C5B7
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

中芯數據發現APT41駭客春節期間出手蓄謀已久的新一波攻擊

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

15
Requests

93 %
HTTPS

80 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

442 kB
Transfer

1312 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request news_23.html
www.corecloud.com.tw/corecloud/pages/news/ 		15 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.corecloud.com.tw/corecloud/pages/news/news_23.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
61.220.142.239 Taoyuan District, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
61-220-142-239.hinet-ip.hinet.net
Software
Apache /
Resource Hash
9f87cd85406ea7c2d03057b2d1eb736b86d1ff546736bdb7b6b0bc32603e6bbf
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN, ALLOW-FROM https://docs.google.com
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
5634
Content-Security-Policy
default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Content-Type
text/html
Date
Thu, 01 Aug 2024 12:16:39 GMT
ETag
"3cd9-618de4a7f3f50-gzip"
Keep-Alive
timeout=5, max=100
Last-Modified
Mon, 20 May 2024 08:14:31 GMT
Permissions-Policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Referrer-Policy
strict-origin
Server
Apache
Strict-Transport-Security
max-age=63072000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY SAMEORIGIN, ALLOW-FROM https://docs.google.com
X-XSS-Protection
1; mode=block
style.css
www.corecloud.com.tw/corecloud/css/ 		64 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.corecloud.com.tw/corecloud/css/style.css
Requested by
Host: www.corecloud.com.tw
URL: https://www.corecloud.com.tw/corecloud/pages/news/news_23.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
61.220.142.239 Taoyuan District, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
61-220-142-239.hinet-ip.hinet.net
Software
Apache /
Resource Hash
63103233f9aa5c87abf46ebd48ba75202d500233b078e56fd1065750155ba546
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN, ALLOW-FROM https://docs.google.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 01 Aug 2024 12:16:40 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
11396
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Tue, 28 May 2024 08:50:22 GMT
Server
Apache
ETag
"101c2-6197fb96acaa6-gzip"
X-Frame-Options
DENY, SAMEORIGIN, ALLOW-FROM https://docs.google.com
Vary
Accept-Encoding
Content-Type
text/css
Permissions-Policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
corecloud-logo-w.png
www.corecloud.com.tw/corecloud/images/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.corecloud.com.tw/corecloud/images/corecloud-logo-w.png
Requested by
Host: www.corecloud.com.tw
URL: https://www.corecloud.com.tw/corecloud/pages/news/news_23.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
61.220.142.239 Taoyuan District, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
61-220-142-239.hinet-ip.hinet.net
Software
Apache /
Resource Hash
fd23018a9ad6ea29e402c8aa0f658c24732df363feefac69c3576f3013b3d461
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN, ALLOW-FROM https://docs.google.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 01 Aug 2024 12:16:41 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Connection
Keep-Alive
Content-Length
11969
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 20 May 2024 05:13:33 GMT
Server
Apache
ETag
"2ec1-618dbc34345a9"
X-Frame-Options
DENY, SAMEORIGIN, ALLOW-FROM https://docs.google.com
Content-Type
image/png
Permissions-Policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
gtm.js
www.googletagmanager.com/ 		279 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5TBBKCW
Requested by
Host: www.corecloud.com.tw
URL: https://www.corecloud.com.tw/corecloud/pages/news/news_23.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9e60d27f097bea32932910e70f3fec53145839e7051be795901aa9f4d9498178
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 01 Aug 2024 12:16:40 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100269
x-xss-protection
0
last-modified
Thu, 01 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 01 Aug 2024 12:16:40 GMT
corecloud_gp.jpg
www.corecloud.com.tw/corecloud/pages/news/news_23/ 		48 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.corecloud.com.tw/corecloud/pages/news/news_23/corecloud_gp.jpg
Requested by
Host: www.corecloud.com.tw
URL: https://www.corecloud.com.tw/corecloud/pages/news/news_23.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
61.220.142.239 Taoyuan District, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
61-220-142-239.hinet-ip.hinet.net
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN, ALLOW-FROM https://docs.google.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 01 Aug 2024 12:16:41 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Connection
Keep-Alive
Content-Length
91998
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Fri, 03 May 2024 09:02:30 GMT
Server
Apache
ETag
"1675e-61788fac592b8"
X-Frame-Options
DENY, SAMEORIGIN, ALLOW-FROM https://docs.google.com
Content-Type
image/jpeg
Permissions-Policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
system.js
www.corecloud.com.tw/corecloud/js/ 		135 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.corecloud.com.tw/corecloud/js/system.js
Requested by
Host: www.corecloud.com.tw
URL: https://www.corecloud.com.tw/corecloud/pages/news/news_23.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
61.220.142.239 Taoyuan District, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
61-220-142-239.hinet-ip.hinet.net
Software
Apache /
Resource Hash
cdb8e4326e90f17af40ec58f11f9b8605c1e2613a62a4cacb71f6c877bcc4f01
