Skip to content
Start free scan
  1. Home
  2. /Knowledge Base
  3. /What does the Internet.nl website test measure?
What does the Internet.nl website test measure?

What does the Internet.nl website test measure?

6 min read below · WebYes knowledge base

Independent website test for IPv6, DNSSEC and HTTPS. Learn what the score means and how it relates to WebYes.

The website test from the Dutch Internet Standards Platform checks whether your website, email service or connection supports modern standards such as IPv6, DNSSEC, HTTPS and (for email) DMARC. A 100% score means you meet the current test norm, not that your site is fully secure or that you earn the WebYes keurmerk.

  • What does this check actually measure?
  • The website test: what is measured?
  • How do the score and the Hall of Fame work?
  • TLS test and the 2025 NCSC guidelines
  • This check versus the WebYes scan
  • Read more
  • Related articles
  • FAQ

On this page

  • What does this check actually measure?
  • The website test: what is measured?
  • How do the score and the Hall of Fame work?
  • TLS test and the 2025 NCSC guidelines
  • This check versus the WebYes scan
  • Read more
  • Related articles
  • FAQ

Read more

Free WebYes scan live: four pillars tested

The free WebYes scan is live in beta. Scan up to six pages for speed, security, mobile and accessibility, and see what comes next toward the keurmerk.

Share this article

Share on LinkedInShare on X

What does this check actually measure?

Internet.nl is an initiative of the Dutch Internet Standards Platform: a collaboration between the internet community and the Dutch government. The goal is wider use of open standards that make the internet more accessible, safer and more reliable. The tool is free, open source, and meant as a standards compliance check, not a full security audit.

There are three main tests: a website test, an email test and a connection test. Depending on the type, the tool looks at IPv6, DNSSEC, HTTPS/TLS, security options, RPKI, and for email at standards such as DMARC, STARTTLS and DANE. Not every standard that is mandatory for Dutch government organisations is (fully) included in the score; that is stated clearly in the report FAQ.

The website test is the most relevant for most site owners. You enter a domain name and receive a report with a percentage score plus results per category and subtest. You can share that report with your host via the permalink.

The website test: what is measured?

After you enter a domain name, the website test checks whether your site supports modern internet standards. The categories in the report are:

Categories in the website test
CategoryWhat is checked
IPv6Is the site reachable via modern addresses?
DNSSECIs the domain name digitally signed?
HTTPSIs the connection securely configured (TLS)?
Security optionsAre relevant security options set?
RPKIIs route authorisation in order?

HTTPS covers more than the padlock in the browser. It includes TLS configuration, redirects and related options. Security options touch topics you also know from our pages on SSL certificates and security headers, but the tool judges those at host and infrastructure level, not page by page like a product scan.

How do the score and the Hall of Fame work?

The scoring logic is explained in the platform FAQ about the test report. Each main test produces a percentage score. Test categories weigh evenly: with five categories, each counts for at most 20%. Only subtests with status REQUIRED weigh in the category and overall score. RECOMMENDED and OPTIONAL may warn or inform, but they do not lower the percentage.

The norm is based on the Netherlands Standardisation Forum's list of open standards, NCSC-NL advice and relevant IETF RFCs. A 100% score means you meet the current test norm. It does not automatically mean you comply with all mandatory government standards, and it is not proof that your online service is fully secure. The platform explicitly calls itself a standards compliance test, not a security test.

Sites with a perfect 100% score are added to the Hall of Fame. The norm evolves with the state of the art; changes are announced via news posts. New subtests often start as RECOMMENDED or OPTIONAL and only later become REQUIRED.

TLS test and the 2025 NCSC guidelines

In release 1.11, the TLS test was updated to match NCSC-NL's ICT Security Guidelines for Transport Layer Security (2025-05 version). According to the news post of 21 April 2026 (updated 14 July 2026), websites and mail servers that previously passed may now show new areas for improvement. That is not an error in your old report, but a stricter yardstick.

NCSC distinguishes four levels. Settings rated 'Good' and 'Sufficient' pass this check. 'To be phased out' shows a warning. 'Insufficient' fails and lowers the score. Post-quantum cryptography is covered in the NCSC guidelines; the platform does not yet show whether a server supports those algorithms, but has that on the roadmap.

In practice: if your TLS score drops after a test-norm update, start with the HTTPS subtests. Often the issue is outdated ciphers, short keys or TLS options that NCSC now classifies as insufficient or phase-out. Talk to your host or CDN provider and share the report permalink.

This check versus the WebYes scan

The standards check is not a WebYes keurmerk, and vice versa. They measure overlapping themes (HTTPS, TLS, headers) but at different layers. The Internet Standards Platform checks host and infrastructure standards: IPv6, DNSSEC, RPKI, deep TLS configuration, email standards. WebYes scans pages within the security pillar: valid certificate, HTTPS redirect, security headers on scanned URLs, plus the other pillars speed, accessibility and mobile.

A site can score 100% on the website test and still drop below WebYes's floor of 60 in the security pillar, for example because headers are missing on deep pages or a certificate issue only shows on certain hosts. Conversely, a site can pass WebYes thresholds while DNSSEC or IPv6 is still missing: those points are not in the same product measurement.

Use them side by side. Start with the free WebYes scan for quick page-level diagnosis and fix guidance. Then run the website test if you want to know whether your infrastructure meets modern standards. Only the WebYes measurement counts for the keurmerk (average ≥80, each pillar ≥60). The external check remains a valuable independent reference, not a replacement.

Read more

  • Platform Internetstandaarden - websitetest
  • Strict-Transport-Security (HSTS) - MDN
  • Content Security Policy (CSP) - MDN

Related articles

SSL certificate: why your website needs HTTPS

SSL certificate: why your website needs HTTPS

An SSL certificate encrypts traffic between visitor and website. Read how HTTPS works, which certificate types exist and how to check your site.

Security headers: which ones does your website need?

Security headers: which ones does your website need?

Security headers protect visitors against eavesdropping, XSS and clickjacking. Find out which headers you need and how to set them up safely.

Frequently asked questions

Does a 100% website-test score mean my site is secure?

No. It is a standards compliance test. Many tested standards improve reliability and security, but a perfect score does not mean your service is fully secure. Other aspects (application code, updates, access control) are out of scope.

Does this check replace the WebYes keurmerk?

No. The platform measures modern internet standards at host and infrastructure level. WebYes measures four product pillars on scanned pages and ties that to a paid keurmerk with register and badge. The tools complement each other; they are not interchangeable.

Which test should I run first?

For most website owners: first the free WebYes scan (certificate, HTTPS redirect, headers, plus the other pillars), then the website test for IPv6, DNSSEC, deeper TLS and RPKI. For email issues, use the separate email test on the same platform.

Why did my score drop after a test-norm update?

The test norm is tightened over time. Release 1.11 followed the 2025 NCSC TLS guidelines; earlier 'passed' results may therefore show new warnings or fails. Read the release notes and resolve the new REQUIRED subtests with your host.

The WebYes scan measures this too

Scan your website for free on speed, security, mobile and accessibility and see where you stand.

Start free scan
webyes

Het onafhankelijke keurmerk voor Nederlandse websites. Kalm, transparant, jaarlijks herkeurd.

Start gratis scan

Keurmerk

  • Start gratis scan
  • Hoe het werkt
  • Keurmerkregister
  • Prijzen
  • Veelgestelde vragen

Kennis

  • Kennisbank
  • Blog
  • Jaarrapport

Bedrijf

  • Over ons
  • Contact
  • Mijn account

Juridisch

  • Privacybeleid
  • Algemene voorwaarden
  • Cookies
© 2026 WebYesGebouwd in Nederland.

    Jaarrapport in de maak. In de maak: het jaarrapport over de staat van het Nederlandse web. Lees meer →

    webyes
    WerkwijzePrijzenRegisterKennisbankOver ons
    InloggenStart gratis scan