https://success.qualys.com/discussions/s/

Scan ID:: d63ff84b-3c6b-4329-9459-594af5ec9001Finished
Submitted URL:: https://success.qualys.com/Redirected
Report Finished:: Oct 25, 2024, 06:22:23

Risks · 0 found

Practices that may pose security risks

Security Headers · 5 found

HTTP response headers that can harden the security of a web application

Name	Value	Support	Info
Strict-Transport-Security	max-age=63072000; includeSubDomains	Good	Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more...
X-Frame-Options	ALLOWALL	Good	Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more...
X-Content-Type-Options	nosniff	Good	Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more...
Content-Security-Policy	upgrade-insecure-requests frame-ancestors *	Good	Control resources the user agent is allowed to load for a given page. Click to learn more...
Referrer-Policy	origin-when-cross-origin	Good	Control how much referrer information should be included with requests. Click to learn more...
Clear-Site-Data	—	Good	Control the data stored by a client browser for their origins. Click to learn more...
X-Permitted-Cross-Domain-Policies	—	Good	Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more...
Permissions-Policy	—	New	Allow and deny the use of browser features in a document or iframe. Click to learn more...
Cross-Origin-Embedder-Policy	—	New	Configure embedding cross-origin resources into the document. Click to learn more...
Cross-Origin-Opener-Policy	—	New	Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more...
Cross-Origin-Resource-Policy	—	New	Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more...
X-XSS-Protection	—	Deprecated	Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more...
Feature-Policy	—	Deprecated	Deprecated. Replaced by the Permissions-Policy header. Click to learn more...
Expect-CT	—	Deprecated	Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more...
Public-Key-Pins	—	Deprecated	Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more...

