| Score |
|---|
K |
| Missing Header | Description |
|---|---|
| Strict-Transport-Security | Enforces secure (HTTP over SSL/TLS) connections to the server. |
| X-Frame-Options | Indicates whether a browser should be allowed to render a page in a <frame> or <iframe>. |
| Content-Security-Policy | Helps prevent Cross-Site Scripting (XSS) attacks. |
| X-Content-Type-Options | Prevents browsers from MIME-sniffing a response away from the declared content-type. |
| Referrer-Policy | Controls how much referrer information should be included with requests. |
| Permissions-Policy | Manages which browser features and APIs a page can use. |
| X-XSS-Protection | Helps protect against Cross-Site Scripting (XSS) attacks. |
| Expect-CT | Ensures that browsers enforce Certificate Transparency. |
| Cache-Control | Directs caching mechanisms on how to handle the response. |
| Access-Control-Allow-Origin | Controls which origins are allowed to access resources on the server. |
| Header Issue |
|---|
| Referrer-Policy is not a valid value |
| Content-Security-Policy contains unsafe-inline or unsafe-eval |
| Header Name | Value |
|---|---|
| content-type | text/html;charset=utf-8 |
| date | Fri, 26 Jul 2024 01:03:15 GMT |
| set-cookie | KSESSIONID=42E5BB5EBB588BC64F1A3D32F826779B; Path=/; Secure; HttpOnly |
| last-modified | Fri, 26 Jul 2024 01:03:15 GMT |
| cache-control | private, must-revalidate |
| expires | Wed, 16 Aug 2000 10:00:00 GMT |
| x-xss-protection | 1; mode=block |
| x-content-type-options | nosniff |
| strict-transport-security | max-age=31536000; includeSubDomains |
| referrer-policy | origin-when-cross-origin,strict-origin-when-cross-origin |
| content-security-policy | default-src 'self' *.kpn.com; frame-ancestors 'self' mijnzakelijk.kpn.com www.grip-on-it.com https://*.useinsider.com/ https://*.rooom.com https://virtuelewinkel.kpn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static-accept.customersaas.com *.kpn.com *.salesforceliveagent.com www.googletagmanager.com *.google.com invitation.opinionbar.com www.googleadservices.com connect.facebook.net *.doubleclick.net *.mouseflow.com kpn-compleet-fpi-info.fourstack.nl www.pingvp.com kpn.pingvp.com static.customersaas.com https://*.googleapis.com kpnarmor.nl w.usabilla.com api.usabilla.com deploy.mopinion.com collect.mopinion.com kpn.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com *.dwin1.com mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net https://assets.adobedtm.com *.pardot.com opt.objectiveportal.com www.facebook.com *.cookielaw.org *.onetrust.com *.atdmt.com *.adservice.google.nl *.insided.com *.algolia.net *.algolia.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com *.useinsider.com https://kpnnl.maps.arcgis.com *.bing.com https://*.gstatic.com https://cloud.51degrees.com *.google-analytics.com *.analytics-google.com; style-src 'self' 'unsafe-inline' data: *.kpn.com www.pingvp.com kpn.pingvp.com d1r5etm691cejh.cloudfront.net static.customersaas.com d6tizftlrpuof.cloudfront.net kpn.mopinion.com tagmanager.google.com cacheorcheck.mopinion.com fonts.mopinion.com survey.mopinion.com *.insided.com *.algolia.net *.algolia.com https://fonts.googleapis.com *.licdn.com *.useinsider.com https://www.gstatic.com https://kpngroup.emsecure.net; img-src 'self' data: is-accept.customersaas.com *.kpn.com www.google.nl *.google.com www.facebook.com *.doubleclick.net invitation.opinionbar.com www.pingvp.com kpn.pingvp.com d35v9wsdymy32b.cloudfront.net https://*.googleapis.com kpn.com *.google-analytics.com *.analytics-google.com api.customersaas.com static.customersaas.com d3mwk3f7r8fv9u.cloudfront.net d6tizftlrpuof.cloudfront.net cms-images.s3.amazonaws.com kpncomvod.download.kpnstreaming.nl w.usabilla.com www.telfort.nl mobielshop.test.marketingmakers.nl fra1.digitaloceanspaces.com cacheorcheck.mopinion.com survey.mopinion.com https://*.demdex.net https://assets.adobedtm.com opt.objectiveportal.com *.cookielaw.org *.onetrust.com *.atdmt.com *.adservice.google.nl *.linkedin.com *.licdn.com p.adsymptotic.com api.useinsider.com kpnnl.api.useinsider.com https://images.ctfassets.net *.dwin1.com *.bing.com https://*.gstatic.com; media-src 'self' kpncomvod.download.kpnstreaming.nl *.kpn.com pingmediavod.download.kpnstreaming.nl kpn.pingvp.com media.licdn.com; frame-src *.doubleclick.net callmenow.eu3.vanadaloha.net rpv.reviva.nl *.kpn.com portal.bp.nu www.youtube.com kpngroup.emsecure.net kpn.mopinion.com kpn-mini.speedtestcustom.com kpn-itns.speedtestcustom.com www.pingvp.com kpn.pingvp.com reload.alphacomm.network mijnzakelijk.kpn.com www.grip-on-it.com https://*.demdex.net emea1-proxy.adobemc.com www.facebook.com *.onetrust.com *.atdmt.com *.adservice.google.nl www.googletagmanager.com www.linkedin.com *.useinsider.com https://kpnnl.maps.arcgis.com https://open.spotify.com *.google.com https://*.rooom.com https://virtuelewinkel.kpn.com https://embed-standalone.spotify.com; font-src 'self' data: *.kpn.com www.pingvp.com kpn.pingvp.com https://fonts.gstatic.com static.customersaas.com *.insided.com *.algolia.net gstatic.mopinion.com *.algolia.com *.useinsider.com; connect-src 'self' api-accept.customersaas.com *.google-analytics.com *.analytics-google.com *.kpn.com *.mouseflow.com tracker.customersaas.com kpn.api.ruwido.com api-agendaplanner.kpnretail.nl api.customersaas.com scripts.kpn.nl pastease.mopinion.com kpn.mopinion.com deploy.mopinion.com cacheorcheck.mopinion.com survey.mopinion.com kpn-compleet-fpi-info.fourstack.nl wss://*.twilio.com https://*.twilio.com https://*.demdex.net https://assets.adobedtm.com *.tt.omtrdc.net https://adobeioruntime.net emea1-proxy.adobemc.com wss://*.kpn.com/chat-engine *.cookielaw.org *.onetrust.com www.pingvp.com kpn.pingvp.com *.insided.com *.algolia.net *.algolia.com https://*.googleapis.com *.linkedin.com *.licdn.com *.useinsider.com *.google.com https://*.gstatic.com https://cloud.51degrees.com https://kpngroup.emsecure.net *.doubleclick.net; object-src 'self' https://kpnnl.maps.arcgis.com |
| x-cache | Miss from cloudfront |
| via | 1.1 e1af02661708034e962bd39b357a50aa.cloudfront.net (CloudFront) |
| x-amz-cf-pop | FRA60-P9 |
| x-amz-cf-id | -lm82ktOQOXpC7s9_DNUExi99SMw4VrmOOtwILKQ4k_nHnLjjXe8Tw== |