Open
Description
Ideally there should be an Content-Security-Policy header in the external managed services below the internet.nl domain.
| Hostname (FQDN) | Software | current Content-Security-Policy header |
Upstream issues |
|---|---|---|---|
| emailveilig.internet.nl | Apache | None | ours: #951 |
| e‑mailveilig.internet.nl¹ | Apache | redirect 301 https://emailveilig.internet.nl |
ours to ask |
| helpdesk.internet.nl | Zammad | base-uri 'self' https://helpdesk.internet.nl; default-src 'self' ws: wss: https://images.zammad.com; font-src 'self' data:; img-src * data: blob:; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-uEzP2OVORVd3k0/9mZJk+w=='; style-src 'self' 'unsafe-inline'; frame-src www.youtube.com player.vimeo.com |
❌ no open issues yet and see blame on CSP source |
| lists.internet.nl | nginx | None | ❌ no open issues yet and best / only online info |
| matomo.internet.nl | Apache | default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; |
✅ CSP issue and see blame on CSP source |
| toolbox.internet.nl | Apache | redirect 301 https://github.com/internetstandards/toolbox-wiki/ |
ours to ask |
[1] No I meant e-mailveilig.internet.nl and not xn--emailveilig-lf3f.internet.nl (I like non breaking hyphens, but in domains 🦊 Firefox convert it to punycode).
Related:
Metadata
Metadata
Assignees
Labels
No labels