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN, ALLOW-FROM https://docs.google.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 01 Aug 2024 12:16:41 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
155
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 06 May 2024 03:14:47 GMT
Server
Apache
ETag
"87-617c078c64e7a-gzip"
X-Frame-Options
DENY, SAMEORIGIN, ALLOW-FROM https://docs.google.com
Vary
Accept-Encoding
Content-Type
application/javascript
Permissions-Policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
js
www.googletagmanager.com/gtag/ 		321 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-L9TDSN36G0&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5TBBKCW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
82a67ea92d53165210be976708a48e236a5c62750de146db4c50874b2c69ae51
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 01 Aug 2024 12:16:40 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
107146
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 01 Aug 2024 12:16:40 GMT
destination
www.googletagmanager.com/gtag/ 		260 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-10866466879&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5TBBKCW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ef1b71d84bc9619d3b616ed967c54ac3c449f19df268585345ba6885fd7a6552
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 01 Aug 2024 12:16:40 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
91851
x-xss-protection
0
last-modified
Thu, 01 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 01 Aug 2024 12:16:40 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5TBBKCW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 01 Aug 2024 10:29:07 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
6453
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 01 Aug 2024 12:29:07 GMT
js
www.googletagmanager.com/gtag/ 		260 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10866466879
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5TBBKCW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c46af52cc061e698b633f0b9991e2f99518e21ffce0780f699ce65bd621181c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 01 Aug 2024 12:16:40 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
91867
x-xss-protection
0
last-modified
Thu, 01 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 01 Aug 2024 12:16:40 GMT
collect
www.google-analytics.com/j/ 		3 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=156745812&t=pageview&_s=1&dl=https%3A%2F%2Fwww.corecloud.com.tw%2Fcorecloud%2Fpages%2Fnews%2Fnews_23.html&ul=de-de&de=UTF-8&dt=%E4%B8%AD%E8%8A%AF%E6%95%B8%E6%93%9A%E7%99%BC%E7%8F%BEAPT41%E9%A7%AD%E5%AE%A2%E6%98%A5%E7%AF%80%E6%9C%9F%E9%96%93%E5%87%BA%E6%89%8B%E8%93%84%E8%AC%80%E5%B7%B2%E4%B9%85%E7%9A%84%E6%96%B0%E4%B8%80%E6%B3%A2%E6%94%BB%E6%93%8A&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABAAAAAC~&jid=143664260&gjid=1017007994&cid=1773626055.1722514601&tid=UA-211785768-1&_gid=1225327628.1722514601&_r=1&_slc=1&gtm=45He47v0n815TBBKCWv860694020za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=95250753&npa=1&z=1112209987
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 01 Aug 2024 12:16:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.corecloud.com.tw
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ 		1 KB
878 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Quicksand:300
Requested by
Host: www.corecloud.com.tw
URL: https://www.corecloud.com.tw/corecloud/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
31bcdb31d4642d78a377564d00c895930d50744e984eca6b262b8708226cbe4c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 01 Aug 2024 12:16:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 01 Aug 2024 12:07:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 01 Aug 2024 12:16:41 GMT
supervised_user_circle_FILL0_wght400_GRAD0_opsz48.svg
www.corecloud.com.tw/corecloud/images/ 		1 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.corecloud.com.tw/corecloud/images/supervised_user_circle_FILL0_wght400_GRAD0_opsz48.svg
Requested by
Host: www.corecloud.com.tw
URL: https://www.corecloud.com.tw/corecloud/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
61.220.142.239 Taoyuan District, Taiwan, ASN3462 (HINET Data Communication Business Group, TW),
Reverse DNS
61-220-142-239.hinet-ip.hinet.net
Software
Apache /
Resource Hash
cd21c23a25fbffb6970e9d7ddaa702e41704144785ceacd9b5e1619cc2be0122
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN, ALLOW-FROM https://docs.google.com
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 01 Aug 2024 12:16:41 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Connection
Keep-Alive
Content-Length
1127
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 20 May 2024 05:13:34 GMT
Server
Apache
ETag
"467-618dbc359bba8"
X-Frame-Options
DENY, SAMEORIGIN, ALLOW-FROM https://docs.google.com
Content-Type
image/svg+xml
Permissions-Policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
collect
stats.g.doubleclick.net/g/ 		0
258 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-L9TDSN36G0&cid=1773626055.1722514601&gtm=45je47v0v875482346z8860694020za200zb860694020&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&tag_exp=95250752
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-L9TDSN36G0&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.corecloud.com.tw/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 01 Aug 2024 12:16:42 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.corecloud.com.tw
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.de
URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-L9TDSN36G0&cid=1773626055.1722514601&gtm=45je47v0v875482346z8860694020za200zb860694020&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&tag_exp=95250752&tag_exp=95250752&z=1405314661

