Source DOM de la sélection.html 35 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. <!DOCTYPE html>
  2. <html><head>
  3. <meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width"><title>Source DOM de la sélection</title><link rel="stylesheet" type="text/css" href="resource://content-accessible/viewsource.css"></head><body id="viewsource" class="highlight" style="-moz-tab-size: 4" contextmenu="actions"><pre id="line1"><span></span><span class="error" title="Balise ouvrante rencontrée sans avoir rencontré de doctype auparavant. «&nbsp;&lt;!DOCTYPE html&gt;&nbsp;» attendu.">&lt;<span class="start-tag">div</span> <span class="attribute-name">class</span>="<a class="attribute-value">table-responsive</a>"&gt;</span><span>
  4. <span id="line2"></span> </span><span>&lt;<span class="start-tag">table</span> <span class="attribute-name">class</span>="<a class="attribute-value">table table-striped table-condensed pull-left scan-summary-table</a>"&gt;</span><span>
  5. <span id="line3"></span> </span><span>&lt;<span class="start-tag">tbody</span>&gt;</span><span></span><span>&lt;<span class="start-tag">tr</span>&gt;</span><span>
  6. <span id="line4"></span> </span><span>&lt;<span class="start-tag">th</span>&gt;</span><span>Test</span><span>&lt;/<span class="end-tag">th</span>&gt;</span><span>
  7. <span id="line5"></span> </span><span>&lt;<span class="start-tag">th</span>&gt;</span><span>Pass</span><span>&lt;/<span class="end-tag">th</span>&gt;</span><span>
  8. <span id="line6"></span> </span><span>&lt;<span class="start-tag">th</span>&gt;</span><span>Score</span><span>&lt;/<span class="end-tag">th</span>&gt;</span><span>
  9. <span id="line7"></span> </span><span>&lt;<span class="start-tag">th</span>&gt;</span><span>Explanation</span><span>&lt;/<span class="end-tag">th</span>&gt;</span><span>
  10. <span id="line8"></span> </span><span>&lt;<span class="start-tag">th</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">th</span>&gt;</span><span>
  11. <span id="line9"></span> </span><span>&lt;/<span class="end-tag">tr</span>&gt;</span><span>
  12. <span id="line10"></span> </span><span>&lt;<span class="start-tag">tr</span>&gt;</span><span>
  13. <span id="line11"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">a</span> <span class="attribute-name">href</span>="<a class="attribute-value" href="view-source:https://infosec.mozilla.org/guidelines/web_security#content-security-policy">https://infosec.mozilla.org/guidelines/web_security#content-security-policy</a>"&gt;</span><span>Content Security Policy</span><span>&lt;/<span class="end-tag">a</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  14. <span id="line12"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-remove</a>" <span class="attribute-name">id</span>="<a class="attribute-value">tests-content-security-policy-pass</a>" <span class="attribute-name">aria-hidden</span>="<a class="attribute-value">true</a>" <span class="attribute-name">aria-label</span>="<a class="attribute-value">Fail</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  15. <span id="line13"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-content-security-policy-score</a>"&gt;</span><span>-25</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  16. <span id="line14"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-content-security-policy-score-description</a>"&gt;</span><span>Content Security Policy (CSP) header not implemented</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  17. <span id="line15"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">span</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-info-sign</a>" <span class="attribute-name">data-toggle</span>="<a class="attribute-value">popover</a>" <span class="attribute-name">title</span>="<a class="attribute-value"></a>" <span class="attribute-name">data-content</span>="<a class="attribute-value">Content Security Policy (CSP) can prevent a wide range of cross-site scripting (XSS) and clickjacking attacks against your website.</a>" <span class="attribute-name">data-original-title</span>="<a class="attribute-value">Content Security Policy</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">span</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  18. <span id="line16"></span> </span><span>&lt;/<span class="end-tag">tr</span>&gt;</span><span>
  19. <span id="line17"></span>
  20. <span id="line18"></span> </span><span>&lt;<span class="start-tag">tr</span>&gt;</span><span>
  21. <span id="line19"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">a</span> <span class="attribute-name">href</span>="<a class="attribute-value" href="view-source:https://infosec.mozilla.org/guidelines/web_security#cookies">https://infosec.mozilla.org/guidelines/web_security#cookies</a>"&gt;</span><span>Cookies</span><span>&lt;/<span class="end-tag">a</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  22. <span id="line20"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-minus</a>" <span class="attribute-name">id</span>="<a class="attribute-value">tests-cookies-pass</a>" <span class="attribute-name">aria-hidden</span>="<a class="attribute-value">true</a>" <span class="attribute-name">aria-label</span>="<a class="attribute-value">Not Applicable / Optional</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  23. <span id="line21"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-cookies-score</a>"&gt;</span><span>0</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  24. <span id="line22"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-cookies-score-description</a>"&gt;</span><span>No cookies detected</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  25. <span id="line23"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">span</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-info-sign</a>" <span class="attribute-name">data-toggle</span>="<a class="attribute-value">popover</a>" <span class="attribute-name">title</span>="<a class="attribute-value"></a>" <span class="attribute-name">data-content</span>="<a class="attribute-value">Using cookies attributes such as Secure and HttpOnly can protect users from having their personal information stolen.