Paramètres d'affichage

Choisissez un thème pour personnaliser l'apparence du site.

https://dashlord.incubateur.ademe.fr

25 minutes

incubateur

tools

Copie d'écran de https://dashlord.incubateur.ademe.fr

Nmap

Scan Summary :

A

severityservicevulnerability

info

http (port:80)

info

https (port:443)
Consulter le rapport détaillé

Mozilla HTTP observatory

Scan Summary :

D

ImpactDescriptionDocumentation

-25

Content Security Policy (CSP) header not implemented

-20

Strict-Transport-Security header not implemented.

Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).

-20

X-Frame-Options (XFO) header not implemented.

Documentation for x-frame-options-sameorigin-or-deny

-5

X-Content-Type-Options header not implemented.

Documentation for x-content-type-options-nosniff

Rapport détaillé

SSL

Scan Summary :

A


Grade capped to A. HSTS is not offered


Expiration : 06/07/2025

Rapport détaillé

Scan OWASP25 minutes

riskname

Medium (High)

Content Security Policy (CSP) Header Not Set

Medium (Medium)

Cross-Domain Misconfiguration

Medium (Medium)

Missing Anti-clickjacking Header

Medium (Medium)

Source Code Disclosure - Java

Low (High)

Strict-Transport-Security Header Not Set

Low (Medium)

Insufficient Site Isolation Against Spectre Vulnerability

Low (Medium)

Permissions Policy Header Not Set

Low (Medium)

Private IP Disclosure

Low (Medium)

X-Content-Type-Options Header Missing

Low (Low)

Dangerous JS Functions

Low (Low)

Timestamp Disclosure - Unix

Informational (High)

Sec-Fetch-Dest Header is Missing

Informational (High)

Sec-Fetch-Mode Header is Missing

Informational (High)

Sec-Fetch-Site Header is Missing

Informational (High)

Sec-Fetch-User Header is Missing

Informational (Medium)

Base64 Disclosure

Informational (Medium)

Modern Web Application

Informational (Medium)

Retrieved from Cache

Informational (Medium)

Storable and Cacheable Content

Informational (Low)

Information Disclosure - Suspicious Comments

Informational (Low)

Re-examine Cache-control Directives

Rapport détaillé

Nuclei15 minutes

SéveritéNameMatcher

info

CAA Recordcaa-fingerprint

info

DNS SaaS Service Detectiongithub

info

Wappalyzer Technology Detectionnext.js

info

HTTP Missing Security Headersstrict-transport-security

info

HTTP Missing Security Headerscontent-security-policy

info

HTTP Missing Security Headersx-content-type-options

info

HTTP Missing Security Headersreferrer-policy

info

HTTP Missing Security Headerscross-origin-embedder-policy

info

HTTP Missing Security Headerscross-origin-opener-policy

info

HTTP Missing Security Headerspermissions-policy

info

HTTP Missing Security Headersx-frame-options

info

HTTP Missing Security Headersx-permitted-cross-domain-policies

info

HTTP Missing Security Headersclear-site-data

info

HTTP Missing Security Headerscross-origin-resource-policy

info

robots.txt endpoint proberrobots-txt-endpoint

info

WAF Detectionvarnish

info

Detect SSL Certificate Issuerssl-issuer

info

SSL DNS Namesssl-dns-names

info

TLS Version - Detecttls-version

info

TLS Version - Detecttls-version