https://go.roche.com/redirect?shortlinkParams=RSS

Scan ID:
4f69650b-652a-40a0-ad42-89e423056f93Finished
Submitted URL:
https://go.roche.com/RSSRedirected
Report Finished:

Risks · 0 found

Copy link

Practices that may pose security risks

  • No classification

Security Headers · 3 found

Copy link

HTTP response headers that can harden the security of a web application

Learn more...
NameValueSupportInfo
Strict-Transport-Security—GoodDeclare that a website is only accessible over a secure connection (HTTPS).

Click to learn more...
X-Frame-OptionsDENYGoodIndicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>.

Click to learn more...
X-Content-Type-OptionsnosniffGoodIndicate that the MIME types advertised in the Content-Type headers should be followed and not be changed.

Click to learn more...
Content-Security-Policy—GoodControl resources the user agent is allowed to load for a given page.

Click to learn more...
Referrer-Policy—GoodControl how much referrer information should be included with requests.

Click to learn more...
Clear-Site-Data—GoodControl the data stored by a client browser for their origins.

Click to learn more...
X-Permitted-Cross-Domain-Policies—GoodControl whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains.

Click to learn more...
Permissions-Policy—NewAllow and deny the use of browser features in a document or iframe.

Click to learn more...
Cross-Origin-Embedder-Policy—NewConfigure embedding cross-origin resources into the document.

Click to learn more...
Cross-Origin-Opener-Policy—NewEnsure a top-level document does not share a browsing context group with cross-origin documents.

Click to learn more...
Cross-Origin-Resource-Policy—NewRequest that the browser blocks no-cors cross-origin/cross-site requests to the given resource.

Click to learn more...
X-XSS-Protection1; mode=blockDeprecatedDeprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

Click to learn more...
Feature-Policy—DeprecatedDeprecated. Replaced by the Permissions-Policy header.

Click to learn more...
Expect-CT—DeprecatedDeprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements.

Click to learn more...
Public-Key-Pins—DeprecatedDeprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.

Click to learn more...

Security Violations · 7 found

Copy link

Requests or resources offending security policies

ViolationTypeInfo
Resource
https://go.roche.com/redirect?shortlinkParams=RSS
Description
[Report Only] Refused to load the script 'https://accounts.google.com/gsi/client' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
Content Security PolicyControls resources the user agent is allowed to load for a given page.

Click to learn more...
Resource
https://go.roche.com/app/login?shortlinkParams=RSS
Description
Mixed Content: The page at 'https://go.roche.com/app/login?shortlinkParams=RSS' was loaded over HTTPS, but requested an insecure font 'http://go.roche.com/app/error?errorCode=SHORTLINK_NOT_FOUND&shortlink=assets'. This request has been blocked; the content must be served over HTTPS.
Mixed ContentBlocks unencrypted content from loading in an encrypted page.

Click to learn more...
Resource
https://go.roche.com/app/login?shortlinkParams=RSS
Description
Mixed Content: The page at 'https://go.roche.com/app/login?shortlinkParams=RSS' was loaded over HTTPS, but requested an insecure font 'http://go.roche.com/app/error?errorCode=SHORTLINK_NOT_FOUND&shortlink=assets'. This request has been blocked; the content must be served over HTTPS.
Mixed ContentBlocks unencrypted content from loading in an encrypted page.

Click to learn more...
Resource
https://go.roche.com/app/login?shortlinkParams=RSS
Description
Mixed Content: The page at 'https://go.roche.com/app/login?shortlinkParams=RSS' was loaded over HTTPS, but requested an insecure font 'http://go.roche.com/app/error?errorCode=SHORTLINK_NOT_FOUND&shortlink=assets'. This request has been blocked; the content must be served over HTTPS.
Mixed ContentBlocks unencrypted content from loading in an encrypted page.

Click to learn more...
Resource
https://go.roche.com/app/login?shortlinkParams=RSS
Description
Mixed Content: The page at 'https://go.roche.com/app/login?shortlinkParams=RSS' was loaded over HTTPS, but requested an insecure font 'http://go.roche.com/app/error?errorCode=SHORTLINK_NOT_FOUND&shortlink=assets'. This request has been blocked; the content must be served over HTTPS.
Mixed ContentBlocks unencrypted content from loading in an encrypted page.

Click to learn more...
Resource
https://go.roche.com/app/login?shortlinkParams=RSS
Description
Mixed Content: The page at 'https://go.roche.com/app/login?shortlinkParams=RSS' was loaded over HTTPS, but requested an insecure font 'http://go.roche.com/app/error?errorCode=SHORTLINK_NOT_FOUND&shortlink=assets'. This request has been blocked; the content must be served over HTTPS.
Mixed ContentBlocks unencrypted content from loading in an encrypted page.

Click to learn more...
Resource
https://go.roche.com/app/login?shortlinkParams=RSS
Description
Mixed Content: The page at 'https://go.roche.com/app/login?shortlinkParams=RSS' was loaded over HTTPS, but requested an insecure font 'http://go.roche.com/app/error?errorCode=SHORTLINK_NOT_FOUND&shortlink=assets'. This request has been blocked; the content must be served over HTTPS.
Mixed ContentBlocks unencrypted content from loading in an encrypted page.

Click to learn more...

Certificates · 3 found

Copy link

SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification

SubjectIssue dateExpiry date
go.roche.com
accounts.google.com
use.fontawesome.com