</a>" <span class="attribute-name">data-original-title</span>="<a class="attribute-value">Cookies</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">span</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  26. <span id="line24"></span> </span><span>&lt;/<span class="end-tag">tr</span>&gt;</span><span>
  27. <span id="line25"></span> </span><span>&lt;<span class="start-tag">tr</span>&gt;</span><span>
  28. <span id="line26"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">a</span> <span class="attribute-name">href</span>="<a class="attribute-value" href="view-source:https://infosec.mozilla.org/guidelines/web_security#cross-origin-resource-sharing">https://infosec.mozilla.org/guidelines/web_security#cross-origin-resource-sharing</a>"&gt;</span><span>Cross-origin Resource Sharing</span><span>&lt;/<span class="end-tag">a</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  29. <span id="line27"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-ok</a>" <span class="attribute-name">id</span>="<a class="attribute-value">tests-cross-origin-resource-sharing-pass</a>" <span class="attribute-name">aria-hidden</span>="<a class="attribute-value">true</a>" <span class="attribute-name">aria-label</span>="<a class="attribute-value">Pass</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  30. <span id="line28"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-cross-origin-resource-sharing-score</a>"&gt;</span><span>0</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  31. <span id="line29"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-cross-origin-resource-sharing-score-description</a>"&gt;</span><span>Content is not visible via cross-origin resource sharing (CORS) files or headers</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  32. <span id="line30"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">span</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-info-sign</a>" <span class="attribute-name">data-toggle</span>="<a class="attribute-value">popover</a>" <span class="attribute-name">title</span>="<a class="attribute-value"></a>" <span class="attribute-name">data-content</span>="<a class="attribute-value">Incorrectly configured CORS settings can allow foreign sites to read your site's contents, possibly allowing them access to private user information.</a>" <span class="attribute-name">data-original-title</span>="<a class="attribute-value">Cross-origin Resource Sharing</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">span</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  33. <span id="line31"></span> </span><span>&lt;/<span class="end-tag">tr</span>&gt;</span><span>
  34. <span id="line32"></span> </span><span>&lt;<span class="start-tag">tr</span>&gt;</span><span>
  35. <span id="line33"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">a</span> <span class="attribute-name">href</span>="<a class="attribute-value" href="view-source:https://infosec.mozilla.org/guidelines/web_security#http-public-key-pinning">https://infosec.mozilla.org/guidelines/web_security#http-public-key-pinning</a>"&gt;</span><span>HTTP Public Key Pinning</span><span>&lt;/<span class="end-tag">a</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  36. <span id="line34"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-minus</a>" <span class="attribute-name">id</span>="<a class="attribute-value">tests-public-key-pinning-pass</a>" <span class="attribute-name">aria-hidden</span>="<a class="attribute-value">true</a>" <span class="attribute-name">aria-label</span>="<a class="attribute-value">Not Applicable / Optional</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  37. <span id="line35"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-public-key-pinning-score</a>"&gt;</span><span>0</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  38. <span id="line36"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-public-key-pinning-score-description</a>"&gt;</span><span>HTTP Public Key Pinning (HPKP) header not implemented (optional)</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  39. <span id="line37"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">span</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-info-sign</a>" <span class="attribute-name">data-toggle</span>="<a class="attribute-value">popover</a>" <span class="attribute-name">title</span>="<a class="attribute-value"></a>" <span class="attribute-name">data-content</span>="<a class="attribute-value">HTTP Public Key Pinning (HPKP) binds a site to a specific combination of certificate authorities and/or keys, protecting against the unauthorized issuance of certificates.</a>" <span class="attribute-name">data-original-title</span>="<a class="attribute-value">HTTP Public Key Pinning</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">span</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  40. <span id="line38"></span> </span><span>&lt;/<span class="end-tag">tr</span>&gt;</span><span>
  41. <span id="line39"></span> </span><span>&lt;<span class="start-tag">tr</span>&gt;</span><span>
  42. <span id="line40"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">a</span> <span class="attribute-name">href</span>="<a class="attribute-value" href="view-source:https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security">https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security</a>"&gt;</span><span>HTTP Strict Transport Security</span><span>&lt;/<span class="end-tag">a</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  43. <span id="line41"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-ok</a>" <span class="attribute-name">id</span>="<a class="attribute-value">tests-strict-transport-security-pass</a>" <span class="attribute-name">aria-hidden</span>="<a class="attribute-value">true</a>" <span class="attribute-name">aria-label</span>="<a class="attribute-value">Pass</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  44. <span id="line42"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-strict-transport-security-score</a>"&gt;</span><span>0</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  45. <span id="line43"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-strict-transport-security-score-description</a>"&gt;</span><span>HTTP Strict Transport Security (HSTS) header set to a minimum of six months (15768000)</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  46. <span id="line44"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">span</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-info-sign</a>" <span class="attribute-name">data-toggle</span>="<a class="attribute-value">popover</a>" <span class="attribute-name">title</span>="<a class="attribute-value"></a>" <span class="attribute-name">data-content</span>="<a class="attribute-value">HTTP Strict Transport Security (HSTS) instructs web browsers to visit your site only over HTTPS.</a>" <span class="attribute-name">data-original-title</span>="<a class="attribute-value">HTTP Strict Transport Security</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">span</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  47. <span id="line45"></span> </span><span>&lt;/<span class="end-tag">tr</span>&gt;</span><span>
  48. <span id="line46"></span> </span><span>&lt;<span class="start-tag">tr</span>&gt;</span><span>
  49. <span id="line47"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">a</span> <span class="attribute-name">href</span>="<a class="attribute-value" href="view-source:https://infosec.mozilla.org/guidelines/web_security#http-redirections">https://infosec.mozilla.org/guidelines/web_security#http-redirections</a>"&gt;</span><span>Redirection</span><span>&lt;/<span class="end-tag">a</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  50. <span id="line48"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-ok</a>" <span class="attribute-name">id</span>="<a class="attribute-value">tests-redirection-pass</a>" <span class="attribute-name">aria-hidden</span>="<a class="attribute-value">true</a>" <span class="attribute-name">aria-label</span>="<a class="attribute-value">Pass</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  51. <span id="line49"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-redirection-score</a>"&gt;</span><span>0</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  52. <span id="line50"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-redirection-score-description</a>"&gt;</span><span>Initial redirection is to HTTPS on same host, final destination is HTTPS</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  53. <span id="line51"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">span</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-info-sign</a>" <span class="attribute-name">data-toggle</span>="<a class="attribute-value">popover</a>" <span class="attribute-name">title</span>="<a class="attribute-value"></a>" <span class="attribute-name">data-content</span>="<a class="attribute-value">Properly configured redirections from HTTP to HTTPS allow browsers to correctly apply HTTP Strict Transport Security (HSTS) settings.</a>" <span class="attribute-name">data-original-title</span>="<a class="attribute-value">Redirection</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">span</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  54. <span id="line52"></span> </span><span>&lt;/<span class="end-tag">tr</span>&gt;</span><span>
  55. <span id="line53"></span> </span><span>&lt;<span class="start-tag">tr</span>&gt;</span><span>
  56. <span id="line54"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">a</span> <span class="attribute-name">href</span>="<a class="attribute-value" href="view-source:https://infosec.mozilla.org/guidelines/web_security#referrer-policy">https://infosec.mozilla.org/guidelines/web_security#referrer-policy</a>"&gt;</span><span>Referrer Policy</span><span>&lt;/<span class="end-tag">a</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  57. <span id="line55"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-minus</a>" <span class="attribute-name">id</span>="<a class="attribute-value">tests-referrer-policy-pass</a>" <span class="attribute-name">aria-hidden</span>="<a class="attribute-value">true</a>" <span class="attribute-name">aria-label</span>="<a class="attribute-value">Not Applicable / Optional</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  58. <span