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| gtag function| onYouTubeIframeAPIReady

5 Cookies

Domain/Path Name / Value
.corecloud.com.tw/ Name: _gcl_au
Value: 1.1.729070401.1722514601
.corecloud.com.tw/ Name: _gid
Value: GA1.3.1225327628.1722514601
.corecloud.com.tw/ Name: _gat_UA-211785768-1
Value: 1
.corecloud.com.tw/ Name: _ga
Value: GA1.1.1773626055.1722514601
.corecloud.com.tw/ Name: _ga_L9TDSN36G0
Value: GS1.1.1722514602.1.0.1722514602.60.0.0

7 Console Messages

Source Level URL
Text
security error URL: https://www.googletagmanager.com/gtag/js?id=G-L9TDSN36G0&l=dataLayer&cx=c(Line 236)
Message:
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-L9TDSN36G0&gtm=45je47v0v875482346z8860694020za200zb860694020&_p=1722514600459&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250752&cid=1773626055.1722514601&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1722514602&sct=1&seg=0&dl=https%3A%2F%2Fwww.corecloud.com.tw%2Fcorecloud%2Fpages%2Fnews%2Fnews_23.html&dt=%E4%B8%AD%E8%8A%AF%E6%95%B8%E6%93%9A%E7%99%BC%E7%8F%BEAPT41%E9%A7%AD%E5%AE%A2%E6%98%A5%E7%AF%80%E6%9C%9F%E9%96%93%E5%87%BA%E6%89%8B%E8%93%84%E8%AC%80%E5%B7%B2%E4%B9%85%E7%9A%84%E6%96%B0%E4%B8%80%E6%B3%A2%E6%94%BB%E6%93%8A&en=page_view&_fv=1&_ss=1&tfd=4770' because it violates the following Content Security Policy directive: "default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
javascript error URL: https://www.googletagmanager.com/gtag/js?id=G-L9TDSN36G0&l=dataLayer&cx=c(Line 236)
Message:
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-L9TDSN36G0&gtm=45je47v0v875482346z8860694020za200zb860694020&_p=1722514600459&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250752&cid=1773626055.1722514601&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1722514602&sct=1&seg=0&dl=https%3A%2F%2Fwww.corecloud.com.tw%2Fcorecloud%2Fpages%2Fnews%2Fnews_23.html&dt=%E4%B8%AD%E8%8A%AF%E6%95%B8%E6%93%9A%E7%99%BC%E7%8F%BEAPT41%E9%A7%AD%E5%AE%A2%E6%98%A5%E7%AF%80%E6%9C%9F%E9%96%93%E5%87%BA%E6%89%8B%E8%93%84%E8%AC%80%E5%B7%B2%E4%B9%85%E7%9A%84%E6%96%B0%E4%B8%80%E6%B3%A2%E6%94%BB%E6%93%8A&en=page_view&_fv=1&_ss=1&tfd=4770' because it violates the document's Content Security Policy.
security error URL: https://www.corecloud.com.tw/corecloud/pages/news/news_23.html
Message:
Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-L9TDSN36G0&cid=1773626055.1722514601&gtm=45je47v0v875482346z8860694020za200zb860694020&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&tag_exp=95250752&tag_exp=95250752&z=1405314661' because it violates the following Content Security Policy directive: "img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-L9TDSN36G0&l=dataLayer&cx=c(Line 236)
Message:
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-L9TDSN36G0&gtm=45je47v0v875482346za200zb860694020&_p=1722514600459&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250752&cid=1773626055.1722514601&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EEA&_s=2&sid=1722514602&sct=1&seg=0&dl=https%3A%2F%2Fwww.corecloud.com.tw%2Fcorecloud%2Fpages%2Fnews%2Fnews_23.html&dt=%E4%B8%AD%E8%8A%AF%E6%95%B8%E6%93%9A%E7%99%BC%E7%8F%BEAPT41%E9%A7%AD%E5%AE%A2%E6%98%A5%E7%AF%80%E6%9C%9F%E9%96%93%E5%87%BA%E6%89%8B%E8%93%84%E8%AC%80%E5%B7%B2%E4%B9%85%E7%9A%84%E6%96%B0%E4%B8%80%E6%B3%A2%E6%94%BB%E6%93%8A&en=scroll&epn.percent_scrolled=90&_et=8&tfd=9338' because it violates the following Content Security Policy directive: "default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
javascript error URL: https://www.googletagmanager.com/gtag/js?id=G-L9TDSN36G0&l=dataLayer&cx=c(Line 236)
Message:
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-L9TDSN36G0&gtm=45je47v0v875482346za200zb860694020&_p=1722514600459&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250752&cid=1773626055.1722514601&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EEA&_s=2&sid=1722514602&sct=1&seg=0&dl=https%3A%2F%2Fwww.corecloud.com.tw%2Fcorecloud%2Fpages%2Fnews%2Fnews_23.html&dt=%E4%B8%AD%E8%8A%AF%E6%95%B8%E6%93%9A%E7%99%BC%E7%8F%BEAPT41%E9%A7%AD%E5%AE%A2%E6%98%A5%E7%AF%80%E6%9C%9F%E9%96%93%E5%87%BA%E6%89%8B%E8%93%84%E8%AC%80%E5%B7%B2%E4%B9%85%E7%9A%84%E6%96%B0%E4%B8%80%E6%B3%A2%E6%94%BB%E6%93%8A&en=scroll&epn.percent_scrolled=90&_et=8&tfd=9338' because it violates the document's Content Security Policy.
security error URL: https://www.googletagmanager.com/gtag/js?id=G-L9TDSN36G0&l=dataLayer&cx=c(Line 236)
Message:
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-L9TDSN36G0&gtm=45je47v0v875482346za200zb860694020&_p=1722514600459&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250752&cid=1773626055.1722514601&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=3&sid=1722514602&sct=1&seg=0&dl=https%3A%2F%2Fwww.corecloud.com.tw%2Fcorecloud%2Fpages%2Fnews%2Fnews_23.html&dt=%E4%B8%AD%E8%8A%AF%E6%95%B8%E6%93%9A%E7%99%BC%E7%8F%BEAPT41%E9%A7%AD%E5%AE%A2%E6%98%A5%E7%AF%80%E6%9C%9F%E9%96%93%E5%87%BA%E6%89%8B%E8%93%84%E8%AC%80%E5%B7%B2%E4%B9%85%E7%9A%84%E6%96%B0%E4%B8%80%E6%B3%A2%E6%94%BB%E6%93%8A&en=user_engagement&_et=4543&tfd=9339' because it violates the following Content Security Policy directive: "default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
javascript error URL: https://www.googletagmanager.com/gtag/js?id=G-L9TDSN36G0&l=dataLayer&cx=c(Line 236)
Message:
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-L9TDSN36G0&gtm=45je47v0v875482346za200zb860694020&_p=1722514600459&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250752&cid=1773626055.1722514601&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=3&sid=1722514602&sct=1&seg=0&dl=https%3A%2F%2Fwww.corecloud.com.tw%2Fcorecloud%2Fpages%2Fnews%2Fnews_23.html&dt=%E4%B8%AD%E8%8A%AF%E6%95%B8%E6%93%9A%E7%99%BC%E7%8F%BEAPT41%E9%A7%AD%E5%AE%A2%E6%98%A5%E7%AF%80%E6%9C%9F%E9%96%93%E5%87%BA%E6%89%8B%E8%93%84%E8%AC%80%E5%B7%B2%E4%B9%85%E7%9A%84%E6%96%B0%E4%B8%80%E6%B3%A2%E6%94%BB%E6%93%8A&en=user_engagement&_et=4543&tfd=9339' because it violates the document's Content Security Policy.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.google.com.tw; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://docs.google.com; object-src 'none'; frame-ancestors https://docs.google.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN, ALLOW-FROM https://docs.google.com
X-Xss-Protection 1; mode=block