Paramètres d'affichage

Choisissez un thème pour personnaliser l'apparence du site.

https://wallet.esw.esante.gouv.fr

6 jours
Copie d'écran de https://wallet.esw.esante.gouv.fr

Nmap

Scan Summary :

A

severityservicevulnerability

info

http (port:80)

info

http (port:443)
Consulter le rapport détaillé

Mozilla HTTP observatory

Scan Summary :

B+

ImpactDescriptionDocumentation

-20

Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src.

Remove unsafe-inline and data: from script-src, overly broad sources from object-src and script-src, and ensure object-src and script-src are set.

Rapport détaillé

SSL

Scan Summary :

A+


Expiration : 03/01/2026

Rapport détaillé

Scan OWASP6 jours

riskname

Medium (High)

CSP: Failure to Define Directive with No Fallback

Medium (High)

CSP: Wildcard Directive

Medium (High)

CSP: script-src unsafe-inline

Medium (High)

CSP: style-src unsafe-inline

Medium (High)

Sub Resource Integrity Attribute Missing

Low (Medium)

Cookie without SameSite Attribute

Low (Medium)

Insufficient Site Isolation Against Spectre Vulnerability

Low (Medium)

Permissions Policy Header Not Set

Low (Medium)

Private IP Disclosure

Informational (High)

Sec-Fetch-Dest Header is Missing

Informational (High)

Sec-Fetch-Mode Header is Missing

Informational (High)

Sec-Fetch-Site Header is Missing

Informational (High)

Sec-Fetch-User Header is Missing

Informational (Medium)

Base64 Disclosure

Informational (Medium)

Modern Web Application

Informational (Medium)

Non-Storable Content

Informational (Medium)

Session Management Response Identified

Informational (Medium)

Storable and Cacheable Content

Informational (Low)

Information Disclosure - Suspicious Comments

Informational (Low)

Re-examine Cache-control Directives

Rapport détaillé

Nuclei6 jours

SéveritéNameMatcher

info

DNS SaaS Service Detectionakamai-cdn

info

CAA Recordcaa-fingerprint

info

Wappalyzer Technology Detectionakamai

info

HTTP Missing Security Headerscontent-security-policy

info

HTTP Missing Security Headerspermissions-policy

info

HTTP Missing Security Headersx-frame-options

info

HTTP Missing Security Headersx-permitted-cross-domain-policies

info

HTTP Missing Security Headersclear-site-data

info

HTTP Missing Security Headersstrict-transport-security

info

HTTP Missing Security Headersx-content-type-options

info

HTTP Missing Security Headersreferrer-policy

info

HTTP Missing Security Headerscross-origin-embedder-policy

info

HTTP Missing Security Headerscross-origin-opener-policy

info

HTTP Missing Security Headerscross-origin-resource-policy

info

WAF Detectionakamai

info

TLS Version - Detecttls-version

info

Detect SSL Certificate Issuerssl-issuer

info

SSL DNS Namesssl-dns-names