{ "scan": { "algorithmVersion": 4, "grade": "B", "error": null, "score": 70, "statusCode": 200, "testsFailed": 2, "testsPassed": 8, "testsQuantity": 10, "responseHeaders": { "referrer-policy": "no-referrer", "x-frame-options": "SAMEORIGIN", "x-robots-tag": "none", "cache-control": "no-store, must-revalidate, max-age=0", "content-security-policy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", "set-cookie": [ "AUTH_SESSION_ID=37bef589-f3f0-46e0-843c-4c0a39bb421f.keycloak-5bb65746fd-hm8kg-31952; Version=1; Path=/realms/login-eea/; SameSite=None; Secure; HttpOnly", "AUTH_SESSION_ID_LEGACY=37bef589-f3f0-46e0-843c-4c0a39bb421f.keycloak-5bb65746fd-hm8kg-31952; Version=1; Path=/realms/login-eea/; HttpOnly", "KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI1Y2RhNWFkNi02NjY2LTQxMWUtYTI0MS0xNDA1NWQ1MzlmMjIifQ.eyJjaWQiOiJlaW9uZXRfaGVscGRlc2siLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwczovL2hlbHBkZXNrLmVpb25ldC5ldXJvcGEuZXUvb3RycyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJpc3MiOiJodHRwczovL2xvZ2luLmVlYS5ldXJvcGEuZXUvcmVhbG1zL2xvZ2luLWVlYSIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly9oZWxwZGVzay5laW9uZXQuZXVyb3BhLmV1L290cnMiLCJzdGF0ZSI6Inl1ckdQRThGQjdiNy1KSzZUZGpWaU1VMXNsdyIsIm5vbmNlIjoiT2ozLWdVOWdlSExyM25lNjlka2xRUTBwdk10RzZ5VGx5TzVZV0NWV0NnSSJ9fQ.T8niUwnBlcWZPIqZQ3uUWI0sJxtevaw1Vve83SkH9YQ; Version=1; Path=/realms/login-eea/; HttpOnly" ], "content-language": "en", "content-type": "text/html;charset=utf-8", "transfer-encoding": "chunked", "strict-transport-security": "max-age=31536000; includeSubDomains;", "x-content-type-options": "nosniff", "x-xss-protection": "1; mode=block", "connection": "close" } }, "tests": { "content-security-policy": { "expectation": "csp-implemented-with-no-unsafe", "pass": false, "result": "csp-implemented-with-unsafe-inline", "scoreModifier": -20, "data": { "frame-src": [ "'self'" ], "frame-ancestors": [ "'self'" ], "object-src": [ "'none'" ] }, "http": true, "meta": false, "policy": { "antiClickjacking": true, "defaultNone": false, "insecureBaseUri": true, "insecureFormAction": true, "insecureSchemeActive": false, "insecureSchemePassive": false, "strictDynamic": false, "unsafeEval": false, "unsafeInline": true, "unsafeInlineStyle": true, "unsafeObjects": false }, "numPolicies": 1 }, "cookies": { "expectation": "cookies-secure-with-httponly-sessions", "pass": false, "result": "cookies-session-without-secure-flag-but-protected-by-hsts", "scoreModifier": -10, "data": { "mod_auth_openidc_state_yurGPE8FB7b7-JK6TdjViMU1slw": { "domain": "helpdesk.eionet.europa.eu", "httponly": true, "path": "/", "port": null, "secure": true }, "AUTH_SESSION_ID": { "domain": "login.eea.europa.eu", "httponly": true, "path": "/realms/login-eea/", "port": null, "samesite": "none", "secure": true }, "AUTH_SESSION_ID_LEGACY": { "domain": "login.eea.europa.eu", "httponly": true, "path": "/realms/login-eea/", "port": null }, "KC_RESTART": { "domain": "login.eea.europa.eu", "httponly": true, "path": "/realms/login-eea/", "port": null } }, "sameSite": false }, "cross-origin-resource-sharing": { "expectation": "cross-origin-resource-sharing-not-implemented", "pass": true, "result": "cross-origin-resource-sharing-not-implemented", "scoreModifier": 0, "data": null }, "redirection": { "expectation": "redirection-to-https", "pass": true, "result": "redirection-to-https", "scoreModifier": 0, "destination": "https://login.eea.europa.eu/realms/login-eea/protocol/openid-connect/auth?response_type=code&scope=openid%20email%20profile&client_id=eionet_helpdesk&state=1C_ZN_xIWFX5x_VBKJPtopCb8Iw&redirect_uri=https%3A%2F%2Fhelpdesk.eionet.europa.eu%2Fotrs&nonce=uWbRSzk-XDY9yQRrpdgJrluX9U_2QAiuCmPASlCnVWM", "redirects": true, "route": [ "http://helpdesk.eionet.europa.eu/", "https://helpdesk.eionet.europa.eu/", "https://helpdesk.eionet.europa.eu/otrs/index.pl", "https://login.eea.europa.eu/realms/login-eea/protocol/openid-connect/auth?response_type=code&scope=openid%20email%20profile&client_id=eionet_helpdesk&state=1C_ZN_xIWFX5x_VBKJPtopCb8Iw&redirect_uri=https%3A%2F%2Fhelpdesk.eionet.europa.eu%2Fotrs&nonce=uWbRSzk-XDY9yQRrpdgJrluX9U_2QAiuCmPASlCnVWM" ], "statusCode": 200 }, "referrer-policy": { "expectation": "referrer-policy-private", "pass": true, "result": "referrer-policy-private", "scoreModifier": 5, "data": "no-referrer", "http": true, "meta": false }, "strict-transport-security": { "expectation": "hsts-implemented-max-age-at-least-six-months", "pass": true, "result": "hsts-implemented-max-age-at-least-six-months", "scoreModifier": 0, "data": "max-age=31536000; includeSubDomains;", "includeSubDomains": true, "maxAge": 31536000, "preload": false, "preloaded": false }, "subresource-integrity": { "expectation": "sri-implemented-and-external-scripts-loaded-securely", "pass": true, "result": "sri-not-implemented-but-no-scripts-loaded", "scoreModifier": 0, "data": {} }, "x-content-type-options": { "expectation": "x-content-type-options-nosniff", "pass": true, "result": "x-content-type-options-nosniff", "scoreModifier": 0, "data": "nosniff" }, "x-frame-options": { "expectation": "x-frame-options-sameorigin-or-deny", "pass": true, "result": "x-frame-options-implemented-via-csp", "scoreModifier": 5, "data": "SAMEORIGIN" }, "cross-origin-resource-policy": { "expectation": "corp-implemented-with-same-site", "pass": true, "result": "corp-not-implemented", "scoreModifier": 0, "data": null, "http": false, "meta": false } } }