update: https://cfas.apprentissage.beta.gouv.fr

betagouv · Dec 8, 2023 · 621d6db · 621d6db
1 parent bcb679e
commit 621d6db
Show file tree

Hide file tree

Showing 17 changed files with 1,654 additions and 1,229 deletions.
diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/declaration-a11y.json b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/declaration-a11y.json
@@ -1 +1 @@
-{"mention":null}
+{"mention":"Accessibilité : non conforme","declarationUrl":"https://cfas.apprentissage.beta.gouv.fr/accessibilite"}
diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/declaration-rgpd.json b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/declaration-rgpd.json
@@ -1 +1 @@
-[{"slug":"ml","mention":"Mentions légales","maxScore":4,"score":4,"missingWords":[],"missingTrackers":[],"declarationUrl":"https://cfas.apprentissage.beta.gouv.fr/mentions-legales"},{"slug":"pc","mention":"Politique de confidentialité","maxScore":4,"score":3,"missingWords":["durée de conservation"],"missingTrackers":[],"declarationUrl":"https://cfas.apprentissage.beta.gouv.fr/politique-de-confidentialite"}]
+[{"slug":"ml","mention":null,"maxScore":0,"score":0,"missingWords":[],"missingTrackers":[]},{"slug":"pc","mention":null,"maxScore":0,"score":0,"missingWords":[],"missingTrackers":[]}]
diff --git a/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/http.json b/results/aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZy/http.json
@@ -1 +1 @@
-{"url":"https://cfas.apprentissage.beta.gouv.fr","algorithm_version":2,"end_time":"Sun, 03 Dec 2023 20:58:06 GMT","grade":"A+","hidden":false,"likelihood_indicator":"LOW","response_headers":{"Cache-Control":"private, no-cache, no-store, max-age=0, must-revalidate","Connection":"keep-alive","Content-Encoding":"gzip","Content-Security-Policy":"default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;","Content-Type":"text/html; charset=utf-8","Date":"Sun, 03 Dec 2023 20:58:03 GMT","ETag":"\"y82pp9mnreoo8\"","Referrer-Policy":"no-referrer-when-downgrade","Strict-Transport-Security":"max-age=31536000; includeSubdomains","Transfer-Encoding":"chunked","Vary":"Accept-Encoding","X-Content-Type-Options":"nosniff","X-Frame-Options":"SAMEORIGIN"},"scan_id":45161729,"score":105,"start_time":"Sun, 03 Dec 2023 20:54:47 GMT","state":"FINISHED","status_code":200,"tests_failed":0,"tests_passed":12,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"base-uri":["'self'"],"block-all-mixed-content":["'none'"],"connect-src":["'self'","https://plausible.io","https://sentry.apprentissage.beta.gouv.fr"],"default-src":["'self'","https://plausible.io"],"font-src":["'self'","data:","https:"],"frame-ancestors":["'self'","https://cfas.apprentissage.beta.gouv.fr"],"frame-src":["'self'","https://cfas-recette.apprentissage.beta.gouv.fr","https://plausible.io","https://cfas.apprentissage.beta.gouv.fr"],"img-src":["https://www.notion.so","https://mission-apprentissage.notion.site","https://files.tableau-de-bord.apprentissage.beta.gouv.fr","'self'","data:"],"object-src":["'none'"],"script-src":["'self'","https://plausible.io"],"script-src-attr":["'none'"],"style-src":["'self'","'unsafe-inline'","https:","*.plausible.io"],"upgrade-insecure-requests":["'none'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":true,"defaultNone":false,"insecureBaseUri":false,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":true,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-unsafe-inline-in-style-src-only","score_description":"Content Security Policy (CSP) implemented with unsafe sources inside style-src. This includes 'unsafe-inline', data: or overly broad sources such as https:.","score_modifier":0},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://cfas.apprentissage.beta.gouv.fr/","redirects":true,"route":["http://cfas.apprentissage.beta.gouv.fr/","https://cfas.apprentissage.beta.gouv.fr/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":"no-referrer-when-downgrade","http":true,"meta":false},"pass":true,"result":"referrer-policy-no-referrer-when-downgrade","score_description":"Referrer-Policy header set to \"no-referrer-when-downgrade\"","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000; includeSubdomains","includeSubDomains":true,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"SAMEORIGIN"},"pass":true,"result":"x-frame-options-implemented-via-csp","score_description":"X-Frame-Options (XFO) implemented via the CSP frame-ancestors directive","score_modifier":5},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-needed-due-to-csp","score_description":"X-XSS-Protection header not needed due to strong Content Security Policy (CSP) header","score_modifier":0}}}
+{"url":"https://cfas.apprentissage.beta.gouv.fr","algorithm_version":2,"end_time":"Fri, 08 Dec 2023 09:11:56 GMT","grade":"A+","hidden":false,"likelihood_indicator":"LOW","response_headers":{"Cache-Control":"private, no-cache, no-store, max-age=0, must-revalidate","Connection":"keep-alive","Content-Encoding":"gzip","Content-Security-Policy":"default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: *.plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;","Content-Type":"text/html; charset=utf-8","Date":"Fri, 08 Dec 2023 09:11:54 GMT","ETag":"\"v1isj11xdjoo8\"","Referrer-Policy":"no-referrer-when-downgrade","Strict-Transport-Security":"max-age=31536000; includeSubdomains","Transfer-Encoding":"chunked","Vary":"Accept-Encoding","X-Content-Type-Options":"nosniff","X-Frame-Options":"SAMEORIGIN"},"scan_id":45314506,"score":105,"start_time":"Fri, 08 Dec 2023 09:11:51 GMT","state":"FINISHED","status_code":200,"tests_failed":0,"tests_passed":12,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"base-uri":["'self'"],"block-all-mixed-content":["'none'"],"connect-src":["https://sentry.apprentissage.beta.gouv.fr","https://plausible.io","'self'"],"default-src":["https://plausible.io","'self'"],"font-src":["https:","data:","'self'"],"frame-ancestors":["https://cfas.apprentissage.beta.gouv.fr","'self'"],"frame-src":["https://cfas.apprentissage.beta.gouv.fr","https://cfas-recette.apprentissage.beta.gouv.fr","https://plausible.io","'self'"],"img-src":["data:","https://files.tableau-de-bord.apprentissage.beta.gouv.fr","https://www.notion.so","https://mission-apprentissage.notion.site","'self'"],"object-src":["'none'"],"script-src":["https://plausible.io","'self'"],"script-src-attr":["'none'"],"style-src":["https:","'unsafe-inline'","*.plausible.io","'self'"],"upgrade-insecure-requests":["'none'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":true,"defaultNone":false,"insecureBaseUri":false,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":true,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-unsafe-inline-in-style-src-only","score_description":"Content Security Policy (CSP) implemented with unsafe sources inside style-src. This includes 'unsafe-inline', data: or overly broad sources such as https:.","score_modifier":0},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://cfas.apprentissage.beta.gouv.fr/","redirects":true,"route":["http://cfas.apprentissage.beta.gouv.fr/","https://cfas.apprentissage.beta.gouv.fr/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":"no-referrer-when-downgrade","http":true,"meta":false},"pass":true,"result":"referrer-policy-no-referrer-when-downgrade","score_description":"Referrer-Policy header set to \"no-referrer-when-downgrade\"","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000; includeSubdomains","includeSubDomains":true,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"SAMEORIGIN"},"pass":true,"result":"x-frame-options-implemented-via-csp","score_description":"X-Frame-Options (XFO) implemented via the CSP frame-ancestors directive","score_modifier":5},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-needed-due-to-csp","score_description":"X-XSS-Protection header not needed due to strong Content Security Policy (CSP) header","score_modifier":0}}}
