Diagnostics

Metrics

http

ident

excw

unknown

iphone-sync

LFR_SESSION_STATE_20119

GUEST_LANGUAGE_ID

COOKIE_SUPPORT

JSESSIONID

Liferay is an open-source company that provides free documentation and paid professional service to users of its software.

Liferay

Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.

Java

Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.

Bootstrap

AlloyUI

Apache is a free and open-source cross-platform web server software.

Apache HTTP Server

YUI is a JavaScript and CSS library with more than 30 unique components including low-level DOM utilities and high-level user-interface widgets.

Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm.

Lodash

jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.

jQuery

Absence of Anti-CSRF Tokens

Content Security Policy (CSP) Header Not Set

Multiple X-Frame-Options Header Entries

Sub Resource Integrity Attribute Missing

Vulnerable JS Library

CSP: X-WebKit-CSP

Cookie without SameSite Attribute

Cross-Domain JavaScript Source File Inclusion

Dangerous JS Functions

Insufficient Site Isolation Against Spectre Vulnerability

Permissions Policy Header Not Set

Strict-Transport-Security Header Not Set

Base64 Disclosure

Information Disclosure - Suspicious Comments

Loosely Scoped Cookie

Modern Web Application

Non-Storable Content

Obsolete Content Security Policy (CSP) Header Found

Sec-Fetch-Dest Header is Missing

Sec-Fetch-Mode Header is Missing

Sec-Fetch-Site Header is Missing

Sec-Fetch-User Header is Missing

Session Management Response Identified

Storable and Cacheable Content

severity	service	vulnerability
info	http (port:80)
info	ident (port:113)
info	http (port:443)
info	excw (port:1271)
info	unknown (port:26214)
info	iphone-sync (port:62078)
info	unknown (port:65129)

Impact	Description	Documentation
-25	Content Security Policy (CSP) header not implemented	Implement one, see MDN's Content Security Policy (CSP) documentation.
-20	`Strict-Transport-Security` header not implemented.	Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).
-20	`X-Frame-Options` (XFO) header cannot be recognized.	Documentation for x-frame-options-sameorigin-or-deny
-5	Subresource Integrity (SRI) not implemented, but all external scripts are loaded over HTTPS.	Add SRI to external scripts.

risk	name
Medium (High)	Content Security Policy (CSP) Header Not Set
Medium (High)	Sub Resource Integrity Attribute Missing
Medium (Medium)	Multiple X-Frame-Options Header Entries
Medium (Medium)	Vulnerable JS Library
Medium (Low)	Absence of Anti-CSRF Tokens
Low (High)	CSP: X-WebKit-CSP
Low (High)	Strict-Transport-Security Header Not Set
Low (Medium)	Cookie without SameSite Attribute
Low (Medium)	Cross-Domain JavaScript Source File Inclusion
Low (Medium)	Insufficient Site Isolation Against Spectre Vulnerability
Low (Medium)	Permissions Policy Header Not Set
Low (Low)	Dangerous JS Functions
Informational (High)	Obsolete Content Security Policy (CSP) Header Found
Informational (High)	Sec-Fetch-Dest Header is Missing
Informational (High)	Sec-Fetch-Mode Header is Missing
Informational (High)	Sec-Fetch-Site Header is Missing
Informational (High)	Sec-Fetch-User Header is Missing
Informational (Medium)	Base64 Disclosure
Informational (Medium)	Modern Web Application
Informational (Medium)	Non-Storable Content
Informational (Medium)	Session Management Response Identified
Informational (Medium)	Storable and Cacheable Content
Informational (Low)	Information Disclosure - Suspicious Comments
Informational (Low)	Loosely Scoped Cookie

https://annuaire.sante.fr

Nmap

Mozilla HTTP observatory

SSL

Grade capped to A. HSTS is not offered

Expiration : 09/08/2025

Scan OWASP7 jours