transport.data.gouv.fr

Faciliter l'accès à l’information voyageur pour tous, partout en France, grâce à l’ouverture des données.

environ 7 heures

mtes

fiche beta.gouv.fr

Nmap

Scan Summary :

Scan Summary :

D+

Impact	Description	Documentation
-20	Content Security Policy (CSP) implemented unsafely. This includes `'unsafe-inline'` or `data:` inside `script-src`, overly broad sources such as `https:` inside `object-src` or `script-src`, or not restricting the sources for `object-src` or `script-src`.	Remove `unsafe-inline` and `data:` from `script-src`, overly broad sources from `object-src` and `script-src`, and ensure `object-src` and `script-src` are set.
-20	Cookies set without using the `Secure` flag or set over HTTP.	Documentation for cookies-secure-with-httponly-sessions
-20	`Strict-Transport-Security` header not implemented.	Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).

risk	name
Medium (High)	CSP: Failure to Define Directive with No Fallback
Medium (High)	CSP: Wildcard Directive
Medium (High)	CSP: script-src unsafe-eval
Medium (High)	CSP: script-src unsafe-inline
Medium (Low)	Absence of Anti-CSRF Tokens
Low (High)	CSP: Notices
Low (High)	Strict-Transport-Security Header Not Set
Low (Medium)	Cookie Without Secure Flag
Low (Medium)	Insufficient Site Isolation Against Spectre Vulnerability
Low (Medium)	Permissions Policy Header Not Set
Informational (High)	Sec-Fetch-Dest Header is Missing
Informational (High)	Sec-Fetch-Mode Header is Missing
Informational (High)	Sec-Fetch-Site Header is Missing
Informational (High)	Sec-Fetch-User Header is Missing
Informational (Medium)	Base64 Disclosure
Informational (Medium)	Modern Web Application
Informational (Medium)	Non-Storable Content
Informational (Medium)	Session Management Response Identified
Informational (Low)	Re-examine Cache-control Directives