diff --git a/...3NhZ2UuYmV0YS5nb3V2LmZy/lhr-aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZyLw==.html b/...3NhZ2UuYmV0YS5nb3V2LmZy/lhr-aHR0cHM6Ly9jZmFzLmFwcHJlbnRpc3NhZ2UuYmV0YS5nb3V2LmZyLw==.html
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		{"mention":null}
		{"mention":"Accessibilité : non conforme","declarationUrl":"https://cfas.apprentissage.beta.gouv.fr/accessibilite"}
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		[{"slug":"ml","mention":"Mentions légales","maxScore":4,"score":4,"missingWords":[],"missingTrackers":[],"declarationUrl":"https://cfas.apprentissage.beta.gouv.fr/mentions-legales"},{"slug":"pc","mention":"Politique de confidentialité","maxScore":4,"score":3,"missingWords":["durée de conservation"],"missingTrackers":[],"declarationUrl":"https://cfas.apprentissage.beta.gouv.fr/politique-de-confidentialite"}]
		[{"slug":"ml","mention":null,"maxScore":0,"score":0,"missingWords":[],"missingTrackers":[]},{"slug":"pc","mention":null,"maxScore":0,"score":0,"missingWords":[],"missingTrackers":[]}]
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		{"url":"https://cfas.apprentissage.beta.gouv.fr","algorithm_version":2,"end_time":"Sun, 03 Dec 2023 20:58:06 GMT","grade":"A+","hidden":false,"likelihood_indicator":"LOW","response_headers":{"Cache-Control":"private, no-cache, no-store, max-age=0, must-revalidate","Connection":"keep-alive","Content-Encoding":"gzip","Content-Security-Policy":"default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: .plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;","Content-Type":"text/html; charset=utf-8","Date":"Sun, 03 Dec 2023 20:58:03 GMT","ETag":"\"y82pp9mnreoo8\"","Referrer-Policy":"no-referrer-when-downgrade","Strict-Transport-Security":"max-age=31536000; includeSubdomains","Transfer-Encoding":"chunked","Vary":"Accept-Encoding","X-Content-Type-Options":"nosniff","X-Frame-Options":"SAMEORIGIN"},"scan_id":45161729,"score":105,"start_time":"Sun, 03 Dec 2023 20:54:47 GMT","state":"FINISHED","status_code":200,"tests_failed":0,"tests_passed":12,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"base-uri":["'self'"],"block-all-mixed-content":["'none'"],"connect-src":["'self'","https://plausible.io","https://sentry.apprentissage.beta.gouv.fr"],"default-src":["'self'","https://plausible.io"],"font-src":["'self'","data:","https:"],"frame-ancestors":["'self'","https://cfas.apprentissage.beta.gouv.fr"],"frame-src":["'self'","https://cfas-recette.apprentissage.beta.gouv.fr","https://plausible.io","https://cfas.apprentissage.beta.gouv.fr"],"img-src":["https://www.notion.so","https://mission-apprentissage.notion.site","https://files.tableau-de-bord.apprentissage.beta.gouv.fr","'self'","data:"],"object-src":["'none'"],"script-src":["'self'","https://plausible.io"],"script-src-attr":["'none'"],"style-src":["'self'","'unsafe-inline'","https:",".plausible.io"],"upgrade-insecure-requests":["'none'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":true,"defaultNone":false,"insecureBaseUri":false,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":true,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-unsafe-inline-in-style-src-only","score_description":"Content Security Policy (CSP) implemented with unsafe sources inside style-src. This includes 'unsafe-inline', data: or overly broad sources such as https:.","score_modifier":0},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://cfas.apprentissage.beta.gouv.fr/","redirects":true,"route":["http://cfas.apprentissage.beta.gouv.fr/","https://cfas.apprentissage.beta.gouv.fr/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":"no-referrer-when-downgrade","http":true,"meta":false},"pass":true,"result":"referrer-policy-no-referrer-when-downgrade","score_description":"Referrer-Policy header set to \"no-referrer-when-downgrade\"","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000; includeSubdomains","includeSubDomains":true,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"SAMEORIGIN"},"pass":true,"result":"x-frame-options-implemented-via-csp","score_description":"X-Frame-Options (XFO) implemented via the CSP frame-ancestors directive","score_modifier":5},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-needed-due-to-csp","score_description":"X-XSS-Protection header not needed due to strong Content Security Policy (CSP) header","score_modifier":0}}}
		{"url":"https://cfas.apprentissage.beta.gouv.fr","algorithm_version":2,"end_time":"Fri, 08 Dec 2023 09:11:56 GMT","grade":"A+","hidden":false,"likelihood_indicator":"LOW","response_headers":{"Cache-Control":"private, no-cache, no-store, max-age=0, must-revalidate","Connection":"keep-alive","Content-Encoding":"gzip","Content-Security-Policy":"default-src 'self' https://plausible.io; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self' https://cfas.apprentissage.beta.gouv.fr; frame-src 'self' https://plausible.io https://cfas.apprentissage.beta.gouv.fr https://cfas-recette.apprentissage.beta.gouv.fr; img-src 'self' https://files.tableau-de-bord.apprentissage.beta.gouv.fr https://www.notion.so https://mission-apprentissage.notion.site data:; object-src 'none'; script-src 'self' https://plausible.io ; script-src-attr 'none'; style-src 'self' https: .plausible.io 'unsafe-inline'; connect-src 'self' https://plausible.io https://sentry.apprentissage.beta.gouv.fr ; upgrade-insecure-requests;","Content-Type":"text/html; charset=utf-8","Date":"Fri, 08 Dec 2023 09:11:54 GMT","ETag":"\"v1isj11xdjoo8\"","Referrer-Policy":"no-referrer-when-downgrade","Strict-Transport-Security":"max-age=31536000; includeSubdomains","Transfer-Encoding":"chunked","Vary":"Accept-Encoding","X-Content-Type-Options":"nosniff","X-Frame-Options":"SAMEORIGIN"},"scan_id":45314506,"score":105,"start_time":"Fri, 08 Dec 2023 09:11:51 GMT","state":"FINISHED","status_code":200,"tests_failed":0,"tests_passed":12,"tests_quantity":12,"details":{"content-security-policy":{"expectation":"csp-implemented-with-no-unsafe","name":"content-security-policy","output":{"data":{"base-uri":["'self'"],"block-all-mixed-content":["'none'"],"connect-src":["https://sentry.apprentissage.beta.gouv.fr","https://plausible.io","'self'"],"default-src":["https://plausible.io","'self'"],"font-src":["https:","data:","'self'"],"frame-ancestors":["https://cfas.apprentissage.beta.gouv.fr","'self'"],"frame-src":["https://cfas.apprentissage.beta.gouv.fr","https://cfas-recette.apprentissage.beta.gouv.fr","https://plausible.io","'self'"],"img-src":["data:","https://files.tableau-de-bord.apprentissage.beta.gouv.fr","https://www.notion.so","https://mission-apprentissage.notion.site","'self'"],"object-src":["'none'"],"script-src":["https://plausible.io","'self'"],"script-src-attr":["'none'"],"style-src":["https:","'unsafe-inline'",".plausible.io","'self'"],"upgrade-insecure-requests":["'none'"]},"http":true,"meta":false,"numPolicies":1,"policy":{"antiClickjacking":true,"defaultNone":false,"insecureBaseUri":false,"insecureFormAction":true,"insecureSchemeActive":false,"insecureSchemePassive":false,"strictDynamic":false,"unsafeEval":false,"unsafeInline":false,"unsafeInlineStyle":true,"unsafeObjects":false}},"pass":true,"result":"csp-implemented-with-unsafe-inline-in-style-src-only","score_description":"Content Security Policy (CSP) implemented with unsafe sources