urlscan.io logo urlscan.io
SecurityTrails logo

corretorjs.hdi.com.br Open in urlscan Pro
2600:1408:20::172e:ef33  Public Scan

Go To Rescan Add Verdict Report
URL: https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html
Submission: On November 06 via manual from BR — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 2600:1408:20::172e:ef33, located in Ashburn, United States and belongs to AKAMAI-ASN1, NL. The main domain is corretorjs.hdi.com.br.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 23rd 2024. Valid for: a year.
This is the only time corretorjs.hdi.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 2600:1408:20:... 20940 (AKAMAI-ASN1)
3 23.73.207.10 20940 (AKAMAI-ASN1)
9 3
Apex Domain
Subdomains		 Transfer
7 hdi.com.br
corretorjs.hdi.com.br
128 KB
0 go-mpulse.net Failed
s.go-mpulse.net Failed
9 2
Domain Requested by
7 corretorjs.hdi.com.br corretorjs.hdi.com.br
0 s.go-mpulse.net Failed corretorjs.hdi.com.br
9 2

This site contains no links.

Subject Issuer Validity Valid
*.hdi.com.br
DigiCert TLS RSA SHA256 2020 CA1		 2024-01-23 -
2025-01-25		 a year crt.sh

This page contains 2 frames:

Primary Page: https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html
Frame ID: 30C0F1590F5846F817B786C0DEACAD69
Requests: 10 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/M7FC8-SGXL5-H6296-BCH2T-C5JKS
Frame ID: 38E74C5F1A871788402325A3FAE7AAE6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HDI Seguros - Bate-pronto

