Security Report Summary
A
| Site: | https://www.breda.nl/ | ||
|---|---|---|---|
| IP Address: | 2a06:efc0:0:103::21 | ||
| Report Time: | 24 Apr 2024 21:40:11 UTC | ||
| Headers: |
|
||
| Warning: | Grade capped at A, please see warnings below. | ||
| Advanced: |
|
Missing Headers
| Permissions-Policy | Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser. |
|---|
Warnings
| Content-Security-Policy | This policy contains 'unsafe-hashes' which is dangerous in the style-src directive. |
|---|---|
| Strict-Transport-Security | There was a duplicate Strict-Transport-Security header. |
Raw Headers
| HTTP/2 | 200 |
|---|---|
| strict-transport-security | max-age=31536000 |
| date | Wed, 24 Apr 2024 19:18:57 GMT |
| cache-control | max-age=31536000, public |
| content-language | nl |
| x-content-type-options | nosniff |
| expires | Sun, 19 Nov 1978 05:00:00 GMT |
| vary | Cookie,Accept-Encoding |
| content-security-policy | default-src 'self' scribit-pro-hosting.storage.googleapis.com; child-src 'self' *.youtube.com https://login.microsoftonline.com blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com https://*.govmetric.com https://*.servmetric.com api.scribit.pro *.siteimprove.com piwik.breda.nl https://*.ats-platform.com https://*.hireserve.nl https://piwik.breda.nl/; font-src 'self' data: *.googleusercontent.com https://*.ats-platform.com https://*.hireserve.nl; frame-src 'self' *.youtube.com https://login.microsoftonline.com https://www.google.com https://websiteacc.breda.nl https://formulieren.breda.nl https://breda-bba.vercel.app https://breda.bba.nl https://*.govmetric.com https://*.servmetric.com https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report https://*.ats-platform.com https://*.hireserve.nl; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl https://*.govmetric.com https://*.servmetric.com i.ytimg.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io piwik.breda.nl https://*.ats-platform.com https://*.hireserve.nl; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com https://cb.vrmwb.nl https://*.govmetric.com https://*.servmetric.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js piwik.breda.nl 'nonce-WXpVME5qTTVNREEwT0dRNE9XWXg=' 'nonce-WTJObU9USXdOV1UzWXpaaU5URXg=' 'sha256-sLveLlY6lTSX9j1j9OklTbpdDynFDkjhHNWQaPCM2Go=' https://*.ats-platform.com https://*.hireserve.nl 'unsafe-inline' https://piwik.breda.nl/; script-src-attr 'self'; script-src-elem 'self' scribit-pro-hosting.storage.googleapis.com https://cb.vrmwb.nl https://*.govmetric.com https://*.servmetric.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js piwik.breda.nl 'nonce-WXpVME5qTTVNREEwT0dRNE9XWXg=' 'nonce-WTJObU9USXdOV1UzWXpaaU5URXg=' 'sha256-sLveLlY6lTSX9j1j9OklTbpdDynFDkjhHNWQaPCM2Go=' https://*.ats-platform.com https://*.hireserve.nl; style-src 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' https://cb.vrmwb.nl https://*.govmetric.com https://*.servmetric.com 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' https://*.ats-platform.com https://*.hireserve.nl 'sha256-Y9AiU86iORg8xzKS9OoX5ljrybSOCP5KcYnaFmQrXY4=' 'sha256-/d5P431opDe9iudPW48fHc7bSsZ72Sta7Lj06GeT6CQ=' 'sha256-WWn0l9kVjXaC+CGcbxP6Zyac31v1Cjkx2VMnFR3uVng=' 'sha256-OwM+Y+6bZyHYjTF71IxRANXuzyYKalTPnCCZLmuQltE='; style-src-attr 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-Y9AiU86iORg8xzKS9OoX5ljrybSOCP5KcYnaFmQrXY4='; style-src-elem 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' https://cb.vrmwb.nl https://*.govmetric.com https://*.servmetric.com 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' https://*.ats-platform.com https://*.hireserve.nl 'sha256-Y9AiU86iORg8xzKS9OoX5ljrybSOCP5KcYnaFmQrXY4=' 'sha256-/d5P431opDe9iudPW48fHc7bSsZ72Sta7Lj06GeT6CQ=' 'sha256-WWn0l9kVjXaC+CGcbxP6Zyac31v1Cjkx2VMnFR3uVng=' 'sha256-OwM+Y+6bZyHYjTF71IxRANXuzyYKalTPnCCZLmuQltE='; base-uri 'self'; frame-ancestors 'self' piwik.breda.nl |
| cache-tags | config:block_list config:block.block.toptasks_sub_theme_socialmedia_menu config:block.block.toptasks_sub_theme_dvgfooterthird config:block.block.toptasks_sub_theme_dvgfootersecond config:block.block.toptasks_sub_theme_dvgfooterfirst config:block.block.toptasks_sub_theme_footer_menu config:block.block.toptasks_sub_theme_search_addition_results_suggestion config:block.block.toptasks_sub_theme_search_addition_results_navigation config:block.block.toptasks_sub_theme_local_tasks config:block.block.toptasks_sub_theme_content config:block.block.toptasks_sub_theme_search_content config:block.block.toptasks_sub_theme_page_title config:block.block.toptasks_sub_theme_search_hero config:block.block.toptasks_base_theme_highlighted_links config:block.block.toptasks_sub_theme_views_block__slideshow_slideshow_slick_hero config:block.block.toptasks_sub_theme_messages config:block.block.toptasks_sub_theme_login_information_banner config:block.block.toptasks_sub_theme_dvg_notification config:block.block.ajaxcrisisbannerblock config:block.block.toptasks_sub_theme_languageswitcher config:block.block.toptasks_sub_theme_drop_down_menu config:block.block.toptasks_sub_theme_search_header config:block.block.toptasks_sub_theme_dvg_notification_block config:block.block.toptasks_sub_theme_dvgheaderbutton config:block.block.toptasks_sub_theme_header_menu config:block.block.toptasks_sub_theme_breadcrumbs config:block.block.toptasks_sub_theme_branding config:block.block.toptasks_sub_theme_kcc_menu user:0 config:block.block.toptasks_sub_theme_kcc_mail_link config:block.block.toptasks_sub_theme_kcc_mail_suggestion config:block.block.toptasks_sub_theme_views_block__dvg_kcc_notes_dvg_kcc_notes_block config:block.block.views_block__kcc_information config:dvg_crisis_safety_region.settings fac_key config:matomo.settings config:extlink.settings node:1 block_view config:dvg_social_media.social_media config:dvg.footer_texts footer:1 footer_view config:printable.settings paragraph_view paragraph:7284 config:paragraphs.settings config:filter.format.full node_view config:system.menu.dvg-top-tasks paragraph:3400 paragraph:3402 config:dvg_field.link_block_behavior.dvg_settings media_view media:1672 config:responsive_image.styles.link_block config:image.style.link_block_large config:image.style.link_block_small paragraph:3401 media:892 paragraph:3399 media:646 paragraph:8 config:views.view.news node_list node:2405 node:2415 node:2423 node:2428 node:2450 media:1987 config:responsive_image.styles.content config:image.style.content_small config:image.style.content_large user:4682 media:1991 user:4568 media:929 media:2030 media:2118 user:4595 config:dvg_news.dvg_settings node:737 node:1158 user:4662 node:712 user:1 node:711 node:709 node:571 user:4647 node:708 node:707 node:705 node:703 node:702 node:1324 user:4569 node:700 node:699 node:693 node:683 node:678 node:676 node:675 node:677 node:666 node:669 user:19 config:user.role.anonymous config:views.view.slideshow config:field.storage.node.field_image_slideshow config:dvg.search_labels config:facets.facet.content_type config:facets.facet.district config:facets.facet.participation config:facets.facet.topic config:field.storage.media.field_media_file config:search_api.index.default_content_index config:honeypot.settings dvg_header_button config:dvg_node_translation.settings node:909 config:system.site dvg_notification_list config:dvg_personalized_content.settings rendered http_response config:system.menu.dvg-footer node:340 node:289 node:720 node:361 node:1103 local_task kcc_information_settings config:workflows.workflow.dvg_basic scheduled_transitions_for:node:1 config:views.view.highlighted_links config:field.storage.node.field_highlighted_content_hero paragraph:13472 paragraph:13471 config:system.menu.dvg-header node:2148 node:790 config:csp.settings |
| referrer-policy | no-referrer-when-downgrade |
| strict-transport-security | max-age=31536000 |
| last-modified | Wed, 24 Apr 2024 19:18:56 GMT |
| etag | "1713986336-gzip" |
| content-encoding | gzip |
| x-frame-options | SAMEORIGIN |
| content-length | 52588 |
| content-type | text/html; charset=UTF-8 |
| age | 8453 |
| accept-ranges | bytes |
| server | Apache |
Upcoming Headers
| Cross-Origin-Embedder-Policy | Cross-Origin Embedder Policy allows a site to prevent assets being loaded that do not grant permission to load them via CORS or CORP. |
|---|---|
| Cross-Origin-Opener-Policy | Cross-Origin Opener Policy allows a site to opt-in to Cross-Origin Isolation in the browser. |
| Cross-Origin-Resource-Policy | Cross-Origin Resource Policy allows a resource owner to specify who can load the resource. |
Additional Information
| strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |
|---|---|
| x-content-type-options | X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff". |
| content-security-policy | Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. Analyse this policy in more detail. You can sign up for a free account on Report URI to collect reports about problems on your site. |
| referrer-policy | Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites. |
| strict-transport-security | HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS. |
| x-frame-options | X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking. |
| server | This Server header seems to advertise the software being run on the server but you can remove or change this value. |