inside style-src. This includes 'unsafe-inline', data: or overly broad sources such as https:.","score_modifier":0},"contribute":{"expectation":"contribute-json-only-required-on-mozilla-properties","name":"contribute","output":{"data":null},"pass":true,"result":"contribute-json-only-required-on-mozilla-properties","score_description":"Contribute.json isn't required on websites that don't belong to Mozilla","score_modifier":0},"cookies":{"expectation":"cookies-secure-with-httponly-sessions","name":"cookies","output":{"data":null,"sameSite":null},"pass":true,"result":"cookies-not-found","score_description":"No cookies detected","score_modifier":0},"cross-origin-resource-sharing":{"expectation":"cross-origin-resource-sharing-not-implemented","name":"cross-origin-resource-sharing","output":{"data":{"acao":null,"clientaccesspolicy":null,"crossdomain":null}},"pass":true,"result":"cross-origin-resource-sharing-not-implemented","score_description":"Content is not visible via cross-origin resource sharing (CORS) files or headers","score_modifier":0},"public-key-pinning":{"expectation":"hpkp-not-implemented","name":"public-key-pinning","output":{"data":null,"includeSubDomains":false,"max-age":null,"numPins":null,"preloaded":false},"pass":true,"result":"hpkp-not-implemented","score_description":"HTTP Public Key Pinning (HPKP) header not implemented","score_modifier":0},"redirection":{"expectation":"redirection-to-https","name":"redirection","output":{"destination":"https://cfas.apprentissage.beta.gouv.fr/","redirects":true,"route":["http://cfas.apprentissage.beta.gouv.fr/","https://cfas.apprentissage.beta.gouv.fr/"],"status_code":200},"pass":true,"result":"redirection-to-https","score_description":"Initial redirection is to HTTPS on same host, final destination is HTTPS","score_modifier":0},"referrer-policy":{"expectation":"referrer-policy-private","name":"referrer-policy","output":{"data":"no-referrer-when-downgrade","http":true,"meta":false},"pass":true,"result":"referrer-policy-no-referrer-when-downgrade","score_description":"Referrer-Policy header set to \"no-referrer-when-downgrade\"","score_modifier":0},"strict-transport-security":{"expectation":"hsts-implemented-max-age-at-least-six-months","name":"strict-transport-security","output":{"data":"max-age=31536000; includeSubdomains","includeSubDomains":true,"max-age":31536000,"preload":false,"preloaded":false},"pass":true,"result":"hsts-implemented-max-age-at-least-six-months","score_description":"HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)","score_modifier":0},"subresource-integrity":{"expectation":"sri-implemented-and-external-scripts-loaded-securely","name":"subresource-integrity","output":{"data":{}},"pass":true,"result":"sri-not-implemented-but-all-scripts-loaded-from-secure-origin","score_description":"Subresource Integrity (SRI) not implemented, but all scripts are loaded from a similar origin","score_modifier":0},"x-content-type-options":{"expectation":"x-content-type-options-nosniff","name":"x-content-type-options","output":{"data":"nosniff"},"pass":true,"result":"x-content-type-options-nosniff","score_description":"X-Content-Type-Options header set to \"nosniff\"","score_modifier":0},"x-frame-options":{"expectation":"x-frame-options-sameorigin-or-deny","name":"x-frame-options","output":{"data":"SAMEORIGIN"},"pass":true,"result":"x-frame-options-implemented-via-csp","score_description":"X-Frame-Options (XFO) implemented via the CSP frame-ancestors directive","score_modifier":5},"x-xss-protection":{"expectation":"x-xss-protection-1-mode-block","name":"x-xss-protection","output":{"data":null},"pass":true,"result":"x-xss-protection-not-needed-due-to-csp","score_description":"X-XSS-Protection header not needed due to strong Content Security Policy (CSP) header","score_modifier":0}}}