Detected technologies

Overall confidence: 100%
Detected patterns

Page Statistics

9
Requests

78 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

128 kB
Transfer

354 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request flash.html
corretorjs.hdi.com.br/webtxt/hotsite/ 		7 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:20::172e:ef33 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b33e52e35b006a8f71689ef6ab8e0e8bf7f25d9776d11ca6d54def7e7187c989
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://*.jquery.com https://*.hdiseguros.com.br https://connect.facebook.net https://*.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.adtrafficquality.google https://*.handtalk.me https://*.ckeditor.com https://jsuites.net https://*.doubleclick.net https://*.tiktok.com https://cdn.jsdelivr.net https://*.hotjar.com https://gc.kis.v2.scr.kaspersky-labs.com https://*.goadopt.io https://*.hdiseguros.com.br https://*.hdi.com.br https://axa.saas.ca.com https://checkoutshopper-live.adyen.com https://maxcdn.bootstrapcdn.com https://tpc.googlesyndication.com https://ib.adnxs.com https://*.google.com.br https://*.google.com https://partner.googleadservices.com https://*.tradelab.fr https://maps.googleapis.com https://unpkg.com https://tracker.metricool.com https://snap.licdn.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com https://cdn.mouseflow.com https://*.santanderauto.com.br https://*.hdiseguros.com.br https://code.jquery.com https://script.crazyegg.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://connect.facebook.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; style-src-elem 'self' 'unsafe-inline' https://*.jsdelivr.net https://www.gstatic.com https://checkoutshopper-live.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://*.jquery.com https://fonts.googleapis.com https://use.fontawesome.com https://checkoutshopper-live; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://assets; img-src 'self' blob: https://*.handtalk.me http://*.santanderauto.com.br https://*.santanderauto.com.br https://*.adnxs.com https://*.facebook.com https://tr.audio.ad https://*.linkedin.com https://*.googleapis.com https://*.qualtrics.com https://*.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://maps.googleapis.com https://maps.gstatic.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://*.google.com https://*.google.com.br https://its.tradelab.fr https://secure.adnxs.com https://tracker.metricool.com https://pagead2.googlesyndication.com data:; connect-src 'self' wss: ws: https://*.handtalk.me https://*.amazonaws.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.hotjar.io https://*.tiktok.com https://*.linkedin.com http://*.hdi.com.br https://*.google.com https://*.hotjar.com https://*.microsoftonline.com https://*.oribi.io https://*.goadopt.io https://pagead2.googlesyndication.com https://maps.googleapis.com https://stats.g.doubleclick.net/ https://*.santanderauto.com.br https://siteintercept.qualtrics.com https://www.google-analytics.com https://*.crazyegg.com https://*.hdi.com.br https://*.hdiseguros.com.br https://*.hdiglobalbrasil.com.br; worker-src 'self' blob: https://*.hdi.com.br https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br; frame-src https://*.handtalk.me https://*.doubleclick.net https://hdibrazil.az1.qualtrics.com https://checkoutshopper-live.adye https://*.powerbi.com https://*.adyen.com https://tpc.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://*.hdi.com.br http://*.hdi.com.br https://*.youtube.com https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br https://*.hdiseguros.com.br http://*.hdiseguros.com.br
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=93600
cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
3413
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://*.jquery.com https://*.hdiseguros.com.br https://connect.facebook.net https://*.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.adtrafficquality.google https://*.handtalk.me https://*.ckeditor.com https://jsuites.net https://*.doubleclick.net https://*.tiktok.com https://cdn.jsdelivr.net https://*.hotjar.com https://gc.kis.v2.scr.kaspersky-labs.com https://*.goadopt.io https://*.hdiseguros.com.br https://*.hdi.com.br https://axa.saas.ca.com https://checkoutshopper-live.adyen.com https://maxcdn.bootstrapcdn.com https://tpc.googlesyndication.com https://ib.adnxs.com https://*.google.com.br https://*.google.com https://partner.googleadservices.com https://*.tradelab.fr https://maps.googleapis.com https://unpkg.com https://tracker.metricool.com https://snap.licdn.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com https://cdn.mouseflow.com https://*.santanderauto.com.br https://*.hdiseguros.com.br https://code.jquery.com https://script.crazyegg.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://connect.facebook.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; style-src-elem 'self' 'unsafe-inline' https://*.jsdelivr.net https://www.gstatic.com https://checkoutshopper-live.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://*.jquery.com https://fonts.googleapis.com https://use.fontawesome.com https://checkoutshopper-live; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://assets; img-src 'self' blob: https://*.handtalk.me http://*.santanderauto.com.br https://*.santanderauto.com.br https://*.adnxs.com https://*.facebook.com https://tr.audio.ad https://*.linkedin.com https://*.googleapis.com https://*.qualtrics.com https://*.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://maps.googleapis.com https://maps.gstatic.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://*.google.com https://*.google.com.br https://its.tradelab.fr https://secure.adnxs.com https://tracker.metricool.com https://pagead2.googlesyndication.com data:; connect-src 'self' wss: ws: https://*.handtalk.me https://*.amazonaws.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.hotjar.io https://*.tiktok.com https://*.linkedin.com http://*.hdi.com.br https://*.google.com https://*.hotjar.com https://*.microsoftonline.com https://*.oribi.io https://*.goadopt.io https://pagead2.googlesyndication.com https://maps.googleapis.com https://stats.g.doubleclick.net/ https://*.santanderauto.com.br https://siteintercept.qualtrics.com https://www.google-analytics.com https://*.crazyegg.com https://*.hdi.com.br https://*.hdiseguros.com.br https://*.hdiglobalbrasil.com.br; worker-src 'self' blob: https://*.hdi.com.br https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br; frame-src https://*.handtalk.me https://*.doubleclick.net https://hdibrazil.az1.qualtrics.com https://checkoutshopper-live.adye https://*.powerbi.com https://*.adyen.com https://tpc.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://*.hdi.com.br http://*.hdi.com.br https://*.youtube.com https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br https://*.hdiseguros.com.br http://*.hdiseguros.com.br
content-type
text/html
date
Wed, 06 Nov 2024 12:21:31 GMT
etag
"80a6b1e6c4ebca1:0"
expires
Wed, 06 Nov 2024 12:21:31 GMT
last-modified
Tue, 04 May 2010 20:03:45 GMT
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server-timing
cdn-cache; desc=MISS edge; dur=884 origin; dur=26 ak_p; desc="1730895689730_388951855_713721707_91011_26565_57_551_255";dur=1
strict-transport-security
max-age=16070400; includeSubDomains
vary
Accept-Encoding
x-akamai-transformed
9 1404 0 pmb=mTOE,3mRUM,1
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
AC_RunActiveContent.js
corretorjs.hdi.com.br/webtxt/hotsite/ 		8 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://corretorjs.hdi.com.br/webtxt/hotsite/AC_RunActiveContent.js
Requested by
Host: corretorjs.hdi.com.br
URL: https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:20::172e:ef33 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
dd4af212d2dce74565cb3360308141d23548e15a5a23d9a49c9cab69b55d95de
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://*.jquery.com https://*.hdiseguros.com.br https://connect.facebook.net https://*.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.adtrafficquality.google https://*.handtalk.me https://*.ckeditor.com https://jsuites.net https://*.doubleclick.net https://*.tiktok.com https://cdn.jsdelivr.net https://*.hotjar.com https://gc.kis.v2.scr.kaspersky-labs.com https://*.goadopt.io https://*.hdiseguros.com.br https://*.hdi.com.br https://axa.saas.ca.com https://checkoutshopper-live.adyen.com https://maxcdn.bootstrapcdn.com https://tpc.googlesyndication.com https://ib.adnxs.com https://*.google.com.br https://*.google.com https://partner.googleadservices.com https://*.tradelab.fr https://maps.googleapis.com https://unpkg.com https://tracker.metricool.com https://snap.licdn.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com https://cdn.mouseflow.com https://*.santanderauto.com.br https://*.hdiseguros.com.br https://code.jquery.com https://script.crazyegg.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://connect.facebook.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; style-src-elem 'self' 'unsafe-inline' https://*.jsdelivr.net https://www.gstatic.com https://checkoutshopper-live.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://*.jquery.com https://fonts.googleapis.com https://use.fontawesome.com https://checkoutshopper-live; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://assets; img-src 'self' blob: https://*.handtalk.me http://*.santanderauto.com.br https://*.santanderauto.com.br https://*.adnxs.com https://*.facebook.com https://tr.audio.ad https://*.linkedin.com https://*.googleapis.com https://*.qualtrics.com https://*.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://maps.googleapis.com https://maps.gstatic.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://*.google.com https://*.google.com.br https://its.tradelab.fr https://secure.adnxs.com https://tracker.metricool.com https://pagead2.googlesyndication.com data:; connect-src 'self' wss: ws: https://*.handtalk.me https://*.amazonaws.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.hotjar.io https://*.tiktok.com https://*.linkedin.com http://*.hdi.com.br https://*.google.com https://*.hotjar.com https://*.microsoftonline.com https://*.oribi.io https://*.goadopt.io https://pagead2.googlesyndication.com https://maps.googleapis.com https://stats.g.doubleclick.net/ https://*.santanderauto.com.br https://siteintercept.qualtrics.com https://www.google-analytics.com https://*.crazyegg.com https://*.hdi.com.br https://*.hdiseguros.com.br https://*.hdiglobalbrasil.com.br; worker-src 'self' blob: https://*.hdi.com.br https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br; frame-src https://*.handtalk.me https://*.doubleclick.net https://hdibrazil.az1.qualtrics.com https://checkoutshopper-live.adye https://*.powerbi.com https://*.adyen.com https://tpc.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://*.hdi.com.br http://*.hdi.com.br https://*.youtube.com https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br https://*.hdiseguros.com.br http://*.hdiseguros.com.br
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html

Response headers

content-encoding
gzip
etag
"0244690460c71:0"
x-content-type-options
nosniff
server-timing
cdn-cache; desc=HIT, edge; dur=919, ak_p; desc="1730895691289_388951855_713722464_91899_11239_63_0_219";dur=1
alt-svc
h3=":443"; ma=93600
date
Wed, 06 Nov 2024 12:21:32 GMT
content-type
application/x-javascript
last-modified
Tue, 06 Mar 2007 15:31:52 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://*.jquery.com https://*.hdiseguros.com.br https://connect.facebook.net https://*.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.adtrafficquality.google https://*.handtalk.me https://*.ckeditor.com https://jsuites.net https://*.doubleclick.net https://*.tiktok.com https://cdn.jsdelivr.net https://*.hotjar.com https://gc.kis.v2.scr.kaspersky-labs.com https://*.goadopt.io https://*.hdiseguros.com.br https://*.hdi.com.br https://axa.saas.ca.com https://checkoutshopper-live.adyen.com https://maxcdn.bootstrapcdn.com https://tpc.googlesyndication.com https://ib.adnxs.com https://*.google.com.br https://*.google.com https://partner.googleadservices.com https://*.tradelab.fr https://maps.googleapis.com https://unpkg.com https://tracker.metricool.com https://snap.licdn.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com https://cdn.mouseflow.com https://*.santanderauto.com.br https://*.hdiseguros.com.br https://code.jquery.com https://script.crazyegg.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://connect.facebook.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; style-src-elem 'self' 'unsafe-inline' https://*.jsdelivr.net https://www.gstatic.com https://checkoutshopper-live.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://*.jquery.com https://fonts.googleapis.com https://use.fontawesome.com https://checkoutshopper-live; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://assets; img-src 'self' blob: https://*.handtalk.me http://*.santanderauto.com.br https://*.santanderauto.com.br https://*.adnxs.com https://*.facebook.com https://tr.audio.ad https://*.linkedin.com https://*.googleapis.com https://*.qualtrics.com https://*.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://maps.googleapis.com https://maps.gstatic.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://*.google.com https://*.google.com.br https://its.tradelab.fr https://secure.adnxs.com https://tracker.metricool.com https://pagead2.googlesyndication.com data:; connect-src 'self' wss: ws: https://*.handtalk.me https://*.amazonaws.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.hotjar.io https://*.tiktok.com https://*.linkedin.com http://*.hdi.com.br https://*.google.com https://*.hotjar.com https://*.microsoftonline.com https://*.oribi.io https://*.goadopt.io https://pagead2.googlesyndication.com https://maps.googleapis.com https://stats.g.doubleclick.net/ https://*.santanderauto.com.br https://siteintercept.qualtrics.com https://www.google-analytics.com https://*.crazyegg.com https://*.hdi.com.br https://*.hdiseguros.com.br https://*.hdiglobalbrasil.com.br; worker-src 'self' blob: https://*.hdi.com.br https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br; frame-src https://*.handtalk.me https://*.doubleclick.net https://hdibrazil.az1.qualtrics.com https://checkoutshopper-live.adye https://*.powerbi.com https://*.adyen.com https://tpc.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://*.hdi.com.br http://*.hdi.com.br https://*.youtube.com https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br https://*.hdiseguros.com.br http://*.hdiseguros.com.br
cache-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
accept-ranges
bytes
content-length
3233
x-xss-protection
1; mode=block
4953df34
corretorjs.hdi.com.br/akam/13/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://corretorjs.hdi.com.br/akam/13/4953df34
Requested by
Host: corretorjs.hdi.com.br
URL: https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:20::172e:ef33 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
01c90c5ba4abb1b27fd027b56cf3ff56f5bc089fe55ff3636a48dc912164cec4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html

