https://meet.odro.co.uk/adeccocorporate/solointerview/664b604729f7232be61612ad/multi

Scan ID:: 39c83eaf-404b-4c40-86a3-4d601aaa1122Finished
Submitted URL:: https://odro.io/s/W3tk1Redirected
Report Finished:: Oct 25, 2024, 07:10:59

Risks · 0 found

Practices that may pose security risks

Security Headers · 2 found

HTTP response headers that can harden the security of a web application

Name	Value	Support	Info
Strict-Transport-Security	—	Good	Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more...
X-Frame-Options	—	Good	Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more...
X-Content-Type-Options	—	Good	Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more...
Content-Security-Policy	child-src 'self' blob: https://intercom-sheets.com https://www.intercom-reporting.com; connect-src 'self' https://.agora.io: https://.agoraio.cn https://.ataconnect.co.uk https://.bowers-uk.com https://.bubb.video https://.cdncontentdelivery.com https://.coltechtv.com https://.construction-recruitment.online https://.edison-talent.com https://.fulcrumvision.com https://.ganymedeconnect.co.uk https://.google-analytics.com https://.googletagmanager.com https://.gtresourcing.com https://.hmstaffinginterviews.co.uk https://.intercom.io https://.kaiyahub.io https://.konnexus.io https://.newresource-select.com https://.odro.co.uk https://.odrohub.co.uk https://.opentok.com https://.realview-realtime.jobs https://.recruit12portal.com https://.meetwithdd.com https://.secure-meet.com https://.tokbox.com https://sentry.io wss://.agora.io: wss://.agoraio.cn: wss://.ataconnect.co.uk wss://.cmvideo.app wss://.fulcrumvision.com wss://.ganymedeconnect.co.uk wss://.hmstaffinginterviews.co.uk wss://.intercom.io wss://.odro.co.uk wss://.recruit12portal.com wss://.secure-meet.com wss://.tokbox.com https://.s3.amazonaws.com https://.s3.ap-southeast-2.amazonaws.com https://.s3.eu-west-1.amazonaws.com https://.s3.us-east-1.amazonaws.com https://.s3.us-west-1.amazonaws.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://.au.intercom.io https://.eu.intercom.io https://.intercomcdn.com https://.intercomcdn.eu https://.au.intercomcdn.com https://.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://.gstatic.com https://.intercomcdn.com https://.jsdelivr.net https://.s3.eu-central-1.amazonaws.com https://tokbox.com https://.hotjar.com; frame-src* 'self' https://.google.com https://.stripe.com https://intercom-sheets.com https://.hotjar.com; img-src* 'self' blob: data: android-webview-video-poster: blob: data: https://.google-analytics.com https://.googletagmanager.com https://.gstatic.com https://.indeed.com https://.odro.co.uk https://.recruit12portal.com https://.s3.amazonaws.com https://.s3-ap-southeast-2.amazonaws.com https://.s3-eu-west-1.amazonaws.com https://.s3-us-east-1.amazonaws.com https://.s3-us-west-1.amazonaws.com https://.s3.ap-southeast-2.amazonaws.com https://.s3.eu-west-1.amazonaws.com https://.s3.us-east-1.amazonaws.com https://.s3.us-west-1.amazonaws.com https://i.postimg.cc wss://.odro.co.uk wss://.recruit12portal.com https://.hotjar.com https://.intercomassets.com https://.intercomcdn.com https://.intercomcdn.eu https://.au.intercomcdn.com https://.intercomusercontent.com https://.intercomcdn.com https://.intercom.io https://.intercomassets.eu https://.au.intercomassets.com https://.eu.intercom.io https://.au.intercom.io https://.intercom-attachments.eu https://.intercom-attachments.com https://.au.intercom-attachments.com https://.intercom-attachments-1.com https://.intercom-attachments-2.com https://.intercom-attachments-3.com https://.intercom-attachments-4.com https://.intercom-attachments-5.com https://.intercom-attachments-6.com https://.intercom-attachments-7.com https://.intercom-attachments-8.com https://.intercom-attachments-9.com; manifest-src* 'self'; media-src 'self' blob: https://.intercomcdn.com https://.s3-eu-west-1.amazonaws.com https://.s3.amazonaws.com https://.s3.ap-southeast-2.amazonaws.com https://.s3.eu-west-1.amazonaws.com https://.s3.us-east-1.amazonaws.com https://.s3.us-west-1.amazonaws.com; object-src* 'self'; prefetch-src 'self' https://.googletagmanager.com; script-src* 'self' 'unsafe-eval' 'unsafe-inline' asset: https://.biilut.com https://.google-analytics.com https://.google.com https://.googletagmanager.com https://.gstatic.com https://.intercom.io https://.intercomcdn.com https://.opentok.com https://.sentry-cdn.com https://.stripe.com https://ipinfo.io wss://.intercom.io https://.hotjar.com; style-src 'self' 'unsafe-inline' https://.fonts.com https://.googleapis.com https://.jsdelivr.net https://tokbox.com https://.hotjar.com; worker-src 'self' blob:	Good	Control resources the user agent is allowed to load for a given page. Click to learn more...
Referrer-Policy	strict-origin-when-cross-origin	Good	Control how much referrer information should be included with requests. Click to learn more...
Clear-Site-Data	—	Good	Control the data stored by a client browser for their origins. Click to learn more...
X-Permitted-Cross-Domain-Policies	—	Good	Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more...
Permissions-Policy	—	New	Allow and deny the use of browser features in a document or iframe. Click to learn more...
Cross-Origin-Embedder-Policy	—	New	Configure embedding cross-origin resources into the document. Click to learn more...
Cross-Origin-Opener-Policy	—	New	Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more...
Cross-Origin-Resource-Policy	—	New	Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more...
X-XSS-Protection	—	Deprecated	Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more...
Feature-Policy	—	Deprecated	Deprecated. Replaced by the Permissions-Policy header. Click to learn more...
Expect-CT	—	Deprecated	Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more...
Public-Key-Pins	—	Deprecated	Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more...

