Recette de cuisine : 63 000 recettes de cuisine française et du monde

HTTPS

DOEL_ANALYSE

cuisine.journaldesfemmes.fr

IP: 0.0.0.0

ASN: AS0

Een uitgebreid beveiligings- en netwerkanalyserapport voor cuisine.journaldesfemmes.fr.

Primaire Poort: 443
Scantijd: 4/12/2026, 5:31:14 PM
Deelbare Rapportlink: https://sechttp.com/scan/cuisine.journaldesfemmes.fr

Gedetailleerde Beveiligingsanalyse

Aanvalspad & DDoS-verdedigingsanalyse

Aanvaller

L4-verkeer

L7-verkeer

AS0 (Unknown POP)

L4 Verdedigd

L7 Omzeild

L4 Geblokkeerd

L7-verkeer

Uw Server

Verdedigingsoverzicht

Hoewel Unknown robuuste bescherming biedt tegen Layer 4 (netwerklaag) aanvallen, blijft uw server mogelijk kwetsbaar voor geavanceerde Layer 7 (toepassingslaag) aanvallen die standaard CDN-verdedigingen kunnen omzeilen. Aanvullende WAF-regels en beveiligingsmaatregelen aan de applicatiekant worden aanbevolen.

Laag 4 Verdediging

Unknown Biedt robuuste bescherming tegen SYN-flood, UDP-versterking en volumetrische aanvallen aan de netwerkrand.

Laag 7 Kwetsbaarheden

Aanvallen op de toepassingslaag die gericht zijn op 5 blootgestelde API-eindpunten vereisen aanvullende WAF-regels en snelheidsbeperking.

Ontbrekende of Ongeldige HSTS Header

MEDIUM

SEC-001

Beschrijving

De Strict-Transport-Security header is niet correct geconfigureerd, waardoor de site kwetsbaar is voor man-in-the-middle aanvallen.

Aanbeveling

Implementeer HSTS door de Strict-Transport-Security header toe te voegen met een geschikte max-age waarde om HTTPS-verbindingen af te dwingen.

Blootstelling Gevoelige Informatie in JavaScript

HIGH

JS-001

Beschrijving

Gevonden 66 mogelijk gevoelige variabelen blootgesteld in client-side JavaScript-code.

Aanbeveling

Controleer en verwijder gevoelige informatie uit client-side code. Gebruik omgevingsvariabelen en server-side verwerking voor gevoelige gegevens.

root@sechttp: /var/log/fuzz

 root@sechttp : ~ $ 
 >  [Code: 200]  
/api/microforum/avis/?id= [GEVOELIG LEK]  
 >  [Code: 403]  
/api/microforum/avis/  [VERBODEN] 
 >  [Code: 404]  
/api/tagconf/   
 >  [Code: 200]  
/api/block/ [GEVOELIG LEK]  
 >  [Code: 403]  
/api/contentconf/  [VERBODEN] 
 [+] Scan voltooid. Gevonden 2 potentiële lekken. 
root@sechttp:~$

Poortscanresultaten

   Poort Dienst Status Versie 
HTTP  GESLOTEN   -  
HTTPS  OPEN   TLS 1.3  
SSH  GEFILTERD   -  
MySQL  GESLOTEN   -  
  

Poort	Dienst	Status	Versie
80	HTTP	GESLOTEN	-
443	HTTPS	OPEN	TLS 1.3
22	SSH	GEFILTERD	-
3306	MySQL	GESLOTEN	-

HTTP Headers Analyse

date: Sun, 12 Apr 2026 17:31:06 GMT 
pragma: no-cache 
expires: Sun, 12 Apr 2026 17:31:06 GMT 
x-ccm-lm: 1776014563 
connection: keep-alive 
x-served-by: lxc-varnish-jdf-04 
content-type: text/html; charset=UTF-8 
cache-control: max-age=0, no-cache 
last-modified: Sun, 12 Apr 2026 17:26:28 GMT 
content-length: 229085 
x-ccm-cache-tag: jdf_ctag_91 
x-frame-options: sameorigin 
x-www-served-by: vm_k8s_prod_21 
content-language: fr 
x-cache-esi-debug: Forwarded 
content-security-policy: frame-ancestors 'self' 

Momenteel in Test

Peeringinformatie wordt geanalyseerd.

