Recette de cuisine : 63 000 recettes de cuisine française et du monde

HTTPS

ANÁLISE_ALVO

cuisine.journaldesfemmes.fr

IP: 0.0.0.0

ASN: AS0

Um relatório completo de análise de segurança e rede para cuisine.journaldesfemmes.fr.

Porta Principal: 443
Tempo de Análise: 4/12/2026, 5:31:14 PM
Link de Relatório Partilhável: https://sechttp.com/scan/cuisine.journaldesfemmes.fr

Análise de Segurança Detalhada

Análise de Caminho de Ataque e Defesa contra DDoS

Atacante

Tráfego L4

Tráfego L7

AS0 (Unknown POP)

L4 Defendido

L7 Contornado

L4 Bloqueado

Tráfego L7

O Seu Servidor

Resumo de Defesa

Embora Unknown forneça proteção robusta contra ataques de camada 4 (nível de rede), o seu servidor permanece potencialmente vulnerável a ataques sofisticados de camada 7 (nível de aplicação) que podem contornar as defesas padrão de CDN. São recomendadas regras WAF adicionais e medidas de segurança do lado da aplicação.

Defesa de Camada 4

Unknown fornece proteção robusta contra inundações SYN, amplificação UDP e ataques volumétricos na borda da rede.

Vulnerabilidades de Camada 7

Ataques de camada de aplicação direcionados a pontos finais de API expostos de 5 requerem regras WAF adicionais e limitação de taxa.

Cabeçalho HSTS Ausente ou Inválido

MEDIUM

SEC-001

Descrição

O cabeçalho Strict-Transport-Security não está configurado corretamente, deixando o site vulnerável a ataques do tipo man-in-the-middle.

Recomendação

Implemente HSTS adicionando o cabeçalho Strict-Transport-Security com um valor max-age adequado para forçar conexões HTTPS.

Exposição de Informações Sensíveis em JavaScript

HIGH

JS-001

Descrição

Foram encontradas 66 variáveis potencialmente sensíveis expostas no código JavaScript do lado do cliente.

Recomendação

Revise e remova informações sensíveis do código do lado do cliente. Use variáveis de ambiente e processamento do lado do servidor para dados sensíveis.

root@sechttp: /var/log/fuzz

 root@sechttp : ~ $ 
 >  [Code: 200]  
/api/microforum/avis/?id= [FUGA SENSÍVEL]  
 >  [Code: 403]  
/api/microforum/avis/  [PROIBIDO] 
 >  [Code: 404]  
/api/tagconf/   
 >  [Code: 200]  
/api/block/ [FUGA SENSÍVEL]  
 >  [Code: 403]  
/api/contentconf/  [PROIBIDO] 
 [+] Análise concluída. Encontrado 2 fugas potenciais. 
root@sechttp:~$

Resultados da Análise de Portas

   Porta Serviço Estado Versão 
HTTP  FECHADO   -  
HTTPS  ABERTO   TLS 1.3  
SSH  FILTRADO   -  
MySQL  FECHADO   -  
  

Porta	Serviço	Estado	Versão
80	HTTP	FECHADO	-
443	HTTPS	ABERTO	TLS 1.3
22	SSH	FILTRADO	-
3306	MySQL	FECHADO	-

Análise de Cabeçalhos HTTP

date: Sun, 12 Apr 2026 17:31:06 GMT 
pragma: no-cache 
expires: Sun, 12 Apr 2026 17:31:06 GMT 
x-ccm-lm: 1776014563 
connection: keep-alive 
x-served-by: lxc-varnish-jdf-04 
content-type: text/html; charset=UTF-8 
cache-control: max-age=0, no-cache 
last-modified: Sun, 12 Apr 2026 17:26:28 GMT 
content-length: 229085 
x-ccm-cache-tag: jdf_ctag_91 
x-frame-options: sameorigin 
x-www-served-by: vm_k8s_prod_21 
content-language: fr 
x-cache-esi-debug: Forwarded 
content-security-policy: frame-ancestors 'self' 

Atualmente em Teste

A informação de peering está a ser analisada.

