anais.beta.gouv.fr

Maîtriser notre espace maritime

environ 6 heures

fabnumdef

fiche beta.gouv.fr

Nmap

Scan Summary :

Scan Summary :

Impact	Description	Documentation
-20	Content Security Policy (CSP) implemented unsafely. This includes `'unsafe-inline'` or `data:` inside `script-src`, overly broad sources such as `https:` inside `object-src` or `script-src`, or not restricting the sources for `object-src` or `script-src`.	Remove `unsafe-inline` and `data:` from `script-src`, overly broad sources from `object-src` and `script-src`, and ensure `object-src` and `script-src` are set.
-10	Session cookie set without the `Secure` flag, but transmission over HTTP prevented by HSTS.	Documentation for cookies-secure-with-httponly-sessions

Scan Summary :

A+

risk	name
Medium (High)	CSP: Failure to Define Directive with No Fallback
Medium (High)	CSP: Wildcard Directive
Medium (High)	CSP: script-src unsafe-inline
Medium (High)	CSP: style-src unsafe-inline
Medium (Low)	Absence of Anti-CSRF Tokens
Low (Medium)	Cookie Without Secure Flag
Low (Medium)	Cookie with SameSite Attribute None
Low (Medium)	Cookie without SameSite Attribute
Low (Medium)	Insufficient Site Isolation Against Spectre Vulnerability
Low (Medium)	Permissions Policy Header Not Set
Low (Low)	Timestamp Disclosure - Unix
Informational (High)	Sec-Fetch-Dest Header is Missing
Informational (High)	Sec-Fetch-Mode Header is Missing
Informational (High)	Sec-Fetch-Site Header is Missing
Informational (High)	Sec-Fetch-User Header is Missing
Informational (Medium)	Base64 Disclosure
Informational (Medium)	Non-Storable Content
Informational (Medium)	Session Management Response Identified
Informational (Low)	Re-examine Cache-control Directives