Momenteel in Test

Internet Exchange gegevens worden verzameld.

JavaScript Analyse

Security Analysis Alert

Client-side code analysis has identified potential security vulnerabilities and information disclosure risks.

Blootgestelde JavaScript Variabelen

66 Found

Variables exposed in client-side code that may contain sensitive information

# Security Assessment: Variable Exposure Analysis
 
LEAK
 
API
 ,e)});else{console.warn( 

Risk: Information disclosure via client-side exposure
 
LEAK
 
dev
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
key
 getTranslation 

Risk: Information disclosure via client-side exposure
 
LEAK
 
url
 /api/contentconf/ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
code
 MODULE_NOT_FOUND 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keys
 n 

Risk: Information disclosure via client-side exposure
 
LEAK
 
test
 \x3c!--@MOD:widget@{ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
email
 void 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyup
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
token
 t 

Risk: Information disclosure via client-side exposure
 
LEAK
 
COOKIE
 D, dd M yy 

Risk: Information disclosure via client-side exposure
 
LEAK
 
access
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
author
 o 

Risk: Information disclosure via client-side exposure
 
LEAK
 
client
 +e.clientId+ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
domain
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getUrl
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
mailto
 redac 

Risk: Information disclosure via client-side exposure
 
LEAK
 
baseUrl
 // 

Risk: Information disclosure via client-side exposure
 
LEAK
 
dataKey
 data-channelId 

Risk: Information disclosure via client-side exposure
 
LEAK
 
fileAPI
 +E);var T,S=(j||C)&&!E;!1!==t.iframe&&(t.iframe||S)?t.closeKeepAlive?e.get(t.closeKeepAlive,function(){T=N(y)}):T=N(y):T=(j||C)&&E?M(y):e.ajax(t),p.removeData( 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyCode
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keydown
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
sitekey
 6LfcECcUAAAAANw9v7LQYqYsrkQmseAxos7r8wQP 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urlHash
 window 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_doKeyUp
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_keydown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
adDomain
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
b.domain
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
charCode
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientId
 breakingnews 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keypress
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
shareUrl
 encodeURIComponent 

Risk: Information disclosure via client-side exposure
 
LEAK
 
snapItem
 s 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urlLabel
 m 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_isNumber
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_keyEvent
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
i.keydown
 _keydown 

Risk: Information disclosure via client-side exposure
 
LEAK
 
wrapInner
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_doKeyDown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_onKeyDown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
b.clientId
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
contentUrl
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
statusCode
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_doKeyPress
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_tabKeydown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
credentials
 include 

Risk: Information disclosure via client-side exposure
 
LEAK
 
facebookUrl
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
numberFormat
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
pinterestUrl
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_panelKeyDown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_panelKeydown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
defaultDomain
 fc 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getPublicPath
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
maxRatingKeys
 100 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urlParameters
 window 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getResourceUrl
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
numberOfMonths
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
storageKeyName
 ccmratings 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ratingKeysToDrop
 90 

Risk: Information disclosure via client-side exposure
 
LEAK
 
jPaginationNumber
 paginationNumber 

Risk: Information disclosure via client-side exposure
 
LEAK
 
pinterestMediaUrl
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_getNumberOfMonths
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_closeOnClickOutside
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_intersectsWithSides
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
defaultOptions.dataKey
 data-channelId 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getUrlForExternalResource
 function 

Risk: Information disclosure via client-side exposure
 
Total: 66 exposed variables found

API Domein Analyse

16 Domains

External API domains discovered in client-side code

EXTERNAL_API_DOMAIN

jqueryui.com

Reachable

HTTPS Enabled

Security Note: