EDLN – Page d'accueil

HTTPS

TARGET_ANALYSIS

edln.org

IP: 0.0.0.0

ASN: AS0

A comprehensive security and network analysis report for edln.org. Server: OVHcloud.

Primary Port: 443
Scan Time: 4/12/2026, 7:28:01 PM
Shareable Report Link: https://sechttp.com/scan/edln.org

Detailed Security Analysis

Attack Path & DDoS Defense Analysis

Attacker

L4 Traffic

L7 Traffic

AS0 (OVHcloud POP)

L4 Defended

L7 Bypassed

L4 Blocked

L7 Traffic

Your Server

Defense Summary

While OVHcloud provides robust protection against Layer 4 (network-level) attacks, your server remains potentially vulnerable to sophisticated Layer 7 (application-level) attacks that can bypass standard CDN defenses. Additional WAF rules and application-side security measures are recommended.

Layer 4 Defense

OVHcloud provides robust SYN flood, UDP amplification, and volumetric attack protection at the network edge.

Layer 7 Vulnerabilities

Application-layer attacks targeting 0 exposed API endpoints require additional WAF rules and rate limiting.

Server Information Disclosure

LOW

INFO-001

Description

The server is disclosing its software type: OVHcloud. This can help attackers identify potential vulnerabilities.

Recommendation

Configure your web server to hide or modify the Server header to prevent information disclosure.

Missing or Invalid HSTS Header

MEDIUM

SEC-001

Description

The Strict-Transport-Security header is not properly configured, leaving the site vulnerable to man-in-the-middle attacks.

Recommendation

Implement HSTS by adding the Strict-Transport-Security header with a proper max-age value to force HTTPS connections.

Missing X-Frame-Options Header

MEDIUM

SEC-002

Description

The site is not protected against clickjacking attacks.

Recommendation

Add the X-Frame-Options header with value 'DENY' or 'SAMEORIGIN' to prevent clickjacking.

Sensitive Information Exposure in JavaScript

HIGH

JS-001

Description

Found 16 potentially sensitive variables exposed in client-side JavaScript code.

Recommendation

Review and remove sensitive information from client-side code. Use environment variables and server-side processing for sensitive data.

Currently Testing

No fuzzing data available for this scan.

Port Scan Results

   Port Service Status Version 
HTTP  CLOSED   -  
HTTPS  OPEN   TLS 1.3  
SSH  FILTERED   -  
MySQL  CLOSED   -  
  

Port	Service	Status	Version
80	HTTP	CLOSED	-
443	HTTPS	OPEN	TLS 1.3
22	SSH	FILTERED	-
3306	MySQL	CLOSED	-

HTTP Headers Analysis

date: Sun, 12 Apr 2026 19:27:57 GMT 
vary: Accept-Encoding,Cookie 
server: OVHcloud 
connection: keep-alive 
content-type: text/html; charset=UTF-8 
x-powered-by: PHP/8.4 
cache-control: max-age=3, must-revalidate 
last-modified: Sun, 12 Apr 2026 09:52:21 GMT 
content-length: 109770 

Currently Testing

Peering information is being analyzed.

Currently Testing

Internet Exchange data is being collected.

JavaScript Analysis

Security Analysis Alert

Client-side code analysis has identified potential security vulnerabilities and information disclosure risks.

Exposed JavaScript Variables

16 Found

Variables exposed in client-side code that may contain sensitive information

# Security Assessment: Variable Exposure Analysis
 
LEAK
 
key
 )+4).split( 

Risk: Information disclosure via client-side exposure
 
LEAK
 
url
 c 

Risk: Information disclosure via client-side exposure
 
LEAK
 
code
 invalid_json 

Risk: Information disclosure via client-side exposure
 
LEAK
 
f.code
 fetch_error 

Risk: Information disclosure via client-side exposure
 
LEAK
 
u.code
 invalid_json 

Risk: Information disclosure via client-side exposure
 
LEAK
 
lastUrl
 window 

Risk: Information disclosure via client-side exposure
 
LEAK
 
linkURL
 t 

Risk: Information disclosure via client-side exposure
 
LEAK
 
endpoint
 refill 

Risk: Information disclosure via client-side exposure
 
LEAK
 
imageURL
 t 

Risk: Information disclosure via client-side exposure
 
LEAK
 
base64Encode
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
onMissingKey
 null 

Risk: Information disclosure via client-side exposure
 
LEAK
 
sendEventData
 async 

Risk: Information disclosure via client-side exposure
 
LEAK
 
trackUrlChange
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
handleUrlChange
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
handleWpConsentApiIntegration
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
handleRealCookieBannerIntegration
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
Total: 16 exposed variables found

JavaScript Resources

12 Files

JavaScript files loaded by the application

https://edln.org/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1

https://edln.org/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375

https://edln.org/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.5

https://edln.org/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.5

https://edln.org/wp-content/themes/edln/dist/main.js?ver=1775640150

https://edln.org/wp-content/plugins/wp-statistics/assets/js/tracker.js?ver=14.16.5

"https://edln.org/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1"

"https://edln.org/wp-includes/js/dist/i18n.min.js?ver=c26c3dc7bed366793375"

"https://edln.org/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.5"

"https://edln.org/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.5"

"https://edln.org/wp-content/themes/edln/dist/main.js?ver=1775640150"

"https://edln.org/wp-content/plugins/wp-statistics/assets/js/tracker.js?ver=14.16.5"

Security Recommendations

• Avoid exposing sensitive variables in client-side code
• Implement proper API authentication and rate limiting
• Use environment variables for sensitive configuration
• Regularly audit client-side code for information leaks
• Minimize the amount of sensitive data processed on the client side

Historical Scan Records (1)