Recette de cuisine : 63 000 recettes de cuisine française et du monde

HTTPS

ZIEL_ANALYSE

cuisine.journaldesfemmes.fr

IP: 0.0.0.0

ASN: AS0

Ein umfassender Sicherheits- und Netzwerkanalysebericht für cuisine.journaldesfemmes.fr.

Hauptport: 443
Scan-Zeit: 4/12/2026, 5:31:14 PM
Teilbarer Bericht-Link: https://sechttp.com/scan/cuisine.journaldesfemmes.fr

Detaillierte Sicherheitsanalyse

Angriffspfad- und DDoS-Schutzanalyse

Angreifer

L4-Verkehr

L7-Verkehr

AS0 (Unknown POP)

L4 verteidigt

L7 umgangen

L4 blockiert

L7-Verkehr

Ihr Server

Verteidigungsübersicht

Während Unknown robusten Schutz gegen Angriffe der Schicht 4 (Netzwerkebene) bietet, bleibt Ihr Server potenziell anfällig für ausgeklügelte Angriffe der Schicht 7 (Anwendungsebene), die Standard-CDN-Abwehrmechanismen umgehen können. Zusätzliche WAF-Regeln und anwendungsspezifische Sicherheitsmaßnahmen werden empfohlen.

Schicht-4-Verteidigung

Unknown bietet robusten Schutz gegen SYN-Flood, UDP-Verstärkung und volumetrische Angriffe an der Netzwerkgrenze.

Schicht-7-Schwachstellen

Anwendungsangriffe, die auf 5 offengelegte API-Endpunkte abzielen, erfordern zusätzliche WAF-Regeln und Ratenbegrenzung.

Fehlender oder ungültiger HSTS-Header

MEDIUM

SEC-001

Beschreibung

Der Strict-Transport-Security-Header ist nicht richtig konfiguriert, wodurch die Website anfällig für Man-in-the-Middle-Angriffe ist.

Empfehlung

Implementieren Sie HSTS, indem Sie den Strict-Transport-Security-Header mit einem geeigneten max-age-Wert hinzufügen, um HTTPS-Verbindungen zu erzwingen.

Offenlegung sensibler Informationen in JavaScript

HIGH

JS-001

Beschreibung

Es wurden 66 potenziell sensible Variablen im clientseitigen JavaScript-Code gefunden.

Empfehlung

Überprüfen und entfernen Sie sensible Informationen aus dem clientseitigen Code. Verwenden Sie Umgebungsvariablen und serverseitige Verarbeitung für sensible Daten.

root@sechttp: /var/log/fuzz

 root@sechttp : ~ $ 
 >  [Code: 200]  
/api/microforum/avis/?id= [SENSIBLE DATENLECK]  
 >  [Code: 403]  
/api/microforum/avis/  [VERBOTEN] 
 >  [Code: 404]  
/api/tagconf/   
 >  [Code: 200]  
/api/block/ [SENSIBLE DATENLECK]  
 >  [Code: 403]  
/api/contentconf/  [VERBOTEN] 
 [+] Scan abgeschlossen. Gefunden 2 potenzielle Lecks. 
root@sechttp:~$

Ergebnisse des Port-Scans

   Port Dienst Status Version 
HTTP  GESCHLOSSEN   -  
HTTPS  OFFEN   TLS 1.3  
SSH  GEFILTERT   -  
MySQL  GESCHLOSSEN   -  
  

Port	Dienst	Status	Version
80	HTTP	GESCHLOSSEN	-
443	HTTPS	OFFEN	TLS 1.3
22	SSH	GEFILTERT	-
3306	MySQL	GESCHLOSSEN	-

HTTP-Header-Analyse

date: Sun, 12 Apr 2026 17:31:06 GMT 
pragma: no-cache 
expires: Sun, 12 Apr 2026 17:31:06 GMT 
x-ccm-lm: 1776014563 
connection: keep-alive 
x-served-by: lxc-varnish-jdf-04 
content-type: text/html; charset=UTF-8 
cache-control: max-age=0, no-cache 
last-modified: Sun, 12 Apr 2026 17:26:28 GMT 
content-length: 229085 
x-ccm-cache-tag: jdf_ctag_91 
x-frame-options: sameorigin 
x-www-served-by: vm_k8s_prod_21 
content-language: fr 
x-cache-esi-debug: Forwarded 
content-security-policy: frame-ancestors 'self' 

Derzeit in der Testphase

Peering-Informationen werden analysiert.

