-{"url":"https://deces.matchid.io","algorithm_version":3,"end_time":"Sun, 18 Aug 2024 01:07:20 GMT","grade":"C+","hidden":false,"likelihood_indicator":"MEDIUM","response_headers":{"CF-Cache-Status":"DYNAMIC","CF-RAY":"8b4e01a11d277699-SEA","Connection":"keep-alive","Content-Encoding":"gzip","Content-Security-Policy":"default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com ajax.cloudflare.com www.googletagmanager.com fundingchoicesmessages.google.com www.google.com www.google.ca analytics.google.com www.google-analytics.com pagead2.googlesyndication.com partner.googleadservices.com tpc.googlesyndication.com www.googletagservices.com adservice.google.com adservice.google.fr;style-src https: 'self' 'unsafe-inline';font-src 'self' data:;img-src 'self' matchid.io a.basemaps.cartocdn.com b.basemaps.cartocdn.com c.basemaps.cartocdn.com upload.wikimedia.org pagead2.googlesyndication.com www.google-analytics.com stats.g.doubleclick.net www.google.fr;connect-src 'self' www.data.gouv.fr cloudflareinsights.com www.google-analytics.com analytics.google.com csi.gstatic.com region1.analytics.google.com stats.g.doubleclick.net pagead2.googlesyndication.com; frame-src 'self' matchid.io www.google.com google.com googleads.g.doubleclick.net tpc.googlesyndication.com","Content-Type":"text/html","Date":"Sun, 18 Aug 2024 01:07:20 GMT","Feature-Policy":"geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'self';accelerometer 'self';fullscreen 'self';payment 'none';","Last-Modified":"Thu, 18 Jul 2024 23:02:43 GMT","NEL":"{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}","Referrer-Policy":"same-origin","Report-To":"{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=%2FLDDKOuZMI89N12ryTlS2aYiyaqeTkuQ%2BL6IxnvTvBNAqlTCz6tSnpJcLCjwm2DDVo3HHKxq%2B7pW5vpdvJEqeV9B8YZ%2B%2Bf8o2nbgS4ZjFyy0ES88y%2FNNNx%2FdTlG0cg0g6jli\"}],\"group\":\"cf-nel\",\"max_age\":604800}","Server":"cloudflare","Strict-Transport-Security":"max-age=15552000; includeSubDomains; preload","Transfer-Encoding":"chunked","X-Content-Type-Options":"nosniff","X-Frame-Options":"*.matchid.io","X-XSS-Protection":"1; mode=block","alt-svc":"h3=\":443\"; ma=86400"},"scan_id":54578528,"score":60,"start_time":"Sun, 18 Aug 2024 01:07:18 GMT","state":"FINISHED","status_code":200,"tests_failed":2,"tests_passed":8,"tests_quantity":10,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"connect-src":["www.google-analytics.com","'self'","stats.g.doubleclick.net","analytics.google.com","cloudflareinsights.com","region1.analytics.google.com","csi.gstatic.com","www.data.gouv.fr","pagead2.googlesyndication.com"],"default-src":["'self'"],"font-src":["data:","'self'"],"frame-src":["'self'","matchid.io","googleads.g.doubleclick.net","google.com","tpc.googlesyndication.com","www.google.com"],"img-src":["www.google-analytics.com","'self'","upload.wikimedia.org","stats.g.doubleclick.net","matchid.io","b.basemaps.cartocdn.com","a.basemaps.cartocdn.com","c.basemaps.cartocdn.com","www.google.fr","pagead2.googlesyndication.com"],"script-src":["www.google-analytics.com","www.google.ca","'self'","tpc.googlesyndication.com","'unsafe-eval'","analytics.google.com","static.cloudflareinsights.com","fundingchoicesmessages.google.com","'unsafe-inline'","partner.googleadservices.com","ajax.cloudflare.com","www.googletagmanager.com","adservice.google.fr","adservice.google.com","www.googletagservices.com","pagead2.googlesyndication.com","www.google.com"],"style-src":["'self'","https:","'unsafe-inline'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":false,"defaultNone":false,"insecureBaseUri":true,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":true,"unsafeInline":true,"unsafeInlineStyle":true,"unsafeObjects":false}},"pass":false,"result":"csp-implemented-with-unsafe-inline","score_description":"Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src.","score_modifier":-20},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://deces.matchid.io/","redirects":true,"route":["http://deces.matchid.io/","https://deces.matchid.io/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":"same-origin","http":true,"meta":false},"pass":true,"result":"referrer-policy-private","score_description":"Referrer-Policy header set to \"no-referrer\", \"same-origin\", \"strict-origin\" or \"strict-origin-when-cross-origin\"","score_modifier":5},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=15552000; includeSubDomains; preload","includeSubDomains":true,"max-age":15552000,"preload":true,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"*.matchid.io"},"pass":false,"result":"x-frame-options-header-invalid","score_description":"X-Frame-Options (XFO) header cannot be recognized","score_modifier":-20},"x-xss-protection":{"expectation":"x-xss-protection-disabled","name":"x-xss-protection","output":{"data":"1; mode=block"},"pass":true,"result":"x-xss-protection-enabled-mode-block","score_description":"Deprecated X-XSS-Protection header set to \"1; mode=block\"","score_modifier":0}}}
0 commit comments