- Scan ID:
- fab3a6f6-adb4-402e-ae18-719271a3ea10Finished
- Submitted URL:
- https://rotterdam.nl/Redirected
- Report Finished:
Risks · 0 found
Practices that may pose security risks
Security Headers · 6 found
HTTP response headers that can harden the security of a web application
Learn more...Name | Value | Support | Info |
---|---|---|---|
Strict-Transport-Security | max-age=31536000 | Good | Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more... |
X-Frame-Options | SAMEORIGIN | Good | Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more... |
X-Content-Type-Options | nosniff | Good | Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more... |
Content-Security-Policy | frame-ancestors 'self' https://backend-dvg.rotterdam.nl *.platform.sh *.rotterdam.hosted-temp.com *.rotterdam.nl https://rotterdam.ddev.site *.expoints.nl/ https://gemeenterotterdam1.expoints.nl; default-src 'self' https://backend-dvg.rotterdam.nl *.platform.sh *.rotterdam.hosted-temp.com scribit-pro-hosting.storage.googleapis.com *.readspeaker.com *.expoints.nl/; img-src 'self' data: https://backend-dvg.rotterdam.nl https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://test.virtuele-gemeente-assistent.nl https://mijn.test.virtuele-gemeente-assistent.nl https://www.toegankelijkheidsverklaring.nl https://www.instagram.com *.readspeaker.com https://syndication.twitter.com https://6006165.global.siteimproveanalytics.io *.siteimproveanalytics.io *.expoints.nl/; connect-src 'self' https://backend-dvg.rotterdam.nl https://test.virtuele-gemeente-assistent.nl wss: ws: https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl wss://test.virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl api.scribit.pro *.readspeaker.com https://open.spotify.com/ https://soundcloud.com/ https://www.iheart.com/ https://api.deepl.com/v2/translate https://gemeenterotterdam1.expoints.nl https://*.expoints.nl; font-src 'self' data: *.readspeaker.com *.ionicframework.com https://gemeenterotterdam1.expoints.nl https://*.expoints.nl; frame-src 'self' https://backend-dvg.rotterdam.nl https://sts.rotterdam.nl https://sts.rotterdam.nl https://gemeenteraad.rotterdam.nl sdk.companywebcast.com https://www.instagram.com https://*.issuu.com/ https://kaartlaag.rotterdam.nl *.youtube-nocookie.com *.vimeo.com https://open.spotify.com/ https://w.soundcloud.com/ https://www.iheart.com/ *.readspeaker.com https://syndication.twitter.com https://platform.twitter.com https://*.expoints.nl https://kentekencheck.opwegnaarzes.nl; media-src 'self' *.readspeaker.com; child-src 'self' https://sts.rotterdam.nl https://sts.rotterdam.nl blob: *.youtube-nocookie.com *.vimeo.com https://kentekencheck.opwegnaarzes.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://backend-dvg.rotterdam.nl *.platform.sh *.rotterdam.hosted-temp.com *.rotterdam.nl https://test.virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://virtuele-gemeente-assistent.nl https://www.instagram.com *.scribit.pro www.youtube.com *.readspeaker.com https://platform.twitter.com https://siteimproveanalytics.com/js/siteanalyze_6006165.js https://platform.instagram.com/en_US/embeds.js https://gemeenterotterdam1.expoints.nl https://*.expoints.nl; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://backend-dvg.rotterdam.nl *.platform.sh *.rotterdam.hosted-temp.com *.rotterdam.nl https://mijn.test.virtuele-gemeente-assistent.nl https://test.virtuele-gemeente-assistent.nl https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl *.readspeaker.com https://gemeenterotterdam1.expoints.nl