plusfraichemaville.fr

environ 8 heures

startup

production

ADEME

Nmap

Scan Summary :

Scan Summary :

C+

Impact	Description	Documentation
-20	Does not redirect to an HTTPS site.	Documentation for redirection-to-https
-20	`Strict-Transport-Security` header not implemented.	Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).

Scan Summary :

risk	name
Medium (High)	CSP: style-src unsafe-inline
Low (High)	Strict-Transport-Security Header Not Set
Low (Medium)	Insufficient Site Isolation Against Spectre Vulnerability
Low (Medium)	Permissions Policy Header Not Set
Low (Medium)	Private IP Disclosure
Low (Medium)	Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)
Low (Low)	Timestamp Disclosure - Unix
Informational (High)	Sec-Fetch-Dest Header is Missing
Informational (High)	Sec-Fetch-Mode Header is Missing
Informational (High)	Sec-Fetch-Site Header is Missing
Informational (High)	Sec-Fetch-User Header is Missing
Informational (Medium)	Base64 Disclosure
Informational (Medium)	Content-Type Header Missing
Informational (Medium)	Modern Web Application
Informational (Medium)	Non-Storable Content
Informational (Medium)	Session Management Response Identified
Informational (Medium)	Storable but Non-Cacheable Content
Informational (Low)	Information Disclosure - Suspicious Comments
Informational (Low)	Re-examine Cache-control Directives
Informational (Low)	User Controllable HTML Element Attribute (Potential XSS)