id="line56"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-referrer-policy-score</a>"&gt;</span><span>0</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  59. <span id="line57"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-referrer-policy-score-description</a>"&gt;</span><span>Referrer-Policy header not implemented (optional)</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  60. <span id="line58"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">span</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-info-sign</a>" <span class="attribute-name">data-toggle</span>="<a class="attribute-value">popover</a>" <span class="attribute-name">title</span>="<a class="attribute-value"></a>" <span class="attribute-name">data-content</span>="<a class="attribute-value">Referrer Policy can protect the privacy of your users by restricting the contents of the HTTP Referer header.</a>" <span class="attribute-name">data-original-title</span>="<a class="attribute-value">Referrer Policy</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">span</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  61. <span id="line59"></span> </span><span>&lt;/<span class="end-tag">tr</span>&gt;</span><span>
  62. <span id="line60"></span> </span><span>&lt;<span class="start-tag">tr</span>&gt;</span><span>
  63. <span id="line61"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">a</span> <span class="attribute-name">href</span>="<a class="attribute-value" href="view-source:https://infosec.mozilla.org/guidelines/web_security#subresource-integrity">https://infosec.mozilla.org/guidelines/web_security#subresource-integrity</a>"&gt;</span><span>Subresource Integrity</span><span>&lt;/<span class="end-tag">a</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  64. <span id="line62"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-minus</a>" <span class="attribute-name">id</span>="<a class="attribute-value">tests-subresource-integrity-pass</a>" <span class="attribute-name">aria-hidden</span>="<a class="attribute-value">true</a>" <span class="attribute-name">aria-label</span>="<a class="attribute-value">Not Applicable / Optional</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  65. <span id="line63"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-subresource-integrity-score</a>"&gt;</span><span>0</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  66. <span id="line64"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-subresource-integrity-score-description</a>"&gt;</span><span>Subresource Integrity (SRI) is not needed since site contains no script tags</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  67. <span id="line65"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">span</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-info-sign</a>" <span class="attribute-name">data-toggle</span>="<a class="attribute-value">popover</a>" <span class="attribute-name">title</span>="<a class="attribute-value"></a>" <span class="attribute-name">data-content</span>="<a class="attribute-value">Subresource Integrity protects against JavaScript files and stylesheets stored on content delivery networks (CDNs) from being maliciously modified.</a>" <span class="attribute-name">data-original-title</span>="<a class="attribute-value">Subresource Integrity</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">span</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  68. <span id="line66"></span> </span><span>&lt;/<span class="end-tag">tr</span>&gt;</span><span>
  69. <span id="line67"></span> </span><span>&lt;<span class="start-tag">tr</span>&gt;</span><span>
  70. <span id="line68"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">a</span> <span class="attribute-name">href</span>="<a class="attribute-value" href="view-source:https://infosec.mozilla.org/guidelines/web_security#x-content-type-options">https://infosec.mozilla.org/guidelines/web_security#x-content-type-options</a>"&gt;</span><span>X-Content-Type-Options</span><span>&lt;/<span class="end-tag">a</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  71. <span id="line69"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-remove</a>" <span class="attribute-name">id</span>="<a class="attribute-value">tests-x-content-type-options-pass</a>" <span class="attribute-name">aria-hidden</span>="<a class="attribute-value">true</a>" <span class="attribute-name">aria-label</span>="<a class="attribute-value">Fail</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  72. <span id="line70"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-x-content-type-options-score</a>"&gt;</span><span>-5</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  73. <span id="line71"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-x-content-type-options-score-description</a>"&gt;</span><span>X-Content-Type-Options header not implemented</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  74. <span id="line72"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">span</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-info-sign</a>" <span class="attribute-name">data-toggle</span>="<a class="attribute-value">popover</a>" <span class="attribute-name">title</span>="<a class="attribute-value"></a>" <span class="attribute-name">data-content</span>="<a class="attribute-value">X-Content-Type-Options instructs browsers to not guess the MIME types of files that the web server is delivering.</a>" <span class="attribute-name">data-original-title</span>="<a class="attribute-value">X-Content-Type-Options</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">span</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  75. <span id="line73"></span> </span><span>&lt;/<span class="end-tag">tr</span>&gt;</span><span>
