{ "scan": { "algorithmVersion": 4, "grade": "B", "error": null, "score": 70, "statusCode": 200, "testsFailed": 2, "testsPassed": 8, "testsQuantity": 10, "responseHeaders": { "date": "Thu, 03 Jul 2025 08:51:27 GMT", "content-type": "text/html;charset=UTF-8", "content-length": "4147", "connection": "close", "set-cookie": [ "route=3de986941e9057414970bc1fdb00818f|c5a7879cd9d834faff8f25802a2f41bc; Path=/; Secure; HttpOnly", "JSESSIONID=E28B6F6F6D7219162ADFEF1BF24510D2; Path=/; HttpOnly", "eionet.webq.cookies.userid=4a8a2e8a60a944e3c7c61cf4f5b5861b; Max-Age=288000; Expires=Sun, 06-Jul-2025 16:51:26 GMT; Path=/" ], "cache-control": "no-cache, no-store, max-age=0, must-revalidate", "pragma": "no-cache", "expires": "0", "x-xss-protection": "1; mode=block", "x-frame-options": "SAMEORIGIN", "x-content-type-options": "nosniff", "content-language": "en-US", "strict-transport-security": "max-age=31536000; includeSubDomains", "server": "HTTPS", "referrer-policy": "strict-origin-when-cross-origin", "feature-policy": "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'self'; usb 'none'; vr 'none'", "expect-ct": "max-age=604800, report-uri='https://sentry.eea.europa.eu/api/25/security/?sentry_key=36e966c526304fb38680f19ac1927bb5'", "content-security-policy": "default-src 'self' blob: data: https://*.eea.europa.eu https://*.eionet.europa.eu; connect-src 'self' https://*.openstreetmap.org https://*.eea.europa.eu https://*.eionet.europa.eu http://*.eea.europa.eu; font-src 'self' data: https://cdnjs.cloudflare.com/ https://use.fontawesome.com/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com https://*.eea.europa.eu https://*.eionet.europa.eu; frame-src 'self' https://ec.europa.eu/ https://*.eea.europa.eu https://*.eionet.europa.eu http://*.eea.europa.eu; img-src http: https: blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://matomo.eea.europa.eu https://openlayers.org/ https://www.google.com/jsapi https://www.google.com/uds/ https://www.gstatic.com/ https://spreadsheets.google.com/ https://docs.google.com/ https://*.eea.europa.eu https://*.eionet.europa.eu http://*.eea.europa.eu https://cdnjs.cloudflare.com https://code.jquery.com; style-src 'self' 'unsafe-inline' https://openlayers.org/ https://use.fontawesome.com https://www.google.com/uds/ https://ajax.googleapis.com/ https://www.gstatic.com/ https://*.eionet.europa.eu https://*.eea.europa.eu https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com; report-uri https://sentry.eea.europa.eu/api/25/security/?sentry_key=36e966c526304fb38680f19ac1927bb5" } }, "tests": { "content-security-policy": { "expectation": "csp-implemented-with-no-unsafe", "pass": false, "result": "csp-implemented-with-unsafe-inline", "scoreModifier": -20, "data": { "default-src": [ "'self'", "blob:", "data:", "https://*.eea.europa.eu", "https://*.eionet.europa.eu" ], "connect-src": [ "'self'", "http://*.eea.europa.eu", "https://*.eea.europa.eu", "https://*.eionet.europa.eu", "https://*.openstreetmap.org" ], "font-src": [ "'self'", "data:", "https://*.eea.europa.eu", "https://*.eionet.europa.eu", "https://cdnjs.cloudflare.com/", "https://fonts.gstatic.com/", "https://maxcdn.bootstrapcdn.com", "https://use.fontawesome.com/" ], "frame-src": [ "'self'", "http://*.eea.europa.eu", "https://*.eea.europa.eu", "https://*.eionet.europa.eu", "https://ec.europa.eu/" ], "img-src": [ "blob:", "data:", "http:", "https:" ], "script-src": [ "'self'", "'unsafe-eval'", "'unsafe-inline'", "blob:", "data:", "http://*.eea.europa.eu", "https://*.eea.europa.eu", "https://*.eionet.europa.eu", "https://cdnjs.cloudflare.com", "https://code.jquery.com", "https://docs.google.com/", "https://matomo.eea.europa.eu", "https://openlayers.org/", "https://spreadsheets.google.com/", "https://www.google.com/jsapi", "https://www.google.com/uds/", "https://www.gstatic.com/" ], "style-src": [ "'self'", "'unsafe-inline'", "https://*.eea.europa.eu", "https://*.eionet.europa.eu", "https://ajax.googleapis.com/", "https://cdnjs.cloudflare.com", "https://code.jquery.com", "https://maxcdn.bootstrapcdn.com", "https://openlayers.org/", "https://use.fontawesome.com", "https://www.google.com/uds/", "https://www.gstatic.com/" ], "report-uri": [ "https://sentry.eea.europa.eu/api/25/security/?sentry_key=36e966c526304fb38680f19ac1927bb5" ] }, "http": true, "meta": false, "policy": { "antiClickjacking": false, "defaultNone": false, "insecureBaseUri": true, "insecureFormAction": true, "insecureSchemeActive": true, "insecureSchemePassive": true, "strictDynamic": false, "unsafeEval": true, "unsafeInline": true, "unsafeInlineStyle": true, "unsafeObjects": false }, "numPolicies": 1 }, "cookies": { "expectation": "cookies-secure-with-httponly-sessions", "pass": false, "result": "cookies-session-without-secure-flag-but-protected-by-hsts", "scoreModifier": -10, "data": { "route": { "domain": "webformstest.eionet.europa.eu", "httponly": true, "path": "/", "port": null, "secure": true }, "JSESSIONID": { "domain": "webformstest.eionet.europa.eu", "httponly": true, "path": "/", "port": null }, "eionet.webq.cookies.userid": { "domain": "webformstest.eionet.europa.eu", "expires": "2025-07-06T16:51:26.000Z", "max-age": 288000, "path": "/", "port": null } }, "sameSite": false }, "cross-origin-resource-sharing": { "expectation": "cross-origin-resource-sharing-not-implemented", "pass": true, "result": "cross-origin-resource-sharing-not-implemented", "scoreModifier": 0, "data": null }, "redirection": { "expectation": "redirection-to-https", "pass": true, "result": "redirection-to-https", "scoreModifier": 0, "destination": "https://webformstest.eionet.europa.eu/", "redirects": true, "route": [ "http://webformstest.eionet.europa.eu/", "https://webformstest.eionet.europa.eu/" ], "statusCode": 200 }, "referrer-policy": { "expectation": "referrer-policy-private", "pass": true, "result": "referrer-policy-private", "scoreModifier": 5, "data": "strict-origin-when-cross-origin", "http": true, "meta": false }, "strict-transport-security": { "expectation": "hsts-implemented-max-age-at-least-six-months", "pass": true, "result": "hsts-implemented-max-age-at-least-six-months", "scoreModifier": 0, "data": "max-age=31536000; includeSubDomains", "includeSubDomains": true, "maxAge": 31536000, "preload": false, "preloaded": false }, "subresource-integrity": { "expectation": "sri-implemented-and-external-scripts-loaded-securely", "pass": true, "result": "sri-not-implemented-but-all-scripts-loaded-from-secure-origin", "scoreModifier": 0, "data": {} }, "x-content-type-options": { "expectation": "x-content-type-options-nosniff", "pass": true, "result": "x-content-type-options-nosniff", "scoreModifier": 0, "data": "nosniff" }, "x-frame-options": { "expectation": "x-frame-options-sameorigin-or-deny", "pass": true, "result": "x-frame-options-sameorigin-or-deny", "scoreModifier": 0, "data": "SAMEORIGIN" }, "cross-origin-resource-policy": { "expectation": "corp-implemented-with-same-site", "pass": true, "result": "corp-not-implemented", "scoreModifier": 0, "data": null, "http": false, "meta": false } } }