Paramètres d'affichage

Choisissez un thème pour personnaliser l'apparence du site.

https://tom.eservices.esante.gouv.fr

6 jours
Copie d'écran de https://tom.eservices.esante.gouv.fr

Nmap

Scan Summary :

A

severityservicevulnerability

info

http (port:443)
Consulter le rapport détaillé

Mozilla HTTP observatory

Scan Summary :

D

ImpactDescriptionDocumentation

-25

Content Security Policy (CSP) header not implemented

-20

Strict-Transport-Security header not implemented.

Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).

-20

X-Frame-Options (XFO) header cannot be recognized.

Documentation for x-frame-options-sameorigin-or-deny

Rapport détaillé

SSL

Scan Summary :

F


Grade capped to A. HSTS is not offered


Expiration : 22/05/2023

Rapport détaillé

Scan OWASP6 jours

riskname

Medium (High)

Content Security Policy (CSP) Header Not Set

Medium (Medium)

Multiple X-Frame-Options Header Entries

Medium (Medium)

Vulnerable JS Library

Low (High)

CSP: X-WebKit-CSP

Low (High)

Strict-Transport-Security Header Not Set

Low (Medium)

Insufficient Site Isolation Against Spectre Vulnerability

Low (Medium)

Permissions Policy Header Not Set

Low (Low)

Dangerous JS Functions

Informational (High)

Obsolete Content Security Policy (CSP) Header Found

Informational (High)

Sec-Fetch-Dest Header is Missing

Informational (High)

Sec-Fetch-Mode Header is Missing

Informational (High)

Sec-Fetch-Site Header is Missing

Informational (High)

Sec-Fetch-User Header is Missing

Informational (Medium)

Base64 Disclosure

Informational (Medium)

Non-Storable Content

Informational (Medium)

Storable and Cacheable Content

Informational (Low)

Charset Mismatch (Header Versus Meta Content-Type Charset)

Informational (Low)

Information Disclosure - Suspicious Comments

Informational (Low)

Re-examine Cache-control Directives

Rapport détaillé

Nuclei20 jours

SéveritéNameMatcher

info

CAA Recordcaa-fingerprint

info

HTTP Missing Security Headerscontent-security-policy

info

HTTP Missing Security Headerspermissions-policy

info

HTTP Missing Security Headersreferrer-policy

info

HTTP Missing Security Headersclear-site-data

info

HTTP Missing Security Headerscross-origin-embedder-policy

info

HTTP Missing Security Headerscross-origin-opener-policy

info

HTTP Missing Security Headerscross-origin-resource-policy

info

HTTP Missing Security Headersstrict-transport-security

info

WAF Detectionapachegeneric

info

Detect SSL Certificate Issuerssl-issuer

info

SSL DNS Namesssl-dns-names

info

TLS Version - Detecttls-version

low

Untrusted Root Certificate - Detectuntrusted-root-certificate