Atualmente em Teste

Os dados dos pontos de intercâmbio de Internet estão a ser recolhidos.

Análise de JavaScript

Security Analysis Alert

Client-side code analysis has identified potential security vulnerabilities and information disclosure risks.

Variáveis de JavaScript Expostas

66 Found

Variables exposed in client-side code that may contain sensitive information

# Security Assessment: Variable Exposure Analysis
 
LEAK
 
API
 ,e)});else{console.warn( 

Risk: Information disclosure via client-side exposure
 
LEAK
 
dev
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
key
 getTranslation 

Risk: Information disclosure via client-side exposure
 
LEAK
 
url
 /api/contentconf/ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
code
 MODULE_NOT_FOUND 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keys
 n 

Risk: Information disclosure via client-side exposure
 
LEAK
 
test
 \x3c!--@MOD:widget@{ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
email
 void 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyup
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
token
 t 

Risk: Information disclosure via client-side exposure
 
LEAK
 
COOKIE
 D, dd M yy 

Risk: Information disclosure via client-side exposure
 
LEAK
 
access
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
author
 o 

Risk: Information disclosure via client-side exposure
 
LEAK
 
client
 +e.clientId+ 

Risk: Information disclosure via client-side exposure
 
LEAK
 
domain
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getUrl
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
mailto
 redac 

Risk: Information disclosure via client-side exposure
 
LEAK
 
baseUrl
 // 

Risk: Information disclosure via client-side exposure
 
LEAK
 
dataKey
 data-channelId 

Risk: Information disclosure via client-side exposure
 
LEAK
 
fileAPI
 +E);var T,S=(j||C)&&!E;!1!==t.iframe&&(t.iframe||S)?t.closeKeepAlive?e.get(t.closeKeepAlive,function(){T=N(y)}):T=N(y):T=(j||C)&&E?M(y):e.ajax(t),p.removeData( 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keyCode
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keydown
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
sitekey
 6LfcECcUAAAAANw9v7LQYqYsrkQmseAxos7r8wQP 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urlHash
 window 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_doKeyUp
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_keydown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
adDomain
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
b.domain
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
charCode
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
clientId
 breakingnews 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keypress
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
shareUrl
 encodeURIComponent 

Risk: Information disclosure via client-side exposure
 
LEAK
 
snapItem
 s 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urlLabel
 m 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_isNumber
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_keyEvent
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
i.keydown
 _keydown 

Risk: Information disclosure via client-side exposure
 
LEAK
 
wrapInner
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_doKeyDown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_onKeyDown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
b.clientId
 <empty_value> 

Risk: Information disclosure via client-side exposure
 
LEAK
 
contentUrl
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
statusCode
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_doKeyPress
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_tabKeydown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
credentials
 include 

Risk: Information disclosure via client-side exposure
 
LEAK
 
facebookUrl
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
numberFormat
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
pinterestUrl
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_panelKeyDown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_panelKeydown
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
defaultDomain
 fc 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getPublicPath
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
maxRatingKeys
 100 

Risk: Information disclosure via client-side exposure
 
LEAK
 
urlParameters
 window 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getResourceUrl
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
numberOfMonths
 1 

Risk: Information disclosure via client-side exposure
 
LEAK
 
storageKeyName
 ccmratings 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ratingKeysToDrop
 90 

Risk: Information disclosure via client-side exposure
 
LEAK
 
jPaginationNumber
 paginationNumber 

Risk: Information disclosure via client-side exposure
 
LEAK
 
pinterestMediaUrl
 a 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_getNumberOfMonths
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_closeOnClickOutside
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_intersectsWithSides
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
defaultOptions.dataKey
 data-channelId 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getUrlForExternalResource
 function 

Risk: Information disclosure via client-side exposure
 
Total: 66 exposed variables found

Análise de Domínios API

16 Domains

External API domains discovered in client-side code

EXTERNAL_API_DOMAIN

jqueryui.com

Reachable

HTTPS Enabled

Security Note: