Test that https page for insecure content here:
http://www.whynopadlock.com/check.phpAnother check I did with this extension in Google Chrome: RECX HTTP Header and Cookie Security Analyzer
from Recx Ltd -
www.recx.co.uk results:
Analysis results for:
https://www.security.nl/HTTP security headers
Name Value Setting secure Secure connection
x-frame-options deny
OK - follows best practice
OK - follows best practice
cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
OK - follows best practice
OK - follows best practice
strict-transport-security max-age=31536000
OK - follows best practice
OK - follows best practice
x-content-type-options N/A
Investigate - does not follow best practice
OK - follows best practice
x-xss-protection N/A
Investigate - does not follow best practice
OK - follows best practice
x-content-security-policy N/A
Investigate - does not follow best practice
OK - follows best practice
access-control-allow-origin N/A
OK - follows best practice
OK - follows best practice
Show all HTTP headers.
Cookie information (1 cookies)
Name Domain Secure attribute HTTP only attribute Host only attribute Secure connection
sessionid .www.security.nl
Information - no risk or does not apply
OK - follows best practice
Show extended cookie properties.
Page meta security headers
Name Value Setting secure Secure connection
polonus