mon-suivi-justice.beta.gouv.fr

environ 5 heures

startup

Nmap

Scan Summary :

Scan Summary :

Impact	Description	Documentation
-25	Content Security Policy (CSP) header not implemented	Implement one, see MDN's Content Security Policy (CSP) documentation.
-20	Cookies set without using the `Secure` flag or set over HTTP.	Documentation for cookies-secure-with-httponly-sessions
-20	`Strict-Transport-Security` header not implemented.	Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).
-5	Initial redirection from HTTP to HTTPS is to a different host, preventing HSTS.	Documentation for redirection-to-https

Scan Summary :

risk	name
Medium (High)	Content Security Policy (CSP) Header Not Set
Medium (High)	Sub Resource Integrity Attribute Missing
Medium (Low)	Absence of Anti-CSRF Tokens
Low (High)	Strict-Transport-Security Header Not Set
Low (Medium)	Cookie No HttpOnly Flag
Low (Medium)	Cookie Without Secure Flag
Low (Medium)	Cookie without SameSite Attribute
Low (Medium)	Insufficient Site Isolation Against Spectre Vulnerability
Low (Medium)	Permissions Policy Header Not Set
Low (Low)	Timestamp Disclosure - Unix
Informational (High)	Sec-Fetch-Dest Header is Missing
Informational (High)	Sec-Fetch-Mode Header is Missing
Informational (High)	Sec-Fetch-Site Header is Missing
Informational (High)	Sec-Fetch-User Header is Missing
Informational (Medium)	Base64 Disclosure
Informational (Medium)	Modern Web Application
Informational (Medium)	Retrieved from Cache
Informational (Medium)	Session Management Response Identified
Informational (Medium)	Storable and Cacheable Content
Informational (Low)	Re-examine Cache-control Directives