Paramètres d'affichage

Choisissez un thème pour personnaliser l'apparence du site.

https://jafer.beta.gouv.fr

Diminuer les délais de prise en charge, par les espaces de rencontre, des mesures judiciaires ordonnant des visites parent/enfant
environ 1 heure

justice

fiche beta.gouv.fr

Copie d'écran de https://jafer.beta.gouv.fr

Nmap

Scan Summary :

B

severityservicevulnerability

info

http (port:80)

info

http (port:443)

info

http (port:8080)

info

http (port:8443)
Consulter le rapport détaillé

Mozilla HTTP observatory

Scan Summary :

F

ImpactDescriptionDocumentation

-50

Subresource Integrity (SRI) not implemented, and external scripts are loaded over HTTP or use protocol-relative URLs via src="//...".

Load external scripts over HTTPS, and add SRI to them.

-20

Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src.

Remove unsafe-inline and data: from script-src, overly broad sources from object-src and script-src, and ensure object-src and script-src are set.

-20

Strict-Transport-Security header not implemented.

Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).

-5

Referrer-Policy header set unsafely to origin, origin-when-cross-origin, unsafe-url or no-referrer-when-downgrade.

Documentation for referrer-policy-private

-5

X-Content-Type-Options header not implemented.

Documentation for x-content-type-options-nosniff

Rapport détaillé

SSL

Scan Summary :

A


Grade capped to A. HSTS is not offered

Rapport détaillé

Scan OWASPenviron 1 heure

riskname

Medium (High)

CSP: Failure to Define Directive with No Fallback

Medium (High)

CSP: Wildcard Directive

Medium (High)

CSP: script-src unsafe-inline

Medium (High)

CSP: style-src unsafe-inline

Medium (High)

Content Security Policy (CSP) Header Not Set

Medium (High)

Sub Resource Integrity Attribute Missing

Medium (Medium)

Cross-Domain Misconfiguration

Low (High)

Strict-Transport-Security Header Not Set

Low (Medium)

Cookie No HttpOnly Flag

Low (Medium)

Cookie without SameSite Attribute

Low (Medium)

Cross-Domain JavaScript Source File Inclusion

Low (Medium)

Insufficient Site Isolation Against Spectre Vulnerability

Low (Medium)

Permissions Policy Header Not Set

Low (Medium)

Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

Low (Medium)

X-Content-Type-Options Header Missing

Low (Low)

Dangerous JS Functions

Low (Low)

Timestamp Disclosure - Unix

Informational (High)

Sec-Fetch-Dest Header is Missing

Informational (High)

Sec-Fetch-Mode Header is Missing

Informational (High)

Sec-Fetch-Site Header is Missing

Informational (High)

Sec-Fetch-User Header is Missing

Informational (Medium)

Base64 Disclosure

Informational (Medium)

Modern Web Application

Informational (Medium)

Non-Storable Content

Informational (Medium)

Retrieved from Cache

Informational (Medium)

Session Management Response Identified

Informational (Medium)

Storable and Cacheable Content

Informational (Low)

Information Disclosure - Suspicious Comments

Informational (Low)

Re-examine Cache-control Directives

Rapport détaillé