Response headers

cache-control
max-age=21600
content-encoding
gzip
etag
"37f5f32839cb0ddcc4ee6232a044e08df070f5343a6ec8d68a7ddd57bfd5975b"
pragma
no-cache
expires
Wed, 06 Nov 2024 12:21:31 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=75, origin; dur=0, ak_p; desc="1730895691289_388951855_713722466_7502_5465_57_0_146";dur=1
alt-svc
h3=":443"; ma=93600
content-length
8793
date
Wed, 06 Nov 2024 12:21:31 GMT
stored-attribute-sha-checksum
01c90c5ba4abb1b27fd027b56cf3ff56f5bc089fe55ff3636a48dc912164cec4
last-modified
Thu, 22 Feb 2024 19:49:37 GMT
content-type
application/javascript
vary
Accept-Encoding
khFX0B
corretorjs.hdi.com.br/B59pRVyi2kIpLEGuSg/LOOaNwmwfS6h/KWVMWWlW/IhRJIS/ 		302 KB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://corretorjs.hdi.com.br/B59pRVyi2kIpLEGuSg/LOOaNwmwfS6h/KWVMWWlW/IhRJIS/khFX0B
Requested by
Host: corretorjs.hdi.com.br
URL: https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:20::172e:ef33 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
41607e30e8f799c5a2186a887122d4ea806fd7114feeda38b33ab3340c8f73d7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html

Response headers

cache-control
max-age=21600, max-age=21600
content-encoding
br
etag
"48b7399ab2e81d3b52fc631d48d126a3b02c1b2ea59eb5bdb7e594d8ae250c85"
server-timing
cdn-cache; desc=HIT, edge; dur=63, origin; dur=0, ak_p; desc="1730895691289_388951855_713722465_6215_6818_57_0_219";dur=1
alt-svc
h3=":443"; ma=93600
content-length
105141
date
Wed, 06 Nov 2024 12:21:31 GMT
stored-attribute-sha-checksum
41607e30e8f799c5a2186a887122d4ea806fd7114feeda38b33ab3340c8f73d7
last-modified
Tue, 03 Sep 2024 15:50:57 GMT
content-type
application/javascript
vary
Accept-Encoding
M7FC8-SGXL5-H6296-BCH2T-C5JKS
s.go-mpulse.net/boomerang/ 		0
0
khFX0B
corretorjs.hdi.com.br/B59pRVyi2kIpLEGuSg/LOOaNwmwfS6h/KWVMWWlW/IhRJIS/ 		18 B
43 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://corretorjs.hdi.com.br/B59pRVyi2kIpLEGuSg/LOOaNwmwfS6h/KWVMWWlW/IhRJIS/khFX0B
Requested by
Host: corretorjs.hdi.com.br
URL: https://corretorjs.hdi.com.br/B59pRVyi2kIpLEGuSg/LOOaNwmwfS6h/KWVMWWlW/IhRJIS/khFX0B
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.73.207.10 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-73-207-10.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html

Response headers

access-control-allow-credentials
true
quic-version
0x00000001
x_req_id
9cca4964-c339-40a8-9efe-df570f28fba4
access-control-allow-origin
https://corretorjs.hdi.com.br
server-timing
edge; dur=52, origin; dur=167, cdn-cache; desc=MISS, ak_p; desc="1730895691363_389979018_2374151145_21874_9456_-_-_-";dur=1
content-length
18
alt-svc
h3=":443"; ma=93600
date
Wed, 06 Nov 2024 12:21:32 GMT
content-type
application/json
vary
Origin
access-control-allow-headers
Content-Type
M7FC8-SGXL5-H6296-BCH2T-C5JKS
s.go-mpulse.net/boomerang/ Frame 38E7 		0
0
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		157 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
favicon.ico
corretorjs.hdi.com.br/ 		1 KB
845 B 		Other
General
Check archive.org
Download Go to
Full URL
https://corretorjs.hdi.com.br/favicon.ico
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.73.207.10 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-73-207-10.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://*.jquery.com https://*.hdiseguros.com.br https://connect.facebook.net https://*.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.adtrafficquality.google https://*.handtalk.me https://*.ckeditor.com https://jsuites.net https://*.doubleclick.net https://*.tiktok.com https://cdn.jsdelivr.net https://*.hotjar.com https://gc.kis.v2.scr.kaspersky-labs.com https://*.goadopt.io https://*.hdiseguros.com.br https://*.hdi.com.br https://axa.saas.ca.com https://checkoutshopper-live.adyen.com https://maxcdn.bootstrapcdn.com https://tpc.googlesyndication.com https://ib.adnxs.com https://*.google.com.br https://*.google.com https://partner.googleadservices.com https://*.tradelab.fr https://maps.googleapis.com https://unpkg.com https://tracker.metricool.com https://snap.licdn.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com https://cdn.mouseflow.com https://*.santanderauto.com.br https://*.hdiseguros.com.br https://code.jquery.com https://script.crazyegg.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://connect.facebook.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; style-src-elem 'self' 'unsafe-inline' https://*.jsdelivr.net https://www.gstatic.com https://checkoutshopper-live.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://*.jquery.com https://fonts.googleapis.com https://use.fontawesome.com https://checkoutshopper-live; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://assets; img-src 'self' blob: https://*.handtalk.me http://*.santanderauto.com.br https://*.santanderauto.com.br https://*.adnxs.com https://*.facebook.com https://tr.audio.ad https://*.linkedin.com https://*.googleapis.com https://*.qualtrics.com https://*.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://maps.googleapis.com https://maps.gstatic.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://*.google.com https://*.google.com.br https://its.tradelab.fr https://secure.adnxs.com https://tracker.metricool.com https://pagead2.googlesyndication.com data:; connect-src 'self' wss: ws: https://*.handtalk.me https://*.amazonaws.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.hotjar.io https://*.tiktok.com https://*.linkedin.com http://*.hdi.com.br https://*.google.com https://*.hotjar.com https://*.microsoftonline.com https://*.oribi.io https://*.goadopt.io https://pagead2.googlesyndication.com https://maps.googleapis.com https://stats.g.doubleclick.net/ https://*.santanderauto.com.br https://siteintercept.qualtrics.com https://www.google-analytics.com https://*.crazyegg.com https://*.hdi.com.br https://*.hdiseguros.com.br https://*.hdiglobalbrasil.com.br; worker-src 'self' blob: https://*.hdi.com.br https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br; frame-src https://*.handtalk.me https://*.doubleclick.net https://hdibrazil.az1.qualtrics.com https://checkoutshopper-live.adye https://*.powerbi.com https://*.adyen.com https://tpc.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://*.hdi.com.br http://*.hdi.com.br https://*.youtube.com https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br https://*.hdiseguros.com.br http://*.hdiseguros.com.br
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html

Response headers

strict-transport-security
max-age=16070400; includeSubDomains
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://*.jquery.com https://*.hdiseguros.com.br https://connect.facebook.net https://*.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.adtrafficquality.google https://*.handtalk.me https://*.ckeditor.com https://jsuites.net https://*.doubleclick.net https://*.tiktok.com https://cdn.jsdelivr.net https://*.hotjar.com https://gc.kis.v2.scr.kaspersky-labs.com https://*.goadopt.io https://*.hdiseguros.com.br https://*.hdi.com.br https://axa.saas.ca.com https://checkoutshopper-live.adyen.com https://maxcdn.bootstrapcdn.com https://tpc.googlesyndication.com https://ib.adnxs.com https://*.google.com.br https://*.google.com https://partner.googleadservices.com https://*.tradelab.fr https://maps.googleapis.com https://unpkg.com https://tracker.metricool.com https://snap.licdn.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com https://cdn.mouseflow.com https://*.santanderauto.com.br https://*.hdiseguros.com.br https://code.jquery.com https://script.crazyegg.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://connect.facebook.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; style-src-elem 'self' 'unsafe-inline' https://*.jsdelivr.net https://www.gstatic.com https://checkoutshopper-live.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://*.jquery.com https://fonts.googleapis.com https://use.fontawesome.com https://checkoutshopper-live; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://assets; img-src 'self' blob: https://*.handtalk.me http://*.santanderauto.com.br https://*.santanderauto.com.br https://*.adnxs.com https://*.facebook.com https://tr.audio.ad https://*.linkedin.com https://*.googleapis.com https://*.qualtrics.com https://*.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://maps.googleapis.com https://maps.gstatic.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://*.google.com https://*.google.com.br https://its.tradelab.fr https://secure.adnxs.com https://tracker.metricool.com https://pagead2.googlesyndication.com data:; connect-src 'self' wss: ws: https://*.handtalk.me https://*.amazonaws.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.hotjar.io https://*.tiktok.com https://*.linkedin.com http://*.hdi.com.br https://*.google.com https://*.hotjar.com https://*.microsoftonline.com https://*.oribi.io https://*.goadopt.io https://pagead2.googlesyndication.com https://maps.googleapis.com https://stats.g.doubleclick.net/ https://*.santanderauto.com.br https://siteintercept.qualtrics.com https://www.google-analytics.com https://*.crazyegg.com https://*.hdi.com.br https://*.hdiseguros.com.br https://*.hdiglobalbrasil.com.br; worker-src 'self' blob: https://*.hdi.com.br https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br; frame-src https://*.handtalk.me https://*.doubleclick.net https://hdibrazil.az1.qualtrics.com https://checkoutshopper-live.adye https://*.powerbi.com https://*.adyen.com https://tpc.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://*.hdi.com.br http://*.hdi.com.br https://*.youtube.com https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br https://*.hdiseguros.com.br http://*.hdiseguros.com.br
cache-control
max-age=2591947
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
quic-version
0x00000001
server-timing
cdn-cache; desc=MISS, edge; dur=218, origin; dur=740, ak_p; desc="1730895692688_389979018_2374151984_95807_13149_-_-_-";dur=1
alt-svc
h3=":443"; ma=93600
content-length
816
x-xss-protection
1; mode=block
date
Wed, 06 Nov 2024 12:21:33 GMT
content-type
text/html
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
pixel_4953df34
corretorjs.hdi.com.br/akam/13/ 		0
17 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://corretorjs.hdi.com.br/akam/13/pixel_4953df34
Requested by
Host: corretorjs.hdi.com.br
URL: https://corretorjs.hdi.com.br/akam/13/4953df34
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.73.207.10 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-73-207-10.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html

Response headers

cache-control
max-age=0, no-cache, no-store
pragma
no-cache
quic-version
0x00000001
expires
Wed, 06 Nov 2024 12:21:33 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1730895693078_389979018_2374153834_159_8417_-_-_-";dur=1
alt-svc
h3=":443"; ma=93600
content-length
0
date
Wed, 06 Nov 2024 12:21:33 GMT
content-type
text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s.go-mpulse.net
URL
https://s.go-mpulse.net/boomerang/M7FC8-SGXL5-H6296-BCH2T-C5JKS
Domain
s.go-mpulse.net
URL
https://s.go-mpulse.net/boomerang/M7FC8-SGXL5-H6296-BCH2T-C5JKS

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| AC_FL_RunContent function| ControlVersion function| GetSwfVer function| DetectFlashVer function| AC_AddExtension function| AC_Generateobj function| AC_SW_RunContent function| AC_GetArgs string| BOOMR_API_key object| BOOMR number| BOOMR_lstart string| bazadebezolkohpepadr function| resizeWindow object| _cf object| bmak string| _sdTrace string| urhehlevkedkilrobacf number| BOOMR_onload number| w_width number| w_height

5 Cookies

Domain/Path Name / Value
corretorjs.hdi.com.br/ Name: HaHaHaHa
Value: !5KJnijX+g2cVJRN/tuuUprTwLzBj4p8jiSmEw964FIHXtoC5LI9PSzBhVR77giIfoJ74nbXIsK05Ig==
.corretorjs.hdi.com.br/ Name: TS01312d16
Value: 01d07791377696c803151d6adce78615f3610569fe4ff7d286ab33e605ed80156998231ae2e0638c2d3b5a9a8174586ea3fbb2f9744266f85b4af4f0e6c83aeb40e1c9e4be
.hdi.com.br/ Name: bm_sz
Value: A85B3809D9546172F3712D50EC2D3BE2~YAAQL+8uF+zrecOSAQAA0j1sARmQZJHHxe9kgDfAZgJHopZN8MPYdI1xbx3BPStzSwItT2YMF3r9yw/pMb4DN67C4zpBvS+rDxBb1ZOSQEb7doLEeRhVX5niuAM61BVbRZ73at8tf8/7kFTKRTvH5FRUipebPzmmkl9mlGNusvWLUvraxAgcd5w0JL1wO9qAGplAldTLzUVsZ6t/+iNky7gp7PopYbXr0UC+Oc3nkAwKmivdhR71GwfEExYrCxwbcxxHDZla2mjRXHAEhfIfehbZprnCxIbXbIrBIiMyHZgoMrE9u0J6Co/u4N6BQBxq/CFX/KJyF2wf0hPrUBTRAvGCKS4Y6NOuFyatMy7nDd1RKieJTdeWZZCMJ88ydYbFxm/sX6uk3ARx0Lot14M1qdsu0A==~3163448~3682355
.hdi.com.br/ Name: _abck
Value: 2AE0284C075B699E220B3F77E636C1B5~0~YAAQips+F0EXYNmSAQAAg0NsAQxmB7jETmCPrWCFDxhURQg5NW95JvCQnjHVFYQ57RwHp7/dzXCbzeooFjuogBDyMoxXr1tLool5MRUpbj8MpFuKGowu4iLC3js7/toLcTvVsRg9DdhY/KaaTXjWqLJ7M4HApRsILgSg54uplA+lSgOBpH/B9MM4VPN91I95QsiuLx6blA85gcnCv7eOVYfmXiODOnsgAAwr5lhqPKRLD1Ivv5gFP9PfVTDEvW3q0tlLQUWC0k/aNlvlQQ3meHmbK+lLuLrbtSQ/L7rJnbqNWy9joeg+2teHyPUoI1P4kvYch6lhkVRqN1+SptGzeXxe0HO6WFZwOC35z5ivF2+jFUVZ3Pd1IOVgdwZPhUarVpktU4hDQpE5utJnPFHpEE+xeF/gv+vzIxrW7E/7JOE6bdIxAeGe37oFoIYpuvp9cwAYX9BcPnq56EkaYpi3G0MnGwHe0jHvGhupRwOC5g==~-1~||0||~-1
.hdi.com.br/ Name: ak_bmsc
Value: 8E7CFCEAF76D23B041BC14FFEEF9AE56~000000000000000000000000000000~YAAQips+F7UXYNmSAQAAXEdsARltelrd2lm2a2mpAQOe8wM4sG8EPAht6xM8/hhKxSYl+SoTviR+/hGyzvlTQhFsMTiV49HsaiBjRbuND3ahi1G31kMw8VmmyE/exTONnOWlh/7Jawwbnf1s4bmosDza8Rx3IzeKiPn9LQ0f5VvfwSMUuDp/cF8AYbnOCBIhZJF4MIjsC8IPm+ncdNeCsUusmyh8n2Zh8RFTn78yPZ8F7WhWsr5XGOoQvtzQRWPpfrdUXHLoqfVCDcJLy+P8TgLa4PRsxiAq88kshi0x0WGFjOGCh3Z2oX30yDJtFTZWAx+Fk/HbUgVE+zAObI2b1Lv7OIQMmGU4u7kR8I+vVccGzmBS6f4EB6LT2CriDH9Y/iXjGC/Ms/IBRvP5xuFH8zIzBQqjQKTuxT7jsFDocTFc1Ghy8ivKVg==

