default-src none; connect-src 'self' http://*.si-vic.sante.gouv.fr https://geo.api.gouv.fr https://player.lemonlearning.com https://integrity.lemonlearning.com; font-src 'self' data:; img-src 'self' https://player.lemonlearning.com https://admin.lemonlearning.com https://static.lemonlearning.com https://files.lemonlearning.com https://editor.lemonlearning.com https://library.lemonlearning.com https://stats.lemonlearning.com https://api.lemonlearning.com data:; script-src 'self' https://cdn.lemonlearning.com https://player.lemonlearning.com https://admin.lemonlearning.com https://static.lemonlearning.com https://files.lemonlearning.com https://editor.lemonlearning.com https://library.lemonlearning.com https://stats.lemonlearning.com https://api.lemonlearning.com https://integrity.lemonlearning.com; style-src 'self' 'unsafe-inline' https://cdn.lemonlearning.com https://player.lemonlearning.com https://admin.lemonlearning.com https://static.lemonlearning.com https://files.lemonlearning.com https://editor.lemonlearning.com https://library.lemonlearning.com https://stats.lemonlearning.com https://api.lemonlearning.com https://integrity.lemonlearning.com; frame-ancestors none; frame-src http://*.si-vic.sante.gouv.fr https://player.lemonlearning.com https://admin.lemonlearning.com https://static.lemonlearning.com https://files.lemonlearning.com https://editor.lemonlearning.com https://library.lemonlearning.com https://stats.lemonlearning.com https://api.lemonlearning.com

Diagnostics

Metrics

http

https

TYPO3 is a free and open-source Web content management system written in PHP.

TYPO3 CMS

PHP is a general-purpose scripting language used for web development.

TypeScript is an open-source language which builds on JavaScript  by adding static type definitions.

TypeScript

Quill is a free open-source WYSIWYG editor.

Quill

Chart.js is an open-source JavaScript library that allows you to draw different types of charts by using the HTML5 canvas element.

Chart.js

Zone.js

Angular is a TypeScript-based open-source web application framework led by the Angular Team at Google.

Angular

Apache is a free and open-source cross-platform web server software.

Apache HTTP Server

Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm.

Lodash

core-js is a modular standard library for JavaScript, with polyfills for cutting-edge ECMAScript features.

core-js

Mailjet is an email delivery service for marketing and developer teams.

Mailjet

Webpack is an open-source JavaScript module bundler.

severity	service	vulnerability
info	http (port:80)
info	https (port:443)

Impact	Description	Documentation
-20	Content Security Policy (CSP) implemented, but secure site allows resources to be loaded over HTTP	Load resources over HTTPS and remove any HTTP sources from your CSP.
-20	`Strict-Transport-Security` header not implemented.	Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).

risk	name
Medium (High)	CSP: Failure to Define Directive with No Fallback
Medium (High)	CSP: style-src unsafe-inline
Low (High)	CSP: Notices
Low (High)	Strict-Transport-Security Header Not Set
Low (Medium)	Insufficient Site Isolation Against Spectre Vulnerability
Low (Medium)	Permissions Policy Header Not Set
Low (Low)	Dangerous JS Functions
Low (Low)	Timestamp Disclosure - Unix
Informational (High)	CSP: Header & Meta
Informational (High)	Sec-Fetch-Dest Header is Missing
Informational (High)	Sec-Fetch-Mode Header is Missing
Informational (High)	Sec-Fetch-Site Header is Missing
Informational (High)	Sec-Fetch-User Header is Missing
Informational (Medium)	Base64 Disclosure
Informational (Medium)	Modern Web Application
Informational (Medium)	Storable and Cacheable Content
Informational (Low)	Information Disclosure - Suspicious Comments
Informational (Low)	Re-examine Cache-control Directives

https://si-vic.sante.gouv.fr

Nmap

Mozilla HTTP observatory

SSL

Grade capped to A. HSTS is not offered

Expiration : 13/06/2025

Scan OWASP7 jours