https://ma-cantine.agriculture.gouv.fr
Nmap
| severity | service | vulnerability |
info | http (port:80) | |
info | bgp (port:179) | |
info | https (port:443) | |
info | socks (port:1080) | |
info | pvuniwien (port:1081) | |
info | abyss (port:9999) |
Mozilla HTTP observatory
| Impact | Description | Documentation |
Content Security Policy (CSP) implemented unsafely. This includes |
Remove | |
Cookies set without using the | Documentation for cookies-secure-with-httponly-sessions | |
| Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/). |
Scan OWASP
| risk | name |
Medium (High) | CSP: Failure to Define Directive with No Fallback |
Medium (High) | CSP: Wildcard Directive |
Medium (High) | CSP: script-src unsafe-inline |
Medium (High) | CSP: style-src unsafe-inline |
Low (High) | Strict-Transport-Security Header Not Set |
Low (Medium) | Cookie No HttpOnly Flag |
Low (Medium) | Cookie Without Secure Flag |
Low (Medium) | Insufficient Site Isolation Against Spectre Vulnerability |
Low (Medium) | Permissions Policy Header Not Set |
Low (Medium) | Vulnerable JS Library |
Low (Medium) | X-Content-Type-Options Header Missing |
Low (Low) | Timestamp Disclosure - Unix |
Informational (High) | Sec-Fetch-Dest Header is Missing |
Informational (High) | Sec-Fetch-Mode Header is Missing |
Informational (High) | Sec-Fetch-Site Header is Missing |
Informational (High) | Sec-Fetch-User Header is Missing |
Informational (Medium) | Base64 Disclosure |
Informational (Medium) | Modern Web Application |
Informational (Medium) | Session Management Response Identified |
Informational (Medium) | Storable and Cacheable Content |
Informational (Low) | Information Disclosure - Suspicious Comments |
Informational (Low) | Re-examine Cache-control Directives |