Derzeit in der Testphase

Daten zu Internet-Austauschpunkten werden gesammelt.

JavaScript-Analyse

Security Analysis Alert

Client-side code analysis has identified potential security vulnerabilities and information disclosure risks.

Offengelegte JavaScript-Variablen

66 Found

Variables exposed in client-side code that may contain sensitive information

# Security Assessment: Variable Exposure Analysis
 
LEAK
 
API
 ,e)});else{console.warn( 

Risk: Information disclosure via client-side exposure
 
LEAK
 
dev
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
key
 getTranslation 

Risk: Information disclosure via client-side exposure
 
LEAK
 
url
 /api/contentconf/ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
code
 MODULE_NOT_FOUND 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keys
 n 

Risk: Information disclosure via client-side exposure
 
LEAK
 
test
 \x3c!--@MOD:widget@{ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
email
 void 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyup
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
token
 t 

Risk: Information disclosure via client-side exposure
 
LEAK
 
COOKIE
 D, dd M yy 

Risk: Information disclosure via client-side exposure
 
LEAK
 
access
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
author
 o 

Risk: Information disclosure via client-side exposure
 
LEAK
 
client
 +e.clientId+ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
domain
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getUrl
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
mailto
 redac 

Risk: Information disclosure via client-side exposure
 
LEAK
 
baseUrl
 // 

Risk: Information disclosure via client-side exposure
 
LEAK
 
dataKey
 data-channelId 

Risk: Information disclosure via client-side exposure
 
LEAK
 
fileAPI
 +E);var T,S=(j||C)&&!E;!1!==t.iframe&&(t.iframe||S)?t.closeKeepAlive?e.get(t.closeKeepAlive,function(){T=N(y)}):T=N(y):T=(j||C)&&E?M(y):e.ajax(t),p.removeData( 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyCode
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keydown
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
sitekey
 6LfcECcUAAAAANw9v7LQYqYsrkQmseAxos7r8wQP 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urlHash
 window 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_doKeyUp
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_keydown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
adDomain
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
b.domain
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
charCode
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientId
 breakingnews 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keypress
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
shareUrl
 encodeURIComponent 

Risk: Information disclosure via client-side exposure
 
LEAK
 
snapItem
 s 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urlLabel
 m 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_isNumber
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_keyEvent
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
i.keydown
 _keydown 

Risk: Information disclosure via client-side exposure
 
LEAK
 
wrapInner
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_doKeyDown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_onKeyDown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
b.clientId
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
contentUrl
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
statusCode
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_doKeyPress
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_tabKeydown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
credentials
 include 

Risk: Information disclosure via client-side exposure
 
LEAK
 
facebookUrl
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
numberFormat
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
pinterestUrl
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_panelKeyDown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_panelKeydown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
defaultDomain
 fc 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getPublicPath
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
maxRatingKeys
 100 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urlParameters
 window 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getResourceUrl
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
numberOfMonths
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
storageKeyName
 ccmratings 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ratingKeysToDrop
 90 

Risk: Information disclosure via client-side exposure
 
LEAK
 
jPaginationNumber
 paginationNumber 

Risk: Information disclosure via client-side exposure
 
LEAK
 
pinterestMediaUrl
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_getNumberOfMonths
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_closeOnClickOutside
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_intersectsWithSides
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
defaultOptions.dataKey
 data-channelId 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getUrlForExternalResource
 function 

Risk: Information disclosure via client-side exposure
 
Total: 66 exposed variables found

API-Domänenanalyse

16 Domains

External API domains discovered in client-side code

EXTERNAL_API_DOMAIN

jqueryui.com

Reachable

HTTPS Enabled

Security Note: