Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
DashlordBetaGouvBot committed Dec 12, 2021
1 parent 415e231 commit dcacd36
Show file tree
Hide file tree
Showing 17 changed files with 2,371 additions and 5,820 deletions.
2 changes: 1 addition & 1 deletion results/aHR0cHM6Ly9hcHAuZXZhLmJldGEuZ291di5mcg==/http.json
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"url":"https://app.eva.beta.gouv.fr","algorithm_version":2,"end_time":"Sun, 28 Nov 2021 14:01:02 GMT","grade":"D+","hidden":false,"likelihood_indicator":"MEDIUM","response_headers":{"Cache-Control":"public, max-age=0","Connection":"keep-alive","Content-Encoding":"gzip","Content-Type":"text/html; charset=UTF-8","Date":"Sun, 28 Nov 2021 14:01:00 GMT","ETag":"W/\"249f-17d2ef7fd80\"","Last-Modified":"Wed, 17 Nov 2021 17:35:44 GMT","Server":"openresty","Strict-Transport-Security":"max-age=31536000","Transfer-Encoding":"chunked","X-Powered-By":"Express","X-Request-ID":"b5db7b11-dc4d-4952-83c0-4f3d8b729ffb"},"scan_id":22980551,"score":40,"start_time":"Sun, 28 Nov 2021 14:00:57 GMT","state":"FINISHED","status_code":200,"tests_failed":4,"tests_passed":8,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":null,"http":false,"meta":false,"policy":null},"pass":false,"result":"csp-not-implemented","score_description":"Content Security Policy (CSP) header not implemented","score_modifier":-25},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://app.eva.beta.gouv.fr/jeu/","redirects":true,"route":["http://app.eva.beta.gouv.fr/","https://app.eva.beta.gouv.fr/","https://app.eva.beta.gouv.fr/jeu","https://app.eva.beta.gouv.fr/jeu/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":null,"http":false,"meta":false},"pass":true,"result":"referrer-policy-not-implemented","score_description":"Referrer-Policy header not implemented","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000","includeSubDomains":false,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":null},"pass":false,"result":"x-content-type-options-not-implemented","score_description":"X-Content-Type-Options header not implemented","score_modifier":-5},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":null},"pass":false,"result":"x-frame-options-not-implemented","score_description":"X-Frame-Options (XFO) header not implemented","score_modifier":-20},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":false,"result":"x-xss-protection-not-implemented","score_description":"X-XSS-Protection header not implemented","score_modifier":-10}}}
{"url":"https://app.eva.beta.gouv.fr","algorithm_version":2,"end_time":"Sun, 12 Dec 2021 08:01:45 GMT","grade":"D","hidden":false,"likelihood_indicator":"MEDIUM","response_headers":{"Connection":"keep-alive","cache-control":"public, max-age=0","content-encoding":"gzip","content-type":"text/html; charset=UTF-8","date":"Sun, 12 Dec 2021 08:01:42 GMT","etag":"W/\"2564-17da05bf990\"","last-modified":"Thu, 09 Dec 2021 18:02:02 GMT","server":"openresty","strict-transport-security":"max-age=31536000","transfer-encoding":"chunked","via":"1.1 eva.beta.gouv.fr, 1.1 alproxy","x-powered-by":"Express","x-request-id":"455f9b80-033f-4647-85f8-716e636835d5"},"scan_id":23235530,"score":35,"start_time":"Sun, 12 Dec 2021 08:01:39 GMT","state":"FINISHED","status_code":200,"tests_failed":5,"tests_passed":7,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":null,"http":false,"meta":false,"policy":null},"pass":false,"result":"csp-not-implemented","score_description":"Content Security Policy (CSP) header not implemented","score_modifier":-25},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://eva.beta.gouv.fr/jeu/","redirects":true,"route":["http://app.eva.beta.gouv.fr/","https://eva.beta.gouv.fr/jeu/"],"status_code":301},"pass":false,"result":"redirection-off-host-from-http","score_description":"Initial redirection from HTTP to HTTPS is to a different host, preventing HSTS","score_modifier":-5},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":null,"http":false,"meta":false},"pass":true,"result":"referrer-policy-not-implemented","score_description":"Referrer-Policy header not implemented","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000","includeSubDomains":false,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":null},"pass":false,"result":"x-content-type-options-not-implemented","score_description":"X-Content-Type-Options header not implemented","score_modifier":-5},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":null},"pass":false,"result":"x-frame-options-not-implemented","score_description":"X-Frame-Options (XFO) header not implemented","score_modifier":-20},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":false,"result":"x-xss-protection-not-implemented","score_description":"X-XSS-Protection header not implemented","score_modifier":-10}}}
2 changes: 1 addition & 1 deletion results/aHR0cHM6Ly9hcHAuZXZhLmJldGEuZ291di5mcg==/lhr.html

Large diffs are not rendered by default.

Loading

0 comments on commit dcacd36

Please sign in to comment.