  76. <span id="line74"></span> </span><span>&lt;<span class="start-tag">tr</span>&gt;</span><span>
  77. <span id="line75"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">a</span> <span class="attribute-name">href</span>="<a class="attribute-value" href="view-source:https://infosec.mozilla.org/guidelines/web_security#x-frame-options">https://infosec.mozilla.org/guidelines/web_security#x-frame-options</a>"&gt;</span><span>X-Frame-Options</span><span>&lt;/<span class="end-tag">a</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  78. <span id="line76"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-remove</a>" <span class="attribute-name">id</span>="<a class="attribute-value">tests-x-frame-options-pass</a>" <span class="attribute-name">aria-hidden</span>="<a class="attribute-value">true</a>" <span class="attribute-name">aria-label</span>="<a class="attribute-value">Fail</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  79. <span id="line77"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-x-frame-options-score</a>"&gt;</span><span>-20</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  80. <span id="line78"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-x-frame-options-score-description</a>"&gt;</span><span>X-Frame-Options (XFO) header not implemented</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  81. <span id="line79"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">span</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-info-sign</a>" <span class="attribute-name">data-toggle</span>="<a class="attribute-value">popover</a>" <span class="attribute-name">title</span>="<a class="attribute-value"></a>" <span class="attribute-name">data-content</span>="<a class="attribute-value">X-Frame-Options controls whether your site can be framed, protecting against clickjacking attacks. It has been superseded by Content Security Policy's &lt;code&gt;frame-ancestors&lt;/code&gt; directive, but should still be used for now.</a>" <span class="attribute-name">data-original-title</span>="<a class="attribute-value">X-Frame-Options</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">span</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  82. <span id="line80"></span> </span><span>&lt;/<span class="end-tag">tr</span>&gt;</span><span>
  83. <span id="line81"></span> </span><span>&lt;<span class="start-tag">tr</span>&gt;</span><span>
  84. <span id="line82"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">a</span> <span class="attribute-name">href</span>="<a class="attribute-value" href="view-source:https://infosec.mozilla.org/guidelines/web_security#x-xss-protection">https://infosec.mozilla.org/guidelines/web_security#x-xss-protection</a>"&gt;</span><span>X-XSS-Protection</span><span>&lt;/<span class="end-tag">a</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  85. <span id="line83"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-remove</a>" <span class="attribute-name">id</span>="<a class="attribute-value">tests-x-xss-protection-pass</a>" <span class="attribute-name">aria-hidden</span>="<a class="attribute-value">true</a>" <span class="attribute-name">aria-label</span>="<a class="attribute-value">Fail</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  86. <span id="line84"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-x-xss-protection-score</a>"&gt;</span><span>-10</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  87. <span id="line85"></span> </span><span>&lt;<span class="start-tag">td</span> <span class="attribute-name">id</span>="<a class="attribute-value">tests-x-xss-protection-score-description</a>"&gt;</span><span>X-XSS-Protection header not implemented</span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  88. <span id="line86"></span> </span><span>&lt;<span class="start-tag">td</span>&gt;</span><span></span><span>&lt;<span class="start-tag">span</span> <span class="attribute-name">class</span>="<a class="attribute-value">glyphicon glyphicon-info-sign</a>" <span class="attribute-name">data-toggle</span>="<a class="attribute-value">popover</a>" <span class="attribute-name">title</span>="<a class="attribute-value"></a>" <span class="attribute-name">data-content</span>="<a class="attribute-value">X-XSS-Protection protects against reflected cross-site scripting (XSS) attacks in IE and Chrome, but has been superseded by Content Security Policy. It can still be used to protect users of older web browsers.</a>" <span class="attribute-name">data-original-title</span>="<a class="attribute-value">X-XSS-Protection</a>"&gt;</span><span></span><span>&lt;/<span class="end-tag">span</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">td</span>&gt;</span><span>
  89. <span id="line87"></span> </span><span>&lt;/<span class="end-tag">tr</span>&gt;</span><span>
  90. <span id="line88"></span> </span><span>&lt;/<span class="end-tag">tbody</span>&gt;</span><span></span><span>&lt;/<span class="end-tag">table</span>&gt;</span><span>
  91. <span id="line89"></span> </span><span>&lt;/<span class="end-tag">div</span>&gt;</span><span></span></pre><menu type="context" id="actions"><menuitem id="goToLine" label="Aller à la ligne…" accesskey="l"></menuitem><menuitem id="wrapLongLines" label="Retour à la ligne automatique" type="checkbox"></menuitem><menuitem id="highlightSyntax" label="Coloration syntaxique" type="checkbox" checked="true"></menuitem></menu></body></html>