https://zurichau.my.site.com/s/login/?ec=302&startURL=%2Fs%2F

Scan ID:
2c695984-b051-4b1f-a4bf-e889b23cb1e7Finished
Submitted URL:
https://zurichau.my.site.com/Redirected
Report Finished:

Risks · 0 found

Practices that may pose security risks

  • No classification

Security Headers · 3 found

HTTP response headers that can harden the security of a web application

Learn more...
NameValueSupportInfo
Strict-Transport-Securitymax-age=63072000; includeSubDomainsGoodDeclare that a website is only accessible over a secure connection (HTTPS).

Click to learn more...
X-Frame-OptionsSAMEORIGINGoodIndicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>.

Click to learn more...
X-Content-Type-Options—GoodIndicate that the MIME types advertised in the Content-Type headers should be followed and not be changed.

Click to learn more...
Content-Security-Policyupgrade-insecure-requests frame-ancestors 'self'GoodControl resources the user agent is allowed to load for a given page.

Click to learn more...
Referrer-Policy—GoodControl how much referrer information should be included with requests.

Click to learn more...
Clear-Site-Data—GoodControl the data stored by a client browser for their origins.

Click to learn more...
X-Permitted-Cross-Domain-Policies—GoodControl whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains.

Click to learn more...
Permissions-Policy—NewAllow and deny the use of browser features in a document or iframe.

Click to learn more...
Cross-Origin-Embedder-Policy—NewConfigure embedding cross-origin resources into the document.

Click to learn more...
Cross-Origin-Opener-Policy—NewEnsure a top-level document does not share a browsing context group with cross-origin documents.

Click to learn more...
Cross-Origin-Resource-Policy—NewRequest that the browser blocks no-cors cross-origin/cross-site requests to the given resource.

Click to learn more...
X-XSS-Protection—DeprecatedDeprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

Click to learn more...
Feature-Policy—DeprecatedDeprecated. Replaced by the Permissions-Policy header.

Click to learn more...
Expect-CT—DeprecatedDeprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements.

Click to learn more...
Public-Key-Pins—DeprecatedDeprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.

Click to learn more...

