opentermsarchive.org

Rééquilibrer le rapport de force entre les fournisseurs de services en ligne et leurs usagers.

environ 5 heures

latelier.numerique.du.ministere.de.leurope.et.des.affaires.etrangeres

fiche beta.gouv.fr

Nmap

Scan Summary :

Scan Summary :

Impact	Description	Documentation
-25	Content Security Policy (CSP) header not implemented	Implement one, see MDN's Content Security Policy (CSP) documentation.
-20	`Strict-Transport-Security` header not implemented.	Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).
-20	`X-Frame-Options` (XFO) header not implemented.	Documentation for x-frame-options-sameorigin-or-deny
-5	`X-Content-Type-Options` header not implemented.	Documentation for x-content-type-options-nosniff

Scan Summary :

risk	name
Medium (High)	CSP: Failure to Define Directive with No Fallback
Medium (High)	CSP: style-src unsafe-inline
Medium (High)	Content Security Policy (CSP) Header Not Set
Medium (Medium)	Cross-Domain Misconfiguration
Medium (Medium)	Missing Anti-clickjacking Header
Medium (Low)	Absence of Anti-CSRF Tokens
Low (High)	Strict-Transport-Security Header Not Set
Low (Medium)	Insufficient Site Isolation Against Spectre Vulnerability
Low (Medium)	Permissions Policy Header Not Set
Low (Medium)	X-Content-Type-Options Header Missing
Informational (High)	CSP: Header & Meta
Informational (High)	Sec-Fetch-Dest Header is Missing
Informational (High)	Sec-Fetch-Mode Header is Missing
Informational (High)	Sec-Fetch-Site Header is Missing
Informational (High)	Sec-Fetch-User Header is Missing
Informational (Medium)	Base64 Disclosure
Informational (Medium)	Retrieved from Cache
Informational (Medium)	Storable and Cacheable Content
Informational (Low)	Information Disclosure - Suspicious Comments
Informational (Low)	Re-examine Cache-control Directives