Open source release Internet.nl including 'security headers'
The software source code of Internet.nl is published under the Apache License, version 2.0 on Github. Internet.nl was made possible by using and combining other open source software. The main open source building blocks of Internet.nl are Python 3, Django, PostgreSQL, Celery, Redis, RabbitMQ, nassl, unbound/libunbound and Postfix. Please see copyright page for further information.
Test for application security options
The website test has a new test category for application security options. These settings can be sent to the browser via HTTP headers and are often referred to as 'security headers'. The new category contains tests for X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Content-Security-Policy and Referrer-Policy. For the latter two we check for their existence but do not evaluate the effectivenes of the configured policy. Currently the results of the new tests do not impact the overall score.
The test tool Internet.nl is an initiative of the Dutch Internet Standards Platform which is a collaboration of partners from the internet community and the Dutch government. The platform's mission is to jointly promote the use of modern internet standards keeping the internet reliable and accessible for everybody. ECP provides for the administrative home of the platform. NLnet Labs is responsible for the technical realisation and implementation of the test tool.
- New features:
- New "Security Options" for the website test to check security HTTP headers;
- DMARC verification now uses Mozilla's public suffix list for finding the organizational domain;
- DMARC validation now gives a warning if rua/ruf is not valid;
- Added link to test explanation on connection results;
- New way of showing verdict for failed categories;
- Bug fixes:
- Fixed DMARC external report addresses and validation when multiple URIs;
- Ignore MX records that include 'localhost';
- Home page statistics numbers sometimes weren't adding up;
- Several content improvements.