https://preprod.mission-transition-ecologique.incubateur.net
Guider les entreprises dans leur transition écologique
Nmap
Scan Summary :
| severity | service | vulnerability |
info | http (port:80) | |
info | https (port:443) |
Scan OWASP
| risk | name |
Medium (High) | CSP: script-src unsafe-eval |
Medium (High) | CSP: script-src unsafe-inline |
Medium (High) | CSP: style-src unsafe-inline |
Medium (Medium) | Cross-Domain Misconfiguration |
Low (Medium) | Insufficient Site Isolation Against Spectre Vulnerability |
Low (Medium) | Permissions Policy Header Not Set |
Low (Medium) | Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) |
Informational (High) | CSP: Header & Meta |
Informational (High) | Sec-Fetch-Dest Header is Missing |
Informational (High) | Sec-Fetch-Mode Header is Missing |
Informational (High) | Sec-Fetch-Site Header is Missing |
Informational (High) | Sec-Fetch-User Header is Missing |
Informational (Medium) | Base64 Disclosure |
Informational (Medium) | Modern Web Application |
Informational (Medium) | Storable and Cacheable Content |
Informational (Low) | Information Disclosure - Suspicious Comments |
Informational (Low) | Re-examine Cache-control Directives |
Nuclei
| Séverité | Name | Matcher |
unknown | Credentials Disclosure Check | credentials-disclosure |
info | DNS SaaS Service Detection | dns-saas-service-detection |
info | CAA Record | caa-fingerprint |
info | Wappalyzer Technology Detection | nuxt.js |
info | Wappalyzer Technology Detection | vue.js |
info | HTTP Missing Security Headers | clear-site-data |
info | HTTP Missing Security Headers | cross-origin-embedder-policy |
info | robots.txt endpoint prober | robots-txt-endpoint |
info | robots.txt file | robots-txt |
info | Detect SSL Certificate Issuer | ssl-issuer |
info | SSL DNS Names | ssl-dns-names |
info | TLS Version - Detect | tls-version |
info | TLS Version - Detect | tls-version |