Disclaimer: Het origineel van deze pagina geschreven in het Nederlands. Deze pagina is automatisch vertaald naar andere talen met behulp van DeepL. Dit kan leiden tot verschillen in nuance, toon en betekenis. Raadpleeg bij twijfel altijd eerst de Nederlandse versie. Door de hoge kosten van vertalingen kan het zijn dat deze pagina inhoudelijk achter loopt met de Nederlandse versie. Wij beschouwen de Nederlandse versie van deze pagina als leidend.Basic Security measures and publishes all measurements around online security that are responsible to publish, more on that in the publication policy. We also use the considerations in our code of conduct to determine which measurements are added.
This article lists which measurements are made around which techniques. A complete list of these, with references, is under the heading “overview of all measurements.”
This measurement policy is always evolving and responds to new developments. There are a number of exceptions to this measurement policy; these are described in the exceptions to the measurement policy.
Please read our disclaimer before using the measurement data. If you have questions, contact info@internetcleanup.foundation.
This article states:
- Information on the timeliness of measurements
- How measurements are valued more rigorously over time (roadmap)
- An overview of all individual measurements
- Includes links there documentation and test tools
Timeliness of measurements
Measurements are performed daily to weekly, this depends on the complexity and intensity of the measurements. A single inventory measurement is taken once every six months because it is noisy, the repeat measurement of this does take place once a week.
Because of the frequency of measurement, data in the reports is usually never older than a week. If it is, there is something special going on. We are still working on functionality that measurements older than two months never appear in the reports, and shorten this duration to one month at most.
You can always see how old a measurement is in the detail report. This is shown at the bottom of each measurement. For example, in the example below you can see that the measurement has been the same since 22 days and that the last measurement took place 1 day ago.
In addition, each map shows the data quality of the map. In that overview you can see which measurements are made and how many of them are up to data / outdated. In this overview, measurements older than 7 days are considered obsolete. This can also be seen in the example below.
The data quality is under the dot on the top left of the map. This ball colors depending on the quality. If it is orange or red, something is wrong. Usually it is on a green dot. If everything is up to date, there is a rainbow.
Roadmap of tightening measurements
Over time, there will be stricter monitoring. For example, some findings are green or orange now, but will become red in the future.
A new reading is often introduced as orange or green so people can get used to this and act before it turns to red.
The roadmap of this is still fragmented and not established. When individual measurements are introduced, there is often some mention of this. This information is still being gathered.
Overview of all measurements
Here is an overview of all measurements, assessments, documentation and tooling to measure yourself. When all of these are applied correctly, the organization is put green on the map.
If an organization keeps track of its online services and does minimize them, it is not too difficult to get to orange or even green.
Secure domain name (DNSSEC)
- Purpose: To provide certainty about the domain name and content of the site
- Heaviest rating: Red
- Measured with: dnssec.pl tool
- Documentation: internet.co.uk, OpenCRE, Wikipedia
- Checkable on: Zonemaster, internet.co.uk, verisign labs, DNS Visualizer
Meer documentatie
# level: url
dnssecTLS on Website (HTTPS)
- Goal: Apply encryption: that a website visit is confidential and with integrity. Check that trust is in order and there are no vulnerabilities in encryption.
- Heaviest rating:Red
- Measured with: Qualys SSL Labs
- Documentation: TLS Settings, Wikipedia, Digital Government Act
- Checkable on e.g.: SSL Labs
Meer documentatie
# level: endpoint
tls_qualys_encryption_quality
tls_qualys_certificate_trustedSite without encryption (HTTPS)
- Purpose: Application of encryption, same as TLS on Website
- Heaviest rating:Red
- Measured with: Own scanner
- Documentation: TLS Settings, Wikipedia, Digital Government Act
- Checkable at: SSL Labs, internet.co.uk
Meer documentatie
# level: endpoint
plain_httpFile transfer (FTP)
- Purpose: Application of encryption
- Heaviest rating:Red
- Measured with: Own scanner
- Documentation: Wikipedia
- Checkable at: ftptest.net, among others
Meer documentatie
# level: endpoint
ftpSoftware version information (Banners)
- Goal: remove version information because that is only useful to attackers
- Heaviest rating:Red
- Measured with: nmap
- Documentation: Wikipedia, nmap
- To be measured after including: ipvoid
Meer documentatie
# level: endpoint
bannergrab
bannnergrab_product_name (unpublished)
bannnergrab_product_version (unpublished)
bannnergrab_product_info (unpublished)
bannnergrab_product_cpe (unpublished)E-mail security (STARTTLS, DMARC, DKIM, SPF)
- Purpose: To ensure integrity and confidentiality of e-mail
- Heaviest rating:Red
- Measured by: internet.co.uk
- Documentation: Wikipedia (STARTTLS), Wikipedia (DKIM), Wikipedia (DMARC), Wikipedia (SPF)
- Checkable at: internet.co.uk, dmarcian, mxtoolbox, among others
Meer documentatie
# level: endpoint
internet_nl_mail_auth_dmarc_exist
internet_nl_mail_auth_dkim_exist
internet_nl_mail_starttls_tls_available (unpublished)Login Portals
- Purpose: Not to provide global and public functionality intended for a small group of people, especially to shield administrator functionality.
- Heaviest rating: Red
- Measured with: Nuclei
- Documentation: Wikipedia
- To be measured after, among other things: check out the links in the findings. Is there a login portal here? Then the finding is still valid. These portals are on a special page called Login Plaza.
Meer documentatie
# level: endpoint
# Only reachable via the login plaza JSON call at the moment. Will be published in the report at a later time.Tracking Cookie without permission
- Purpose: Tracking cookies should never be set without permission. By making this insightful, website builders can remove these cookies.
- Heaviest rating: Orange, Red as of January 2024.
- Measured with: Own scanner obv Playwright
- Documentation: tbd
- To be measured on: tbd
Survey measured tracking cookies
We measure the tracking cookies below. These are follower cookies that the vendor indicates are placed for marketing purposes. These follower cookies are by far the most frequently placed follower cookies according to our November 2023 survey.
| Cookie | Supplier | Documentation according to supplier |
| _fbp | ClickID | |
| _gcl_aw | Google Ads | Safety.Google |
| __gpi | Google Ads | Safety.Google |
| _gcl_au | Google Ads | Safety.Google |
| NID | Google Ads | Safety.Google |
| IDE | Google Ads | Safety.Google |
| VISITOR_INFO1_LIVE | Google YouTube | Safety.Google |
| li_sugr | Cookie Table | |
| UserMatchHistory | Cookie Table | |
| _ttp | TikTok | Cookies Policy |
Meer documentatie
# level: endpoint
web_privacy_cookie_products_no_consentOwner of the Internet address (WHOIS).
- Purpose: To get administration of domain in order. An outsider can verify that the site belongs to the correct organization at SIDN.
- Heaviest rating: Orange
- Measured with: Own scanner
- Documentation: SIDN, Wikipedia, OpenCRE
- Checkable at: SIDN
Meer documentatie
# level: url
whois_domain_ownershipSecure connection according to NCSC-NL requirements (TLS)
- Purpose: Application of encryption, measure legal requirements
- Heaviest rating:Orange
- Measured by: internet.co.uk
- Documentation: Law, Interpretation of the law, Technical requirements
- To be measured after at, among others: internet.com
Meer documentatie
# level: endpoint
internet_nl_web_tlsSecurity.txt
- Purpose: To be able to receive reports of serious online vulnerabilities.
- Heaviest rating:Orange
- Measured by: internet.co.uk
- Documentation: internet.co.uk, Wikipedia, securitytxt.org
- To be measured after at, among others: internet.com
Meer documentatie
# level: endpoint
internet_nl_wsm_web_appsecpriv_securitytxtTrusted routing of Internet traffic (RPKI)
- Goal: Assurance that Internet traffic goes through the right path
- Heaviest rating:Orange
- Measured by: internet.co.uk
- Documentation: Wikipedia
- Checkable at: internet.com, ripe, among others
Meer documentatie
# level: endpoint
internet_nl_web_rpki_existsHSTS header
- Purpose: Enforce encryption on Web sites as long as browsers do not do so
- Heaviest rating:Orange
- Measured with: Own scanner
- Documentation: MDN, Wikipedia, Digital Government Act
- Checkable at: securityheaders.com, internet.com, among others
- Note: includesubdomains and preload is ignored, in case preload is not updated and a visitor lands on a subdomain without HSTS header.
Meer documentatie
# level: endpoint
http_security_header_strict_transport_securityWebsite visit respects privacy
- Purpose: Confidentiality of a visit, that no advertisements are directed at you after a visit
- Heaviest rating:Orange
- Measured with: Own scanner
- Documentation: Building privacy conscious sites booklet, Disconnect.me, Google Analytics ban
- To be measured on: Webkoll, Privacycore.org
Meer documentatie
# level: endpoint
web_privacy_third_party_requests
web_privacy_trackingRedundant services (open gates)
- Goal: To minimize online services. The public Internet need only contain services that should be available to everyone worldwide.
- Heaviest rating:Orange
- Measured with: Nmap
- Documentation: Wikipedia (open gates)
- To be measured against, among others: ipvoid
Meer documentatie
# level: endpoint
portsSTARTTLS Presence (e-mail).
- Purpose: to be able to send encrypted e-mail to the mail server as a sender.
- Heaviest rating:Orange
- Measured by: internet.co.uk
- Documentation: internet.com
- To be measured after at, among others: internet.com
Meer documentatie
# level: endpoint
internet_nl_mail_starttls_tls_availableEmail encryption according to NCSC requirements
- Purpose: to be able to send encrypted e-mail to the mail server as a sender.
- Heaviest rating:Orange
- Measured by: internet.co.uk
- Documentation: internet.com
- To be measured after at, among others: internet.com
Meer documentatie
# level: endpoint
internet_nl_mail_dashboard_tlsLocation of server (IP Geolocation)
- Purpose: Processing data in NL/EU, measure legal requirements. Ensure that all services are on their own (legal) territory.
- Heaviest rating:Green (during introductory period),Orange after October 2023
- Measured with: Maxmind, Ripe (for some corrections)
- Documentation: Law banning data processing outside EU (Matomo)
- Checkable on sites such as: InfoByIP, geolocation.com, iplocation.io (not all of these sites have the same geolocation database)
Meer documentatie
# level: url
location_server
location_mail_server
location_third_party_website_contentOther Website headers (X-Frame-Options etc)
- Purpose: Secure settings when visiting website
- Heaviest rating:Orange (no CSP AND x-frame-options),Green (rest)
- Measured with: Own scanner
- Documentation: General (OWASP), CSP header, Permissions Policy, Referrer Policy, X-Content-Type-Options, Clickjacking,
- Checkable at: securityheaders.com, internet.com, among others
Meer documentatie
# level: endpoint
http_security_header_x_content_type_options
http_security_header_x_frame_options
http_security_header_referrer_policy (unpublished)
internet_nl_web_appsecpriv_csp (unpublished)
http_security_header_permissions_policy (unpublished)