Security Violations · 2 found

Requests or resources offending security policies

ViolationTypeInfo
Resource
https://zurichau.my.site.com/s/login/?ec=302&startURL=%2Fs%2F
Description
Refused to load the image 'https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1993028&time=1729554152763&url=https%3A%2F%2Fzurichau.my.site.com%2Fs%2Flogin%2F%3Fec%3D302%26startURL%3D%252Fs%252F' because it violates the following Content Security Policy directive: "img-src 'self' data: blob: https://zurichau.my.salesforce.com https://zurichau.file.force.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://login.salesforce.com/icons/ https://payments.salesforce.com/icons/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://www.sandbox.paypal.com https://www.paypal.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://aus90.sfdc-vwfla6.salesforce.com/icons/ https://www.google-analytics.com https://stats.g.doubleclick.net https://rapi.walkme.com https://tagmanager.google.com https://ssl.gstatic.com https://*.marketo.com https://061-qid-567.mktoresp.com https://www.google.com www.google.com.au https://sjrtp7-cdn.marketo.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://munchkin.marketo.net https://sjrtp7.marketo.com https://rtp-static.marketo.com https://www.googletagmanager.com https://zoneeducation.com.au https://zurichau--zonedev--c.cs6.visual.force.com https://gateway.on24.com https://qafederation.on24.com https://www.on24.com https://www-stg.zoneeducation.com.au http://www-stg.zoneeducation.com.au https://www.zoneeducation.com.au https://federation.on24.com https://uat2-zurichau.cs6.force.com https://ajax.googleapis.com https://event.on24.com https://hooshmarketing.com https://rapi.getjaco.com https://zurichau.my.site.com https://customcheckout.bambora.com.au https://customcheckout-uat.bambora.net.au https://cdn.na.bambora.com https://www.ippayments.com.au https://d2qhvajt3imc89.cloudfront.net https://use.fontawesome.com https://s3-us-west-1.amazonaws.com https://analytics.walkme.com https://api.walkme.com https://cdn.walkme.com https://dap.walkme.com https://ec.walkme.com https://editor.walkme.com https://editorsite.walkme.com https://insights.walkme.com https://insights2.walkme.com https://papi.walkme.com https://playerserver.walkme.com https://www.zurich.com.au https://techsee.me https://zurprod.techsee.me https://self.techsee.me https://self1.techsee.me https://zurprod-api.techsee.me https://zurprod.sf-na.techsee.me https://zurprod.sf-na.desktop.show https://{imagebaseurl}.techsee.me https://media-zurprod.cdn-us.techsee.me https://maps.a.forceusercontent.com https://{recordingbaseurl}.techsee.me https://rec.techsee.me https://media-subdomain.cdn.techsee.me *.walkme.com https://resources.digital-cloud.medallia.com https://app.powerbi.com https://*.google-analytics.com http://image.notifications.zurich.com.au https://zds.zurich.com https://cdn.jsdelivr.net https://zurichau.force.com".
Content Security PolicyControl resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://snap.licdn.com/li.lms-analytics/insight.min.js
Description
Refused to connect to 'https://px.ads.linkedin.com/wa/' because it violates the following Content Security Policy directive: "connect-src 'self' https://www.paypal.com https://www.sandbox.paypal.com https://zurichau.my.salesforce-scrt.com https://fonts.googleapis.com/css2 https://payments.salesforce.com/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://o11y.sfproxy-core1.sfdc-vwfla6.svc.sfdcfc.net/ui-telemetry https://www.google-analytics.com https://stats.g.doubleclick.net https://rapi.walkme.com https://tagmanager.google.com https://ssl.gstatic.com https://*.marketo.com https://061-qid-567.mktoresp.com https://www.google.com www.google.com.au https://sjrtp7-cdn.marketo.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://munchkin.marketo.net https://sjrtp7.marketo.com https://rtp-static.marketo.com https://www.googletagmanager.com https://zoneeducation.com.au https://zurichau--zonedev--c.cs6.visual.force.com https://gateway.on24.com https://qafederation.on24.com https://www.on24.com https://www-stg.zoneeducation.com.au http://www-stg.zoneeducation.com.au https://www.zoneeducation.com.au https://federation.on24.com https://uat2-zurichau.cs6.force.com https://ajax.googleapis.com https://event.on24.com https://hooshmarketing.com https://rapi.getjaco.com https://zurichau.my.site.com https://customcheckout.bambora.com.au https://customcheckout-uat.bambora.net.au https://cdn.na.bambora.com https://www.ippayments.com.au https://d2qhvajt3imc89.cloudfront.net https://use.fontawesome.com https://s3-us-west-1.amazonaws.com https://analytics.walkme.com https://api.walkme.com https://cdn.walkme.com https://dap.walkme.com https://ec.walkme.com https://editor.walkme.com https://editorsite.walkme.com https://insights.walkme.com https://insights2.walkme.com https://papi.walkme.com https://playerserver.walkme.com https://www.zurich.com.au *.walkme.com https://resources.digital-cloud.medallia.com https://*.google-analytics.com https://zds.zurich.com https://cdn.jsdelivr.net https://zurichau.force.com".
Content Security PolicyControl resources the user agent is allowed to load for a given page.

Click to learn more...

Certificates · 6 found

SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification

SubjectIssue dateExpiry date
prod.cdn.salesforce-experience.comMar 6, 2024, 00:00:00Mar 4, 2025, 23:59:59
bootstrapcdn.comSep 20, 2024, 01:25:04Dec 19, 2024, 01:25:03
walkme.comDec 4, 2023, 00:00:00Dec 3, 2024, 23:59:59
*.google-analytics.comSep 30, 2024, 14:36:15Dec 23, 2024, 14:36:14
snap.licdn.comDec 13, 2023, 00:00:00Dec 12, 2024, 23:59:59
www.zurich.com.auJan 24, 2024, 00:00:00Feb 23, 2025, 23:59:59