Security Violations · 8 found

Requests or resources offending security policies

Violation	Type	Info
Description Refused to load the script 'https://dev.visualwebsiteoptimizer.com/j.php?a=590650&u=https%3A%2F%2Fsuccess.qualys.com%2Fdiscussions%2Fs%2F&f=1&r=0.719139808773535' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://service.force.com/embeddedservice/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://payments.salesforce.com/ https://js.stripe.com/ https://www.paypal.com/sdk/js https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://pal-test.adyen.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com import: blob: https://uip.canary.lwc.dev https://community.qualys.com https://www.googletagmanager.com https://js.maxmind.com https://www.google-analytics.com https://snap.licdn.com https://munchkin.marketo.net https://api.ipify.org https://tagmanager.google.com https://www.gstatic.com https://ssl.gstatic.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net https://cdn.bizible.com https://797-eni-742.mktoutil.com https://cdnjs.cloudflare.com/ https://cdn.bizibly.com https://px.ads.linkedin.com https://community.qualys.com/ https://www.google.com https://j.6sc.co https://dev.visualwebsiteoptimizer.co https://px4.ads.linkedin.com https://stats.g.doubleclick.net https://www.googletagmanager.com/gtag/js https://cdn2.qualys.com https://cdn-cookieyes.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.	Content Security Policy	Control resources the user agent is allowed to load for a given page. Click to learn more...
Resource https://success.qualys.com/discussions/s/ Description Refused to load the image 'https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3605201&time=1729837360641&url=https%3A%2F%2Fsuccess.qualys.com%2Fdiscussions%2Fs%2F&e_ipv6=AQLvx1imALO_UgAAAZLCV2Z8iHNhHaCYPQPCseer2-uFcjQCUi9fUJyL5x9JWlvzORjdgoK5lmxrQbL7' because it violates the following Content Security Policy directive: "img-src 'self' data: blob: https://qualys.my.salesforce.com https://qualys.file.force.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://login.salesforce.com/icons/ https://payments.salesforce.com/icons/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://www.sandbox.paypal.com https://www.paypal.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://na247.salesforce.com/icons/ https://ik.imagekit.io https://www.qualys.com https://t3.ftcdn.net https://d1dejaj6dcqv24.cloudfront.net https://www.googletagmanager.com https://qualys--c.na90.visual.force.com https://cdnjs.cloudflare.com https://d1uyme8f6ss6qi.cloudfront.net https://dum21w3618van.cloudfront.net https://s3-us-west-1.amazonaws.com https://vimeo.com https://www.google-analytics.com https://px.ads.linkedin.com https://797-eni-742.mktoresp.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://geoip-js.com https://www.google.com https://www.google.co.in https://www.linkedin.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com https://lh3.googleusercontent.com https://rum-collector-2.pingdom.net https://cdn.bizible.com d1uyme8f6ss6qi.cloudfront.net https://public-api.wordpress.com blog.qualys.com https://content.instrumentation.getconga.com https://data.instrumentation.getconga.com https://composer.congamerge.com https://globalplatform.cloud.coveo.com https://cloudplatform.coveo.com https://platform.cloud.coveo.com https://fonts.gstatic.com https://fonts.googleapis.com https://usageanalytics.coveo.com *.qualys.com https://community.qualys.com https://qualys--c.na90.content.force.com https://cdn2.qualys.com https://cdn-cookieyes.com https://sumtotal-api-url.com".	Content Security Policy	Control resources the user agent is allowed to load for a given page. Click to learn more...
Resource https://success.qualys.com/components/o11y/client.js Description Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-3RJMG209BM&gtm=45je4al0v9101423851z86737890za200zb6737890&_p=1729837360029&gcs=G111&gcd=13t3t3l2l5l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823848&gdid=dY2Q2ZW&cid=2040033587.1729837363&ul=en-us&sr=1x1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1729837360&sct=1&seg=0&dl=https%3A%2F%2Fsuccess.qualys.com%2Fdiscussions%2Fs%2F&dt=Qualys%20Discussions&en=page_view&_fv=1&_ss=1&tfd=4725' because it violates the following Content Security Policy directive: "connect-src 'self' https://www.paypal.com https://www.sandbox.paypal.com https://qualys.my.salesforce-scrt.com https://fonts.googleapis.com/css2 https://payments.salesforce.com/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://www.googletagmanager.com https://cdnjs.cloudflare.com https://d1uyme8f6ss6qi.cloudfront.net https://dum21w3618van.cloudfront.net https://s3-us-west-1.amazonaws.com https://vimeo.com https://www.google-analytics.com https://px.ads.linkedin.com https://797-eni-742.mktoresp.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://geoip-js.com https://www.google.com https://www.google.co.in https://www.linkedin.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com https://lh3.googleusercontent.com https://rum-collector-2.pingdom.net d1uyme8f6ss6qi.cloudfront.net https://public-api.wordpress.com blog.qualys.com https://content.instrumentation.getconga.com https://data.instrumentation.getconga.com https://composer.congamerge.com https://globalplatform.cloud.coveo.com https://cloudplatform.coveo.com https://platform.cloud.coveo.com https://fonts.gstatic.com https://fonts.googleapis.com https://usageanalytics.coveo.com .qualys.com https://community.qualys.com https://.coveo.com https://cdn-cookieyes.com".	Content Security Policy	Control resources the user agent is allowed to load for a given page. Click to learn more...
Resource https://success.qualys.com/components/o11y/client.js Description Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-3RJMG209BM&gtm=45je4al0v9101423851z86737890za200zb6737890&_p=1729837360029&gcs=G111&gcd=13t3t3l2l5l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823848&gdid=dY2Q2ZW&cid=2040033587.1729837363&ul=en-us&sr=1x1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1729837360&sct=1&seg=0&dl=https%3A%2F%2Fsuccess.qualys.com%2Fdiscussions%2Fs%2F&dt=Qualys%20Discussions&en=page_view&_fv=1&_ss=1&tfd=4725' because it violates the document's Content Security Policy.	Content Security Policy	Control resources the user agent is allowed to load for a given page. Click to learn more...
