simucalculreprise

Soutenir la reprise d'activité des personnes en demande d'emploi en facilitant l'accès à l'information concernant les aides financières

16 jours

pole-emploi

fiche beta.gouv.fr

Mozilla HTTP observatory

Scan Summary :

Impact	Description	Documentation
-25	Content Security Policy (CSP) header not implemented	Implement one, see MDN's Content Security Policy (CSP) documentation.
-20	`Strict-Transport-Security` header not implemented.	Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).
-20	`X-Frame-Options` (XFO) header not implemented.	Documentation for x-frame-options-sameorigin-or-deny
-5	`X-Content-Type-Options` header cannot be recognized.	Documentation for x-content-type-options-nosniff

Scan Summary :

risk	name
Medium (High)	Content Security Policy (CSP) Header Not Set
Medium (Medium)	Missing Anti-clickjacking Header
Low (High)	Strict-Transport-Security Header Not Set
Low (Medium)	Cookie No HttpOnly Flag
Low (Medium)	Cookie Without Secure Flag
Low (Medium)	Cookie without SameSite Attribute
Low (Medium)	Insufficient Site Isolation Against Spectre Vulnerability
Low (Medium)	Permissions Policy Header Not Set
Low (Low)	Timestamp Disclosure - Unix
Informational (High)	Sec-Fetch-Dest Header is Missing
Informational (High)	Sec-Fetch-Mode Header is Missing
Informational (High)	Sec-Fetch-Site Header is Missing
Informational (High)	Sec-Fetch-User Header is Missing
Informational (Medium)	Base64 Disclosure
Informational (Medium)	Modern Web Application
Informational (Medium)	Non-Storable Content
Informational (Medium)	Session Management Response Identified
Informational (Medium)	Storable and Cacheable Content
Informational (Low)	Re-examine Cache-control Directives