4 Console Messages

Source Level URL
Text
security error URL: https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html(Line 17)
Message:
Refused to load the script 'https://s.go-mpulse.net/boomerang/M7FC8-SGXL5-H6296-BCH2T-C5JKS' because it violates the following Content Security Policy directive: "script-src-elem 'self' 'unsafe-inline' https://*.adtrafficquality.google https://*.handtalk.me https://*.ckeditor.com https://jsuites.net https://*.doubleclick.net https://*.tiktok.com https://cdn.jsdelivr.net https://*.hotjar.com https://gc.kis.v2.scr.kaspersky-labs.com https://*.goadopt.io https://*.hdiseguros.com.br https://*.hdi.com.br https://axa.saas.ca.com https://checkoutshopper-live.adyen.com https://maxcdn.bootstrapcdn.com https://tpc.googlesyndication.com https://ib.adnxs.com https://*.google.com.br https://*.google.com https://partner.googleadservices.com https://*.tradelab.fr https://maps.googleapis.com https://unpkg.com https://tracker.metricool.com https://snap.licdn.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com https://cdn.mouseflow.com https://*.santanderauto.com.br https://*.hdiseguros.com.br https://code.jquery.com https://script.crazyegg.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://connect.facebook.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com".
security error URL: https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html(Line 17)
Message:
Refused to load the script 'https://s.go-mpulse.net/boomerang/M7FC8-SGXL5-H6296-BCH2T-C5JKS' because it violates the following Content Security Policy directive: "script-src-elem 'self' 'unsafe-inline' https://*.adtrafficquality.google https://*.handtalk.me https://*.ckeditor.com https://jsuites.net https://*.doubleclick.net https://*.tiktok.com https://cdn.jsdelivr.net https://*.hotjar.com https://gc.kis.v2.scr.kaspersky-labs.com https://*.goadopt.io https://*.hdiseguros.com.br https://*.hdi.com.br https://axa.saas.ca.com https://checkoutshopper-live.adyen.com https://maxcdn.bootstrapcdn.com https://tpc.googlesyndication.com https://ib.adnxs.com https://*.google.com.br https://*.google.com https://partner.googleadservices.com https://*.tradelab.fr https://maps.googleapis.com https://unpkg.com https://tracker.metricool.com https://snap.licdn.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com https://cdn.mouseflow.com https://*.santanderauto.com.br https://*.hdiseguros.com.br https://code.jquery.com https://script.crazyegg.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://connect.facebook.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com".
rendering warning URL: https://corretorjs.hdi.com.br/webtxt/hotsite/flash.html
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0201D005C340000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network error URL: https://corretorjs.hdi.com.br/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://*.jquery.com https://*.hdiseguros.com.br https://connect.facebook.net https://*.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.adtrafficquality.google https://*.handtalk.me https://*.ckeditor.com https://jsuites.net https://*.doubleclick.net https://*.tiktok.com https://cdn.jsdelivr.net https://*.hotjar.com https://gc.kis.v2.scr.kaspersky-labs.com https://*.goadopt.io https://*.hdiseguros.com.br https://*.hdi.com.br https://axa.saas.ca.com https://checkoutshopper-live.adyen.com https://maxcdn.bootstrapcdn.com https://tpc.googlesyndication.com https://ib.adnxs.com https://*.google.com.br https://*.google.com https://partner.googleadservices.com https://*.tradelab.fr https://maps.googleapis.com https://unpkg.com https://tracker.metricool.com https://snap.licdn.com https://pagead2.googlesyndication.com https://cdnjs.cloudflare.com https://cdn.mouseflow.com https://*.santanderauto.com.br https://*.hdiseguros.com.br https://code.jquery.com https://script.crazyegg.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://connect.facebook.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; style-src-elem 'self' 'unsafe-inline' https://*.jsdelivr.net https://www.gstatic.com https://checkoutshopper-live.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://*.jquery.com https://fonts.googleapis.com https://use.fontawesome.com https://checkoutshopper-live; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://assets; img-src 'self' blob: https://*.handtalk.me http://*.santanderauto.com.br https://*.santanderauto.com.br https://*.adnxs.com https://*.facebook.com https://tr.audio.ad https://*.linkedin.com https://*.googleapis.com https://*.qualtrics.com https://*.adyen.com https://*.hdiseguros.com.br https://*.hdi.com.br https://maps.googleapis.com https://maps.gstatic.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://*.google.com https://*.google.com.br https://its.tradelab.fr https://secure.adnxs.com https://tracker.metricool.com https://pagead2.googlesyndication.com data:; connect-src 'self' wss: ws: https://*.handtalk.me https://*.amazonaws.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.hotjar.io https://*.tiktok.com https://*.linkedin.com http://*.hdi.com.br https://*.google.com https://*.hotjar.com https://*.microsoftonline.com https://*.oribi.io https://*.goadopt.io https://pagead2.googlesyndication.com https://maps.googleapis.com https://stats.g.doubleclick.net/ https://*.santanderauto.com.br https://siteintercept.qualtrics.com https://www.google-analytics.com https://*.crazyegg.com https://*.hdi.com.br https://*.hdiseguros.com.br https://*.hdiglobalbrasil.com.br; worker-src 'self' blob: https://*.hdi.com.br https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br; frame-src https://*.handtalk.me https://*.doubleclick.net https://hdibrazil.az1.qualtrics.com https://checkoutshopper-live.adye https://*.powerbi.com https://*.adyen.com https://tpc.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://*.hdi.com.br http://*.hdi.com.br https://*.youtube.com https://*.santanderauto.com.br https://*.hdiglobalbrasil.com.br https://*.hdiseguros.com.br http://*.hdiseguros.com.br
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block