Resource https://success.qualys.com/components/o11y/client.js Description Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-3RJMG209BM&gtm=45je4al0v9101423851za200zb6737890&_p=1729837360029&gcs=G111&gcd=13t3t3l2l5l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823848&gdid=dY2Q2ZW&cid=2040033587.1729837363&ul=en-us&sr=1x1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1729837360&sct=1&seg=0&dl=https%3A%2F%2Fsuccess.qualys.com%2Fdiscussions%2Fs%2F&dt=Qualys%20Discussions&en=scroll&epn.percent_scrolled=90&tfd=4746' because it violates the following Content Security Policy directive: "connect-src 'self' https://www.paypal.com https://www.sandbox.paypal.com https://qualys.my.salesforce-scrt.com https://fonts.googleapis.com/css2 https://payments.salesforce.com/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://www.googletagmanager.com https://cdnjs.cloudflare.com https://d1uyme8f6ss6qi.cloudfront.net https://dum21w3618van.cloudfront.net https://s3-us-west-1.amazonaws.com https://vimeo.com https://www.google-analytics.com https://px.ads.linkedin.com https://797-eni-742.mktoresp.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://geoip-js.com https://www.google.com https://www.google.co.in https://www.linkedin.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com https://lh3.googleusercontent.com https://rum-collector-2.pingdom.net d1uyme8f6ss6qi.cloudfront.net https://public-api.wordpress.com blog.qualys.com https://content.instrumentation.getconga.com https://data.instrumentation.getconga.com https://composer.congamerge.com https://globalplatform.cloud.coveo.com https://cloudplatform.coveo.com https://platform.cloud.coveo.com https://fonts.gstatic.com https://fonts.googleapis.com https://usageanalytics.coveo.com .qualys.com https://community.qualys.com https://.coveo.com https://cdn-cookieyes.com".	Content Security Policy	Control resources the user agent is allowed to load for a given page. Click to learn more...
Resource https://success.qualys.com/components/o11y/client.js Description Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-3RJMG209BM&gtm=45je4al0v9101423851za200zb6737890&_p=1729837360029&gcs=G111&gcd=13t3t3l2l5l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823848&gdid=dY2Q2ZW&cid=2040033587.1729837363&ul=en-us&sr=1x1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1729837360&sct=1&seg=0&dl=https%3A%2F%2Fsuccess.qualys.com%2Fdiscussions%2Fs%2F&dt=Qualys%20Discussions&en=scroll&epn.percent_scrolled=90&tfd=4746' because it violates the document's Content Security Policy.	Content Security Policy	Control resources the user agent is allowed to load for a given page. Click to learn more...
Resource https://success.qualys.com/components/o11y/client.js Description Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-3RJMG209BM&gtm=45je4al0v9101423851z86737890za200zb6737890&_p=1729837360029&gcs=G111&gcd=13t3t3l2l5l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823848&gdid=dY2Q2ZW&cid=2040033587.1729837363&ul=en-us&sr=1x1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&frm=0&pscdl=noapi&_s=3&sid=1729837360&sct=1&seg=0&dl=https%3A%2F%2Fsuccess.qualys.com%2Fdiscussions%2Fs%2F&dt=Qualys%20Discussions&en=GA%20update%20tracking%20preference%20when%20GeoIP%20loaded&tfd=9748' because it violates the following Content Security Policy directive: "connect-src 'self' https://www.paypal.com https://www.sandbox.paypal.com https://qualys.my.salesforce-scrt.com https://fonts.googleapis.com/css2 https://payments.salesforce.com/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://www.googletagmanager.com https://cdnjs.cloudflare.com https://d1uyme8f6ss6qi.cloudfront.net https://dum21w3618van.cloudfront.net https://s3-us-west-1.amazonaws.com https://vimeo.com https://www.google-analytics.com https://px.ads.linkedin.com https://797-eni-742.mktoresp.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://geoip-js.com https://www.google.com https://www.google.co.in https://www.linkedin.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com https://lh3.googleusercontent.com https://rum-collector-2.pingdom.net d1uyme8f6ss6qi.cloudfront.net https://public-api.wordpress.com blog.qualys.com https://content.instrumentation.getconga.com https://data.instrumentation.getconga.com https://composer.congamerge.com https://globalplatform.cloud.coveo.com https://cloudplatform.coveo.com https://platform.cloud.coveo.com https://fonts.gstatic.com https://fonts.googleapis.com https://usageanalytics.coveo.com .qualys.com https://community.qualys.com https://.coveo.com https://cdn-cookieyes.com".	Content Security Policy	Control resources the user agent is allowed to load for a given page. Click to learn more...
Resource https://success.qualys.com/components/o11y/client.js Description Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-3RJMG209BM&gtm=45je4al0v9101423851z86737890za200zb6737890&_p=1729837360029&gcs=G111&gcd=13t3t3l2l5l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101533421~101686685~101823848&gdid=dY2Q2ZW&cid=2040033587.1729837363&ul=en-us&sr=1x1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&frm=0&pscdl=noapi&_s=3&sid=1729837360&sct=1&seg=0&dl=https%3A%2F%2Fsuccess.qualys.com%2Fdiscussions%2Fs%2F&dt=Qualys%20Discussions&en=GA%20update%20tracking%20preference%20when%20GeoIP%20loaded&tfd=9748' because it violates the document's Content Security Policy.	Content Security Policy	Control resources the user agent is allowed to load for a given page. Click to learn more...

Certificates · 18 found

SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification

Subject	Issue date	Expiry date
success.qualys.com	Jun 24, 2024, 00:00:00	Jun 23, 2025, 23:59:59
cdnjs.cloudflare.com	Sep 28, 2024, 05:35:05	Dec 27, 2024, 05:35:04
cdn2.qualys.com	Aug 29, 2024, 00:00:00	Sep 28, 2025, 23:59:59
pingdom.net	Sep 12, 2024, 23:19:25	Dec 12, 2024, 00:19:21
*.google-analytics.com	Sep 30, 2024, 14:36:15	Dec 23, 2024, 14:36:14
www.google.com	Sep 30, 2024, 15:11:47	Dec 23, 2024, 15:11:46
*.gstatic.com	Sep 30, 2024, 15:09:59	Dec 23, 2024, 15:09:58
cdn-cookieyes.com	Sep 22, 2024, 10:46:46	Dec 21, 2024, 10:46:45
snap.licdn.com	Dec 13, 2023, 00:00:00	Dec 12, 2024, 23:59:59
*.marketo.net	Dec 8, 2023, 00:00:00	Dec 11, 2024, 23:59:59