Agence de communication digitale à Montpellier | Citron Noir

HTTPS

ANALYSE_CIBLE

citronnoir.com

IP : 0.0.0.0

ASN : AS0

Un rapport complet d'analyse de sécurité et de réseau pour citronnoir.com. Serveur : Apache.

Port principal: 443
Temps de scan: 4/12/2026, 11:53:25 AM
Lien de rapport partageable: https://sechttp.com/scan/citronnoir.com

Analyse de sécurité détaillée

Analyse des chemins d'attaque et de défense contre les DDoS

Attaquant

Trafic L4

Trafic L7

AS0 (Apache POP)

L4 défendu

L7 contourné

L4 bloqué

Trafic L7

Votre serveur

Résumé de la défense

Bien que Apache offre une protection robuste contre les attaques de couche 4 (niveau réseau), votre serveur reste potentiellement vulnérable aux attaques sophistiquées de couche 7 (niveau application) qui peuvent contourner les défenses CDN standard. Des règles WAF supplémentaires et des mesures de sécurité côté application sont recommandées.

Défense de couche 4

Apache fournit une protection robuste contre les inondations SYN, l'amplification UDP et les attaques volumétriques à la périphérie du réseau.

Vulnérabilités de couche 7

Les attaques de couche application ciblant les points d'accès API exposés de 0 nécessitent des règles WAF supplémentaires et une limitation de débit.

Divulgation d'informations sur le serveur

LOW

INFO-001

Description

Le serveur divulgue son type de logiciel : Apache. Cela peut aider les attaquants à identifier des vulnérabilités potentielles.

Recommandation

Configurez votre serveur web pour masquer ou modifier l'en-tête Server afin d'éviter la divulgation d'informations.

Exposition d'informations sensibles dans JavaScript

HIGH

JS-001

Description

Trouvé 49 variables potentiellement sensibles exposées dans le code JavaScript côté client.

Recommandation

Examinez et supprimez les informations sensibles du code côté client. Utilisez des variables d'environnement et un traitement côté serveur pour les données sensibles.

Test en cours

Aucune donnée de fuzzing disponible pour ce scan.

Résultats du scan de ports

   Port Service Statut Version 
HTTP  FERMÉ   -  
HTTPS  OUVERT   TLS 1.3  
SSH  FILTRÉ   -  
MySQL  FERMÉ   -  
  

Port	Service	Statut	Version
80	HTTP	FERMÉ	-
443	HTTPS	OUVERT	TLS 1.3
22	SSH	FILTRÉ	-
3306	MySQL	FERMÉ	-

Analyse des en-têtes HTTP

date: Sun, 12 Apr 2026 11:52:50 GMT 
vary: X-FORWARDED-PROTO,Accept-Encoding 
server: Apache 
expires: Sun, 12 Apr 2026 11:52:50 GMT 
upgrade: h2 
connection: Upgrade 
content-type: text/html; charset=UTF-8 
cache-control: max-age=0 
last-modified: Sun, 12 Apr 2026 10:09:21 GMT 
referrer-policy: strict-origin-when-cross-origin 
x-frame-options: SAMEORIGIN 
transfer-encoding: chunked 
permissions-policy: geolocation=(), microphone=(), camera=() 
x-content-type-options: nosniff 
content-security-policy: default-src 'self' https: data: blob:; img-src 'self' https: data:; font-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 
strict-transport-security: max-age=63072000; includeSubDomains; preload 

Test en cours

Les informations de peering sont en cours d'analyse.

Test en cours

Les données des points d'échange Internet sont en cours de collecte.

Analyse JavaScript

Security Analysis Alert

Client-side code analysis has identified potential security vulnerabilities and information disclosure risks.

Variables JavaScript exposées

49 Found

Variables exposed in client-side code that may contain sensitive information

# Security Assessment: Variable Exposure Analysis
 
LEAK
 
key
 stop 

Risk: Information disclosure via client-side exposure
 
LEAK
 
url
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
devel
 true 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Number
 r 

Risk: Information disclosure via client-side exposure
 
LEAK
 
access
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
author
 Jack 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_assign
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
fromURL
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ownKeys
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
release
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_fromURL
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
addEvent
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
endPoint
 Opacity 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getNewKey
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keysIndex
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
nodeValue
 n 

Risk: Information disclosure via client-side exposure
 
LEAK
 
wrapInner
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
nearestKey
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
statusCode
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
targetTest
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
originalKey
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
mobileStatus
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_toPropertyKey
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
addEventListener
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_getDecoratorsApi
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
AccessibleMegaMenu
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
boundingClientRect
 targetRect 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_setKeyframeDefaults
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateFieldGet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateFieldSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getBoundingClientRect
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
__classPrivateFieldGet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
__classPrivateFieldSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateMethodGet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateMethodSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_checkPrivateRedeclaration
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateFieldInitSpec
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateFieldLooseKey
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateFieldLooseBase
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateMethodInitSpec
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classStaticPrivateMethodGet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classStaticPrivateMethodSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classCheckPrivateStaticAccess
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classStaticPrivateFieldSpecGet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classStaticPrivateFieldSpecSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getKeyframedConstructorFunction
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateFieldDestructureSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classStaticPrivateFieldDestructureSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classCheckPrivateStaticFieldDescriptor
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
Total: 49 exposed variables found

Analyse des domaines API

13 Domains

External API domains discovered in client-side code

EXTERNAL_API_DOMAIN

api.websitecarbon.com

Reachable

HTTPS Enabled

Security Note: