Pulse

monitoring app365.fr

Darija

https://darija.app365.fr
Démarré 09/07/2026 15:00:00Terminé 09/07/2026 15:00:1515838 msStatut : PARTIALTrigger : schedule:cmph3vjhe0000q7za8x3o6j3g

Résumé

{
  "seo": {
    "ok": true,
    "lang": "fr",
    "score": 91,
    "title": "Darija — Apprends la darija algérienne",
    "h1Count": 1,
    "finalUrl": "https://darija.app365.fr/login?next=%2F",
    "imgTotal": 0,
    "robotsOk": true,
    "canonical": null,
    "sitemapOk": false,
    "ogComplete": false,
    "jsonLdCount": 0,
    "titleLength": 38,
    "imgWithoutAlt": 0,
    "descriptionLength": 141
  },
  "tls": {
    "ok": true,
    "host": "darija.app365.fr",
    "cipher": "TLS_AES_128_GCM_SHA256",
    "issuer": "E7",
    "subject": "darija.app365.fr",
    "validTo": "2026-08-13T18:53:59.000Z",
    "protocol": "TLSv1.3",
    "daysToExpiry": 35
  },
  "deps": {
    "ok": true,
    "detected": [
      "1.1 Caddy",
      "Next.js"
    ],
    "versionedCount": 1
  },
  "ports": {
    "ok": true,
    "host": "darija.app365.fr",
    "scanned": 30,
    "services": {
      "22": "ssh OpenSSH 9.2p1 Debian 2+deb12u10 (protocol 2.0)",
      "80": "http Caddy httpd",
      "443": "ssl/http Caddy httpd"
    },
    "openPorts": [
      22,
      80,
      443
    ]
  },
  "uptime": {
    "ok": true,
    "method": "HEAD",
    "finalUrl": "https://darija.app365.fr/login?next=%2F",
    "httpStatus": 200,
    "redirected": true,
    "responseTimeMs": 87
  },
  "headers": {
    "ok": true,
    "score": 94,
    "server": null,
    "headers": {
      "Referrer-Policy": "strict-origin-when-cross-origin",
      "X-Frame-Options": "DENY",
      "Permissions-Policy": "geolocation=(), microphone=(), camera=()",
      "X-Content-Type-Options": "nosniff",
      "Content-Security-Policy": "default-src 'self'; script-src 'self' 'unsafe-inline' analytics.app365.fr; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' analytics.app365.fr; worker-src 'self'; manifest-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; object-src 'none'",
      "Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload"
    },
    "httpStatus": 200
  }
}

Findings (8)

UPTIME
  • INFORedirection vers https://darija.app365.fr/login?next=%2FUPTIME_REDIRECT

    https://darija.app365.fr → https://darija.app365.fr/login?next=%2F

    evidence
    {
      "to": "https://darija.app365.fr/login?next=%2F",
      "from": "https://darija.app365.fr"
    }
HEADERS
  • LOWCSP présent mais avec unsafe-inline/unsafe-evalSEC_HEADER_CSP

    Affaiblit la protection XSS. Privilégier nonces/hashes.

    evidence
    {
      "value": "default-src 'self'; script-src 'self' 'unsafe-inline' analytics.app365.fr; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' analytics.app365.fr; worker-src 'self'; manifest-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; object-src 'none'",
      "header": "Content-Security-Policy",
      "recommend": "Définir une CSP restrictive"
    }
SEO
  • LOWBalise canonical absenteSEO_NO_CANONICAL
  • LOWOpen Graph incomplet (manquant : og:image)SEO_INCOMPLETE_OG

    Améliore les previews sur réseaux sociaux.

    evidence
    {
      "missing": [
        "og:image"
      ]
    }
  • LOWsitemap.xml absentSEO_NO_SITEMAP

    Pas de sitemap à https://darija.app365.fr/sitemap.xml et aucune référence dans robots.txt.

PORTS
  • HIGHPort 22/ssh ouvert publiquementPORT_OPEN_REMOTE

    Accès à distance exposé. À limiter par firewall ou désactiver si non utilisé.

    evidence
    {
      "port": 22,
      "service": "ssh OpenSSH 9.2p1 Debian 2+deb12u10 (protocol 2.0)",
      "category": "REMOTE"
    }
DEPS
  • LOWVersion divulguée via Via: 1.1 CaddyDEPS_VERSION_DISCLOSURE

    Exposer une version aide les attaquants à cibler les CVE connus. À masquer côté serveur ou reverse-proxy.

    evidence
    {
      "value": "1.1 Caddy",
      "header": "via",
      "detected": "1.1 Caddy"
    }
  • INFONext.js détectéDEPS_FRAMEWORK_HTML

    Signature détectée dans le HTML servi.

    evidence
    {
      "match": "<script src=\"/_next/static/",
      "framework": "Next.js"
    }