{
  "scan": {
    "algorithmVersion": 4,
    "grade": "B+",
    "error": null,
    "score": 80,
    "statusCode": 200,
    "testsFailed": 1,
    "testsPassed": 9,
    "testsQuantity": 10,
    "responseHeaders": {
      "date": "Thu, 20 Nov 2025 08:22:06 GMT",
      "content-type": "text/html;charset=utf-8",
      "content-length": "12572",
      "connection": "close",
      "x-frame-options": "SAMEORIGIN",
      "x-url": "/VirtualHostBase/https/mdr.eionet.europa.eu:443/VirtualHostRoot/",
      "vary": "X-Anonymous,Accept-Encoding",
      "x-cacheable": "YES",
      "x-varnish": "602961 5709638",
      "age": "45",
      "via": "1.1 mdr-varnish-76fcdf794-t4hq8 (Varnish/7.7)",
      "accept-ranges": "bytes",
      "grace": "",
      "x-backend": "cluster(mdr-instance:(null))",
      "x-cache": "HIT",
      "strict-transport-security": "max-age=15768000",
      "server": "HTTPS",
      "x-content-type-options": "nosniff",
      "referrer-policy": "strict-origin-when-cross-origin",
      "feature-policy": "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'self'; usb 'none'; vr 'none'",
      "x-xss-protection": "1; mode=block'",
      "content-security-policy": "default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://matomo.eea.europa.eu/matomo.js; style-src 'report-sample' 'self' 'unsafe-inline' https://www.eionet.europa.eu; object-src 'self'; base-uri 'self'; connect-src 'self' https://matomo.eea.europa.eu; font-src 'self'; img-src 'self' https://www.eionet.europa.eu;"
    }
  },
  "tests": {
    "content-security-policy": {
      "expectation": "csp-implemented-with-no-unsafe",
      "pass": false,
      "result": "csp-implemented-with-unsafe-inline",
      "scoreModifier": -20,
      "data": {
        "default-src": [
          "'self'"
        ],
        "script-src": [
          "'report-sample'",
          "'self'",
          "'unsafe-inline'",
          "https://matomo.eea.europa.eu/matomo.js"
        ],
        "style-src": [
          "'report-sample'",
          "'self'",
          "'unsafe-inline'",
          "https://www.eionet.europa.eu"
        ],
        "object-src": [
          "'self'"
        ],
        "base-uri": [
          "'self'"
        ],
        "connect-src": [
          "'self'",
          "https://matomo.eea.europa.eu"
        ],
        "font-src": [
          "'self'"
        ],
        "img-src": [
          "'self'",
          "https://www.eionet.europa.eu"
        ]
      },
      "http": true,
      "meta": false,
      "policy": {
        "antiClickjacking": false,
        "defaultNone": false,
        "insecureBaseUri": false,
        "insecureFormAction": true,
        "insecureSchemeActive": false,
        "insecureSchemePassive": false,
        "strictDynamic": false,
        "unsafeEval": false,
        "unsafeInline": true,
        "unsafeInlineStyle": true,
        "unsafeObjects": false
      },
      "numPolicies": 1
    },
    "cookies": {
      "expectation": "cookies-secure-with-httponly-sessions",
      "pass": true,
      "result": "cookies-not-found",
      "scoreModifier": 0,
      "data": null,
      "sameSite": false
    },
    "cross-origin-resource-sharing": {
      "expectation": "cross-origin-resource-sharing-not-implemented",
      "pass": true,
      "result": "cross-origin-resource-sharing-not-implemented",
      "scoreModifier": 0,
      "data": null
    },
    "redirection": {
      "expectation": "redirection-to-https",
      "pass": true,
      "result": "redirection-to-https",
      "scoreModifier": 0,
      "destination": "https://mdr.eionet.europa.eu/",
      "redirects": true,
      "route": [
        "http://mdr.eionet.europa.eu/",
        "https://mdr.eionet.europa.eu/"
      ],
      "statusCode": 200
    },
    "referrer-policy": {
      "expectation": "referrer-policy-private",
      "pass": true,
      "result": "referrer-policy-private",
      "scoreModifier": 5,
      "data": "strict-origin-when-cross-origin",
      "http": true,
      "meta": false
    },
    "strict-transport-security": {
      "expectation": "hsts-implemented-max-age-at-least-six-months",
      "pass": true,
      "result": "hsts-implemented-max-age-at-least-six-months",
      "scoreModifier": 0,
      "data": "max-age=15768000",
      "includeSubDomains": false,
      "maxAge": 15768000,
      "preload": false,
      "preloaded": false
    },
    "subresource-integrity": {
      "expectation": "sri-implemented-and-external-scripts-loaded-securely",
      "pass": true,
      "result": "sri-not-implemented-but-all-scripts-loaded-from-secure-origin",
      "scoreModifier": 0,
      "data": {}
    },
    "x-content-type-options": {
      "expectation": "x-content-type-options-nosniff",
      "pass": true,
      "result": "x-content-type-options-nosniff",
      "scoreModifier": 0,
      "data": "nosniff"
    },
    "x-frame-options": {
      "expectation": "x-frame-options-sameorigin-or-deny",
      "pass": true,
      "result": "x-frame-options-sameorigin-or-deny",
      "scoreModifier": 0,
      "data": "SAMEORIGIN"
    },
    "cross-origin-resource-policy": {
      "expectation": "corp-implemented-with-same-site",
      "pass": true,
      "result": "corp-not-implemented",
      "scoreModifier": 0,
      "data": null,
      "http": false,
      "meta": false
    }
  }
}