https://*.expoints.nl; style-src-attr 'unsafe-hashes' 'sha256-AF+AAZ9Z3mmKmwFbsDCVEPWGt4PySG8V/PpVNVjxb7o=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-KpSV7LuPYEu58+3u9LJr9v5Drm0uIKEv0h3u/+NVNm8=' 'sha256-8ilcya6PJ2mDcuNFfcZaaOL85o/T7b8cPlsalzaJVOs=' 'sha256-B0sREGwikShC0TA+wCLpD2QdDs7Vy9DLG5cPvTs5IMs=' 'sha256-sYkIODYA//1iY7apXtEv7hNGrtmrXBZmwaFZXFXwSsY=' 'sha256-NaWwnJevOrXydjfjT5eD6vnm2WLvJ7KP0dgSFSYKB5E=' 'sha256-tdB3YxIFeeJqr15OAav25tSJ0jbfU0q9ZZLH/xvb2fI=' 'sha256-FFltmHwlADhUUYXpvgRFf4b2XDafcpXpK6a1Her3XFo=' 'sha256-dMefF46gjIdjjnuydP6Nr7gaWbMNzFCuKLQDzFCj3q0=' 'sha256-mO93q4arg7Xz1Iq05lBuCfzcjH/7HiLQQiCBh6k8uDQ=' 'sha256-wUayk64gTwRA2mCqIET4wdFPL0If6hWLQdga4fFS4vo=' 'sha256-psFse5qnRHGZKcguuRInwkIEE+KAbKYXLcZN8oBR6So=' 'sha256-bWFcIHUkv3S/q++XC09SmQ2JDZLOeqduIJ4Fh3j6py8=' 'sha256-l6khRnjaVBZm7Z9S5+A/4ZrRnU7hBbTAGeVNTXpAbwU=' 'sha256-bdu4XjKR3UPx1iS23kdTkPKNFgazBeVTbuxYqEp0DYc=' 'sha256-iSenMpxWneYIQn8oj45JKUrqalowUP37Grx9qYBk71U=' 'sha256-7Buq1vYNyuCqzL1qi1GDgIjjEI9dRccdIAbriq90CJg=' 'sha256-nd/XcY53KxgscLkvRS9wYXmU11ZQ+4U9t051MUJx5yE=' 'sha256-+sWhfTcZSG7XrsT61RI144ba9rE54ohM2kU43W6Do4U=' 'sha256-V7Nfgc45dEPdMpv+C9eGLuNDdx1lqLWBvD21n/nTbnw=' 'sha256-Di1xujw891gUw2f4Dcl3e05ECLSB4DK5RmDJ02qCl+M=' 'sha256-TCR4SO0z8m2yl2c09FRxJPfIIC+cCTD2Pt4vFHYdozA=' 'sha256-Syi3PbGJutUnGOw/+0uuur8vO6rKGQK3uinG2NAdSLQ=' 'sha256-VPHc/7xBTnzQ2w/c21rl9vrJzKimAyHBFGe1sS0x4dQ=' 'sha256-FIxAmhlquL19XlaBA+iSyXXJ/LwRQNfL4iJxYNitGV8=' 'sha256-mr1Ym7HxHASt6RfTa/KwxW8yynUtAIGrIuKNkTwex1Y=' 'sha256-2NJPv3sf+mSp8Y7aLXXjpsguaqnB+wpWpLE9k0bfT1A=' 'sha256-wwBytE0zrqrHUYnbFU/Hb+54aEwvXA/AUC3iiEtZoYo=' 'sha256-I9afoREoJ2XrBnLZ3pTdhTKkUNSalNUujQrgipUEhNc=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-0KLMFriemffdQKhnQYTsle9GpNpjT9Wikqb41i8USJg=' 'sha256-VTq1asG2HYDP/tAnd97wS5FfA/jKE3I2wTEmyzRZREs=' 'sha256-qiM21AzSpGuI2RbaDOFjq4c2kLCU9Vu2HiJUxaenfuw='; | Good | Control resources the user agent is allowed to load for a given page. Click to learn more... |
Referrer-Policy | strict-origin-when-cross-origin | Good | Control how much referrer information should be included with requests. Click to learn more... |
Clear-Site-Data | — | Good | Control the data stored by a client browser for their origins. Click to learn more... |
X-Permitted-Cross-Domain-Policies | — | Good | Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more... |
Permissions-Policy | — | New | Allow and deny the use of browser features in a document or iframe. Click to learn more... |
Cross-Origin-Embedder-Policy | — | New | Configure embedding cross-origin resources into the document. Click to learn more... |
Cross-Origin-Opener-Policy | — | New | Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more... |
Cross-Origin-Resource-Policy | — | New | Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more... |
X-XSS-Protection | 0 | Deprecated | Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more... |
Feature-Policy | — | Deprecated | Deprecated. Replaced by the Permissions-Policy header. Click to learn more... |
Expect-CT | — | Deprecated | Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more... |
Public-Key-Pins | — | Deprecated | Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more... |
Security Violations · 0 found
Requests or resources offending security policies
Certificates · 2 found
SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification
Subject | Issue date | Expiry date |
---|---|---|
rotterdam.nl | Nov 6, 2023, 00:00:00 | Dec 6, 2024, 23:59:59 |
virtuele-gemeente-assistent.nl | Oct 7, 2024, 08:04:38 | Jan 5, 2025, 08:04:37 |