Nmap
| severity | service | vulnerability |
info | http (port:80) | |
info | ident (port:113) | |
info | http (port:443) |
Mozilla HTTP observatory
| Impact | Description | Documentation |
Content Security Policy (CSP) header not implemented | Implement one, see MDN's Content Security Policy (CSP) documentation. | |
Cookies set without using the | Documentation for cookies-secure-with-httponly-sessions | |
Initial redirection from HTTP to HTTPS is to a different host, preventing HSTS. | Documentation for redirection-to-https |
Scan OWASP
| risk | name |
Medium (High) | Content Security Policy (CSP) Header Not Set |
Medium (High) | Sub Resource Integrity Attribute Missing |
Medium (Medium) | Vulnerable JS Library |
Medium (Low) | Absence of Anti-CSRF Tokens |
Low (Medium) | Application Error Disclosure |
Low (Medium) | Cookie Without Secure Flag |
Low (Medium) | Cookie without SameSite Attribute |
Low (Medium) | Cross-Domain JavaScript Source File Inclusion |
Low (Medium) | Insufficient Site Isolation Against Spectre Vulnerability |
Low (Medium) | Permissions Policy Header Not Set |
Low (Low) | Dangerous JS Functions |
Low (Low) | Timestamp Disclosure - Unix |
Informational (High) | Sec-Fetch-Dest Header is Missing |
Informational (High) | Sec-Fetch-Mode Header is Missing |
Informational (High) | Sec-Fetch-Site Header is Missing |
Informational (High) | Sec-Fetch-User Header is Missing |
Informational (Medium) | Base64 Disclosure |
Informational (Medium) | Modern Web Application |
Informational (Medium) | Non-Storable Content |
Informational (Medium) | Session Management Response Identified |
Informational (Medium) | Storable and Cacheable Content |
Informational (Low) | Charset Mismatch (Header Versus Meta Content-Type Charset) |
Informational (Low) | Information Disclosure - Suspicious Comments |
Informational (Low) | Re-examine Cache-control Directives |