aidantsconnect.beta.gouv.fr

Accompagnez vos usagers en toute sécurité

environ 12 heures

anct

fiche beta.gouv.fr

Nmap

Scan Summary :

Scan Summary :

B-

Impact	Description	Documentation
-20	Content Security Policy (CSP) implemented, but secure site allows resources to be loaded over HTTP	Load resources over HTTPS and remove any HTTP sources from your CSP.
-10	`Strict-Transport-Security` header set to less than six months (15768000).	Increase HSTS period.
-5	Subresource Integrity (SRI) not implemented, but all external scripts are loaded over HTTPS.	Add SRI to external scripts.

Scan Summary :

A-

risk	name
Medium (High)	CSP: Failure to Define Directive with No Fallback
Medium (High)	Sub Resource Integrity Attribute Missing
Medium (Medium)	Cross-Domain Misconfiguration
Low (High)	CSP: Notices
Low (Medium)	Cookie No HttpOnly Flag
Low (Medium)	Cross-Domain JavaScript Source File Inclusion
Low (Medium)	Insufficient Site Isolation Against Spectre Vulnerability
Low (Medium)	Permissions Policy Header Not Set
Informational (High)	Sec-Fetch-Dest Header is Missing
Informational (High)	Sec-Fetch-Mode Header is Missing
Informational (High)	Sec-Fetch-Site Header is Missing
Informational (High)	Sec-Fetch-User Header is Missing
Informational (Medium)	Base64 Disclosure
Informational (Medium)	Modern Web Application
Informational (Medium)	Non-Storable Content
Informational (Medium)	Session Management Response Identified
Informational (Medium)	Storable and Cacheable Content
Informational (Low)	Information Disclosure - Suspicious Comments
Informational (Low)	Re-examine Cache-control Directives
Informational (Low)	User Controllable HTML Element Attribute (Potential XSS)