Paramètres d'affichage

Choisissez un thème pour personnaliser l'apparence du site.

https://portal.api.esante.gouv.fr

6 jours
Copie d'écran de https://portal.api.esante.gouv.fr

Nmap

Scan Summary :

A

severityservicevulnerability

info

https (port:443)
Consulter le rapport détaillé

Mozilla HTTP observatory

Scan Summary :

B+

ImpactDescriptionDocumentation

-20

Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src.

Remove unsafe-inline and data: from script-src, overly broad sources from object-src and script-src, and ensure object-src and script-src are set.

Rapport détaillé

SSL

Scan Summary :

A+


Expiration : 12/07/2025

Rapport détaillé

Scan OWASP6 jours

riskname

Medium (High)

CSP: Failure to Define Directive with No Fallback

Medium (High)

CSP: Wildcard Directive

Medium (High)

CSP: script-src unsafe-inline

Medium (High)

CSP: style-src unsafe-inline

Low (Medium)

Insufficient Site Isolation Against Spectre Vulnerability

Low (Medium)

Permissions Policy Header Not Set

Low (Medium)

Private IP Disclosure

Low (Low)

Dangerous JS Functions

Low (Low)

Timestamp Disclosure - Unix

Informational (High)

Sec-Fetch-Dest Header is Missing

Informational (High)

Sec-Fetch-Mode Header is Missing

Informational (High)

Sec-Fetch-Site Header is Missing

Informational (High)

Sec-Fetch-User Header is Missing

Informational (Medium)

Base64 Disclosure

Informational (Medium)

Modern Web Application

Informational (Medium)

Storable and Cacheable Content

Informational (Low)

Information Disclosure - Suspicious Comments

Informational (Low)

Re-examine Cache-control Directives

Rapport détaillé

Nuclei15 jours

SéveritéNameMatcher

info

CAA Recordcaa-fingerprint

info

HTTP Missing Security Headersreferrer-policy

info

HTTP Missing Security Headerscross-origin-resource-policy

info

HTTP Missing Security Headerspermissions-policy

info

HTTP Missing Security Headersx-frame-options

info

HTTP Missing Security Headersx-content-type-options

info

HTTP Missing Security Headerscross-origin-embedder-policy

info

HTTP Missing Security Headerscross-origin-opener-policy

info

HTTP Missing Security Headerscontent-security-policy

info

HTTP Missing Security Headersx-permitted-cross-domain-policies

info

HTTP Missing Security Headersclear-site-data

info

WAF Detectionapachegeneric

info

Detect SSL Certificate Issuerssl-issuer

info

SSL DNS Namesssl-dns-names

info

Wildcard TLS Certificatewildcard-tls

info

TLS Version - Detecttls-version