Paramètres d'affichage

Choisissez un thème pour personnaliser l'apparence du site.

https://diagcps.eservices.esante.gouv.fr

7 jours
Copie d'écran de https://diagcps.eservices.esante.gouv.fr

Nmap

Scan Summary :

F

severityservicevulnerability

error

http (port:80)
127 vulnérabilité(s) trouvée(s) :

error

http (port:443)
127 vulnérabilité(s) trouvée(s) :

error

ssh (port:22)

info

ldap (port:389)

info

ldapssl (port:636)

info

zeus-admin (port:9090)
Consulter le rapport détaillé

Mozilla HTTP observatory

Scan Summary :

D

ImpactDescriptionDocumentation

-25

Content Security Policy (CSP) header not implemented

-20

Strict-Transport-Security header not implemented.

Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).

-20

X-Frame-Options (XFO) header not implemented.

Documentation for x-frame-options-sameorigin-or-deny

-5

X-Content-Type-Options header not implemented.

Documentation for x-content-type-options-nosniff

Rapport détaillé

SSL

Scan Summary :

A


Grade capped to A. HSTS is not offered


Expiration : 24/05/2025

Rapport détaillé

Scan OWASP7 jours

riskname

High (Medium)

Vulnerable JS Library

Medium (High)

Content Security Policy (CSP) Header Not Set

Medium (Medium)

Missing Anti-clickjacking Header

Medium (Medium)

Vulnerable JS Library

Low (High)

Server Leaks Version Information via "Server" HTTP Response Header Field

Low (High)

Strict-Transport-Security Header Not Set

Low (Medium)

Insufficient Site Isolation Against Spectre Vulnerability

Low (Medium)

Permissions Policy Header Not Set

Low (Medium)

Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

Low (Medium)

X-Content-Type-Options Header Missing

Informational (High)

Sec-Fetch-Dest Header is Missing

Informational (High)

Sec-Fetch-Mode Header is Missing

Informational (High)

Sec-Fetch-Site Header is Missing

Informational (High)

Sec-Fetch-User Header is Missing

Informational (Medium)

Base64 Disclosure

Informational (Medium)

Storable and Cacheable Content

Informational (Low)

Information Disclosure - Suspicious Comments

Informational (Low)

Re-examine Cache-control Directives

Rapport détaillé

Nuclei22 jours

SéveritéNameMatcher

info

CAA Recordcaa-fingerprint

info

DOM EventListener - Cross-Site Scriptingaddeventlistener-detect

info

Apache Detectionapache-detect

info

Openssl Detectopenssl-detect

info

PHP Detectphp-detect

info

Wappalyzer Technology Detectionphp

info

HTTP Missing Security Headerscross-origin-embedder-policy

info

HTTP Missing Security Headersx-frame-options

info

HTTP Missing Security Headersx-content-type-options

info

HTTP Missing Security Headersx-permitted-cross-domain-policies

info

HTTP Missing Security Headersreferrer-policy

info

HTTP Missing Security Headersclear-site-data

info

HTTP Missing Security Headerscross-origin-opener-policy

info

HTTP Missing Security Headerscross-origin-resource-policy

info

HTTP Missing Security Headersstrict-transport-security

info

HTTP Missing Security Headerscontent-security-policy

info

HTTP Missing Security Headerspermissions-policy

info

HTTP TRACE method enabledtrace-request

info

robots.txt endpoint proberrobots-txt-endpoint

info

robots.txt filerobots-txt

info

WAF Detectionapachegeneric

info

OpenSSH Service - Detectopenssh-detect

info

Detect SSL Certificate Issuerssl-issuer

info

SSL DNS Namesssl-dns-names

info

TLS Version - Detecttls-version