Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
DashlordBetaGouvBot committed Dec 12, 2021
1 parent 53e846e commit ee41e9f
Show file tree
Hide file tree
Showing 13 changed files with 1,480 additions and 1,480 deletions.
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"url":"https://civilsdeladefense.fabnum.fr/","algorithm_version":2,"end_time":"Sun, 05 Dec 2021 06:13:40 GMT","grade":"B-","hidden":false,"likelihood_indicator":"MEDIUM","response_headers":{"Cache-Control":"max-age=0, private, must-revalidate","Connection":"keep-alive","Content-Encoding":"gzip","Content-Type":"text/html; charset=utf-8","Date":"Sun, 05 Dec 2021 06:13:39 GMT","ETag":"W/\"46b83000db1374c75fb6abbc6c31c480\"","Link":"</packs/css/style-ba31ae25.css>; rel=preload; as=style; nopush,</packs/js/bundle-5875c0c722663b4bf43e.js>; rel=preload; as=script; nopush","Referrer-Policy":"strict-origin-when-cross-origin","Server":"openresty","Set-Cookie":"_civilsdeladefense_session=yOJWeVFSwR0S0JhKr2hOzOW%2BgEWT4Yu4H2dA7nzIDIo3MR9xssu%2BWDARdmqwnFJojoTLs0hOxdRJQP%2BosrwRmGfyV3ROEgby8eTQrI%2FDSlCiXJ4RPXk1CBbC4LxQg%2Fi3rpCp2pReKF%2BaAfX9MMczyREfq14IfwZ%2FmUTbkfiZN6k4e3U0bcVNJ1iTyano1g1JLD%2BRt2eTQSballfqn1Nx8xyeypkurA02BF0zR05b%2Bbjcj8Ts5xsha9bPl2dnNhC82nMsD3DpIvEJmpWKs62I%2Bfju9IKksCznqnGHmZwPYfJpcA%3D%3D--8foJWtftT78RNlmv--iY%2FFHwZWPvYcVr5mNpFrfw%3D%3D; path=/; secure; HttpOnly; SameSite=Lax","Strict-Transport-Security":"max-age=31556952; preload","Transfer-Encoding":"chunked","Vary":"Accept","X-Content-Type-Options":"nosniff","X-Download-Options":"noopen","X-Frame-Options":"SAMEORIGIN","X-Permitted-Cross-Domain-Policies":"none","X-Request-ID":"219ed4fe-9923-4f15-868d-e4d0668d7944, 219ed4fe-9923-4f15-868d-e4d0668d7944","X-Runtime":"0.030703","X-XSS-Protection":"1; mode=block"},"scan_id":23120507,"score":65,"start_time":"Sun, 05 Dec 2021 06:13:35 GMT","state":"FINISHED","status_code":200,"tests_failed":2,"tests_passed":10,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":null,"http":false,"meta":false,"policy":null},"pass":false,"result":"csp-not-implemented","score_description":"Content Security Policy (CSP) header not implemented","score_modifier":-25},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":{"_civilsdeladefense_session":{"domain":"contractuels.civils.defense.gouv.fr","expires":null,"httponly":true,"max-age":null,"path":"/","port":null,"samesite":"Lax","secure":true}},"sameSite":true},"pass":true,"result":"cookies-secure-with-httponly-sessions-and-samesite","score_description":"All cookies use the Secure flag, session cookies use the HttpOnly flag, and cross-origin restrictions are in place via the SameSite flag","score_modifier":5},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://contractuels.civils.defense.gouv.fr/","redirects":true,"route":["http://civilsdeladefense.fabnum.fr/","http://contractuels.civils.defense.gouv.fr/","https://contractuels.civils.defense.gouv.fr/"],"status_code":200},"pass":false,"result":"redirection-not-to-https-on-initial-redirection","score_description":"Redirects to HTTPS eventually, but initial redirection is to another HTTP URL","score_modifier":-10},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":"strict-origin-when-cross-origin","http":true,"meta":false},"pass":true,"result":"referrer-policy-private","score_description":"Referrer-Policy header set to \"no-referrer\", \"same-origin\", \"strict-origin\" or \"strict-origin-when-cross-origin\"","score_modifier":5},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31556952; preload","includeSubDomains":false,"max-age":31556952,"preload":true,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"SAMEORIGIN"},"pass":true,"result":"x-frame-options-sameorigin-or-deny","score_description":"X-Frame-Options (XFO) header set to SAMEORIGIN or DENY","score_modifier":0},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":"1; mode=block"},"pass":true,"result":"x-xss-protection-enabled-mode-block","score_description":"X-XSS-Protection header set to \"1; mode=block\"","score_modifier":0}}}
{"url":"https://civilsdeladefense.fabnum.fr/","algorithm_version":2,"end_time":"Sun, 12 Dec 2021 06:23:46 GMT","grade":"B-","hidden":false,"likelihood_indicator":"MEDIUM","response_headers":{"Cache-Control":"max-age=0, private, must-revalidate","Connection":"keep-alive","Content-Encoding":"gzip","Content-Type":"text/html; charset=utf-8","Date":"Sun, 12 Dec 2021 06:23:45 GMT","ETag":"W/\"47d5e9b3241cadc8285379eb059284ca\"","Link":"</packs/css/style-ba31ae25.css>; rel=preload; as=style; nopush,</packs/js/bundle-5875c0c722663b4bf43e.js>; rel=preload; as=script; nopush","Referrer-Policy":"strict-origin-when-cross-origin","Server":"openresty","Set-Cookie":"_civilsdeladefense_session=bWsnlqvo8FBryq59JlyL7Y71M%2BBn547jn3L%2BTeQ3F98La9Zj5e%2Fj8M8mev6EtdGUEI77DtD55RzpLeSVDQLJEVs4t31XinUDFa8aZBJL9WqTuW5mlpD7VzbXGGI9sCvDWxhXeMcX5%2FhQFKI2HgZFKEhm8srNYbU5Z3wsOg%2FeZlnxyySGHMZA%2FyoMIB78WZ9C1n35cfmXDQEp2olsrzO%2FGY2rYRCZ7syXOi280ZtnYNn4uTvDhys5NpvMkYrbDS3lKDL0fQC4yIKD19Xk%2FuuV0JplXSM6%2FpKX%2B0l31sUpev60aQ%3D%3D--wxxKKztqjE7Owzk5--OnRhd690ggmJdRK7q1KZeQ%3D%3D; path=/; secure; HttpOnly; SameSite=Lax","Strict-Transport-Security":"max-age=31556952; preload","Transfer-Encoding":"chunked","Vary":"Accept","X-Content-Type-Options":"nosniff","X-Download-Options":"noopen","X-Frame-Options":"SAMEORIGIN","X-Permitted-Cross-Domain-Policies":"none","X-Request-ID":"e25635fc-7e79-452f-a6fc-2c0563776451, e25635fc-7e79-452f-a6fc-2c0563776451","X-Runtime":"0.040260","X-XSS-Protection":"1; mode=block"},"scan_id":23234894,"score":65,"start_time":"Sun, 12 Dec 2021 06:23:41 GMT","state":"FINISHED","status_code":200,"tests_failed":2,"tests_passed":10,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":null,"http":false,"meta":false,"policy":null},"pass":false,"result":"csp-not-implemented","score_description":"Content Security Policy (CSP) header not implemented","score_modifier":-25},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":{"_civilsdeladefense_session":{"domain":"contractuels.civils.defense.gouv.fr","expires":null,"httponly":true,"max-age":null,"path":"/","port":null,"samesite":"Lax","secure":true}},"sameSite":true},"pass":true,"result":"cookies-secure-with-httponly-sessions-and-samesite","score_description":"All cookies use the Secure flag, session cookies use the HttpOnly flag, and cross-origin restrictions are in place via the SameSite flag","score_modifier":5},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://contractuels.civils.defense.gouv.fr/","redirects":true,"route":["http://civilsdeladefense.fabnum.fr/","http://contractuels.civils.defense.gouv.fr/","https://contractuels.civils.defense.gouv.fr/"],"status_code":200},"pass":false,"result":"redirection-not-to-https-on-initial-redirection","score_description":"Redirects to HTTPS eventually, but initial redirection is to another HTTP URL","score_modifier":-10},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":"strict-origin-when-cross-origin","http":true,"meta":false},"pass":true,"result":"referrer-policy-private","score_description":"Referrer-Policy header set to \"no-referrer\", \"same-origin\", \"strict-origin\" or \"strict-origin-when-cross-origin\"","score_modifier":5},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31556952; preload","includeSubDomains":false,"max-age":31556952,"preload":true,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"SAMEORIGIN"},"pass":true,"result":"x-frame-options-sameorigin-or-deny","score_description":"X-Frame-Options (XFO) header set to SAMEORIGIN or DENY","score_modifier":0},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":"1; mode=block"},"pass":true,"result":"x-xss-protection-enabled-mode-block","score_description":"X-XSS-Protection header set to \"1; mode=block\"","score_modifier":0}}}

Large diffs are not rendered by default.

Loading

0 comments on commit ee41e9f

Please sign in to comment.