Improved tests for CSP and security.txt on Internet.nl

April 11, 2023
As of today, you can use a new version of Internet.nl with an improved test for Content-Security-Policy and for security.txt. In addition, several other improvements have been made, including bug fixes, code cleanup, updates of used external software libraries, and content improvements.

Improved CSP test

Specific error messages were added to the technical details in the Content-Security-Policy (CSP) test. This makes it clearer to users what is wrong with their CSP policy and enables them to make their policy more secure. Furthermore, the CSP test now also checks for secure settings of the base-uri and form-action directives. According to the CSP specification, both directives are not covered by the fallback policy of default-src and thus it is important to configure them explicitly.

security.txt and TLS test improvements

For the security.txt test Dutch translations were added, the validation library was updated and several bug fixes were made. Furthermore, in the test for TLS version, users can now see all detected TLS versions. So, if detected, also TLS version 1.2 and 1.3 with a 'sufficient' and 'good' security level, respectively, are now displayed in the technical table.

About Internet.nl

The test tool Internet.nl is an initiative of the Dutch Internet Standards Platform which is a collaboration of partners from the Internet community and the Dutch government. The aim of the platform is to jointly increase the use of modern Internet standards to make the Internet more accessible, safer and more reliable for everyone. The software code of Internet.nl is available under an open source license.


Release notes 1.7.0

This release has API version 2.3.0:

  • The record_org_domain was added for DMARC (#489).
  • The securitytxt_errors and securitytxt_recommendations types were changed. They now contain error codes (and possibly context) rather than full sentences.
  • The content_security_policy_errors field was added with error codes for CSP.
  • An issue was fixed where the mx_nameservers field was not included in results (#882).