- Scan ID:
- 6aefefc9-b4f4-4644-95bd-2ba2e9bba464Finished
- Submitted URL:
- https://orange.skRedirected
- Report Finished:
Risks · 0 found
Practices that may pose security risks
Security Headers · 4 found
HTTP response headers that can harden the security of a web application
Learn more...| Name | Value | Support | Info |
|---|---|---|---|
| Strict-Transport-Security | max-age=31536000; includeSubDomains | Good | Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more... |
| X-Frame-Options | — | Good | Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more... |
| X-Content-Type-Options | nosniff | Good | Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more... |
| Content-Security-Policy | default-src 'self'; connect-src 'self' https://adalytics.adastra.digital https://adalytics.instarea.com https://api.adalytics.adastra.digital https://sdk-tracing.exponea.com https://*.ocp.orange.sk https://google.com https://maps.googleapis.com https://translate.googleapis.com https://onesignal.com https://sc-static.net https://analytics.algolia.com https://8gcm8o9vsa-1.algolianet.com https://8gcm8o9vsa-2.algolianet.com https://8gcm8o9vsa-3.algolianet.com https://8gcm8o9vsa-dsn.algolianet.com https://8gcm8o9vsa-dsn.algolia.net https://uq5v1rcrhz-1.algolianet.com https://uq5v1rcrhz-2.algolianet.com https://uq5v1rcrhz-3.algolianet.com https://uq5v1rcrhz-dsn.algolianet.com https://uq5v1rcrhz-dsn.algolia.net https://t8aek1p630-1.algolianet.com https://t8aek1p630-2.algolianet.com https://t8aek1p630-3.algolianet.com https://t8aek1p630-dsn.algolianet.com https://t8aek1p630-dsn.algolia.net https://*.orange.sk wss://www.orange.sk https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net https://api.privacy-center.org https://t.leady.com https://translate.googleapis.com https://webchat.orange.sk https://*.snapchat.com https://region1.google-analytics.com https://region1.analytics.google.com https://orange-p.containers.piwik.pro https://orange-p.piwik.pro https://logws1364.ati-host.net https://*.livecall.io wss://signalling.livecall.io https://*.itdesk.eu https://*.callback24.io *.crazyegg.com; font-src 'self' data: https://script.hotjar.com https://cdn.exponea.com https://cdn.instarea.com https://www.cloudfront.net https://*.orange.sk; child-src 'self' blob: https://*.ocp.orange.sk https://onesignal.com https://vars.hotjar.com https://www.google.com https://www.googletagmanager.com https://www.creativecdn.com https://creativecdn.com https://www.youtube.com https://www.facebook.com https://www.doubleclick.net https://www.buzzsprout.com https://*.orange.sk https://*.snapchat.com https://vimeo.com https://w.soundcloud.com https://10814970.fls.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com; img-src 'self' data: https://lh3.ggpht.com https://cdn.exponea.com https://cdn.instarea.com https://img.onesignal.com https://video.orange.sk https://maps.gstatic.com https://maps.googleapis.com https://google.com https://www.google.com https://www.google-analytics.com https://www.scorecardresearch.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.sk https://img.youtube.com https://www.google.com https://www.facebook.com https://www.gstatic.com https://www.googleapis.com https://www.googletagmanager.com https://translate.googleapis.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://*.snapchat.com https://secure.adnxs.com https://translate.google.com https://translate.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://sk-gmtdmp.mookie1.com https://www.linkedin.com https://px.ads.linkedin.com https://orange-p.containers.piwik.pro https://orange-p.piwik.pro https://assets.livecall.io https://panel.callback24.io *.crazyegg.com https://ad.doubleclick.net https://bat.bing.com https://*.adnxs.com https://*.ocp.orange.sk https://*.orange.sk; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com https://cdn.onesignal.com https://analytics.tiktok.com https://s2.adform.net https://track.adform.net https://api.adalytics.adastra.digital https://cdn.exponea.com https://cdn.instarea.com https://www.googleadservices.com https://*.ocp.orange.sk https://www.buzzsprout.com https://video.orange.sk https://www.algolia.net https://www.algolianet.com https://www.adform.net https://maps.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.scorecardresearch.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.facebook.net https://static.hotjar.com https://script.hotjar.com https://www.google.com https://translate.google.com https://*.arcgisonline.com https://api.adalytics.adastra.digital https://www.onesignal.com https://onesignal.com https://sc-static.net https://sdk.privacy-center.org https://t.leady.com https://translate-pa.googleapis.com https://sk.search.etargetnet.com https://snap.licdn.com https://orange-p.piwik.pro https://tag.aticdn.net https://*.livecall.io https://panel.callback24.io https://*.itdesk.eu https://cdnjs.cloudflare.com https://tpc.googlesyndication.com https://bat.bing.com *.crazyegg.com https://*.snapchat.com https://acdn.adnxs.com https://*.orange.sk; style-src 'unsafe-inline' 'self' https://cdn.exponea.com https://cdn.instarea.com https://onesignal.com https://*.orange.sk https://www.google.com https://translate.googleapis.com https://assets.livecall.io https://panel.callback24.io https://static.hotjar.com https://script.hotjar.com *.crazyegg.com https://*.arcgisonline.com; media-src blob: https://assets.livecall.io https://*.orange.sk https://www.orange.sk; object-src 'self'; report-uri https://www.orange.sk/scp-report; | Good | Control resources the user agent is allowed to load for a given page. Click to learn more... |
| Referrer-Policy | — | Good | Control how much referrer information should be included with requests. Click to learn more... |
| Clear-Site-Data | — | Good | Control the data stored by a client browser for their origins. Click to learn more... |
| X-Permitted-Cross-Domain-Policies | — | Good | Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more... |
| Permissions-Policy | — | New | Allow and deny the use of browser features in a document or iframe. Click to learn more... |
| Cross-Origin-Embedder-Policy | — | New | Configure embedding cross-origin resources into the document. Click to learn more... |
| Cross-Origin-Opener-Policy | — | New | Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more... |
| Cross-Origin-Resource-Policy | — | New | Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more... |
| X-XSS-Protection | 1; mode=block | Deprecated | Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more... |
| Feature-Policy | — | Deprecated | Deprecated. Replaced by the Permissions-Policy header. Click to learn more... |
| Expect-CT | — | Deprecated | Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more... |
| Public-Key-Pins | — | Deprecated | Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more... |
Security Violations · 2 found
Requests or resources offending security policies
| Violation | Type | Info |
|---|---|---|
| Content Security Policy | Control resources the user agent is allowed to load for a given page. Click to learn more... |
| Content Security Policy | Control resources the user agent is allowed to load for a given page. Click to learn more... |
Certificates · 5 found
SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification
| Subject | Issue date | Expiry date |
|---|---|---|
| www.orange.sk | Aug 13, 2024, 00:00:00 | Aug 21, 2025, 23:59:59 |
| *.google-analytics.com | Sep 16, 2024, 08:55:43 | Dec 9, 2024, 08:55:42 |
| *.privacy-center.org | Mar 10, 2024, 00:00:00 | Apr 7, 2025, 23:59:59 |
| callback24.io | Aug 10, 2024, 11:02:43 | Nov 8, 2024, 11:02:42 |
| srv.callback24.io | Aug 25, 2024, 22:00:10 | Nov 23, 2024, 22:00:09 |