Sécurité

1 reply [Last post]
nmrk.n
Offline
Joined: 11/01/2013
Geshmy
Offline
Joined: 04/23/2015

https://webbkoll.dataskydd.net/en/results?url=http%3A%2F%2Ftrisquel.info%2Ffr

HTTPS by default: Yes
Content Security Policy: Not implemented
Referrer Policy: Referrers leaked
Cookies: 2 (2 first-party; 0 third-party)
Third-party requests: 0
Server location: France — 5.196.53.144Look up

trisquel.info uses HTTPS by default.

Chromium reports the following:
Certificate valid and trusted The connection to this site is using a valid, trusted server certificate issued by R3.
Connection secure connection settings The connection to this site is encrypted and authenticated using TLS 1.2, ECDHE_RSA with P-256, and AES_256_GCM.
Resources all served securely

https://observatory.mozilla.org/

I guess we lose points for:
Content Security Policy
-25 Content Security Policy (CSP) header not implemented
Cookies
-40 Session cookie set without using the Secure flag or set over HTTP
HTTP Strict Transport Security
-20 HTTP Strict Transport Security (HSTS) header not implemented
X-Content-Type-Options
-5 X-Content-Type-Options header not implemented
X-Frame-Options
-20 X-Frame-Options (XFO) header not implemented
X-XSS-Protection
-10 X-XSS-Protection header not implemented

Sorry, mais je'n parle pas Francias.