Security Violations · 1 found

Requests or resources offending security policies

Violation	Type	Info
Resource https://meet.odro.co.uk/adeccocorporate/solointerview/664b604729f7232be61612ad/multi Description Failed to find a valid digest in the 'integrity' attribute for resource 'https://www.googletagmanager.com/gtag/js?id=UA-150519899-2' with computed SHA-256 integrity 'xMMImxT9/WdmhyE00cvRLQIlJTZhAjvt61QOj1XCmSU='. The resource has been blocked.	Subresource Integrity	Enables browsers to verify that resources fetched are not manipulated. Click to learn more...

Certificates · 9 found

SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification

Subject	Issue date	Expiry date
*.odro.co.uk	Jan 23, 2024, 00:00:00	Feb 20, 2025, 23:59:59
upload.video.google.com	Sep 30, 2024, 15:09:59	Dec 23, 2024, 15:09:58
*.sentry-cdn.com	Jun 4, 2024, 18:46:04	Jul 6, 2025, 18:46:03
*.s3-eu-west-1.amazonaws.com	Jun 22, 2024, 00:00:00	May 28, 2025, 23:59:59
*.tokbox.com	Oct 16, 2024, 00:00:00	Nov 15, 2025, 23:59:59
*.google-analytics.com	Sep 30, 2024, 14:36:15	Dec 23, 2024, 14:36:14
fonts.com	Sep 25, 2024, 23:26:48	Dec 24, 2024, 23:26:47
*.hotjar.com	May 22, 2024, 00:00:00	Jun 20, 2025, 23:59:59
*.hotjar.io	Feb 7, 2024, 00:00:00	Mar 8, 2025, 23:59:59