Agence de communication digitale à Montpellier | Citron Noir

HTTPS

TARGET_ANALYSIS

citronnoir.com

IP: 0.0.0.0

ASN: AS0

A comprehensive security and network analysis report for citronnoir.com. Server: Apache.

Primary Port: 443
Scan Time: 4/12/2026, 11:53:25 AM
Shareable Report Link: https://sechttp.com/scan/citronnoir.com

Detailed Security Analysis

Attack Path & DDoS Defense Analysis

Attacker

L4 Traffic

L7 Traffic

AS0 (Apache POP)

L4 Defended

L7 Bypassed

L4 Blocked

L7 Traffic

Your Server

Defense Summary

While Apache provides robust protection against Layer 4 (network-level) attacks, your server remains potentially vulnerable to sophisticated Layer 7 (application-level) attacks that can bypass standard CDN defenses. Additional WAF rules and application-side security measures are recommended.

Layer 4 Defense

Apache provides robust SYN flood, UDP amplification, and volumetric attack protection at the network edge.

Layer 7 Vulnerabilities

Application-layer attacks targeting 0 exposed API endpoints require additional WAF rules and rate limiting.

Server Information Disclosure

LOW

INFO-001

Description

The server is disclosing its software type: Apache. This can help attackers identify potential vulnerabilities.

Recommendation

Configure your web server to hide or modify the Server header to prevent information disclosure.

Sensitive Information Exposure in JavaScript

HIGH

JS-001

Description

Found 49 potentially sensitive variables exposed in client-side JavaScript code.

Recommendation

Review and remove sensitive information from client-side code. Use environment variables and server-side processing for sensitive data.

Currently Testing

No fuzzing data available for this scan.

Port Scan Results

   Port Service Status Version 
HTTP  CLOSED   -  
HTTPS  OPEN   TLS 1.3  
SSH  FILTERED   -  
MySQL  CLOSED   -  
  

Port	Service	Status	Version
80	HTTP	CLOSED	-
443	HTTPS	OPEN	TLS 1.3
22	SSH	FILTERED	-
3306	MySQL	CLOSED	-

HTTP Headers Analysis

date: Sun, 12 Apr 2026 11:52:50 GMT 
vary: X-FORWARDED-PROTO,Accept-Encoding 
server: Apache 
expires: Sun, 12 Apr 2026 11:52:50 GMT 
upgrade: h2 
connection: Upgrade 
content-type: text/html; charset=UTF-8 
cache-control: max-age=0 
last-modified: Sun, 12 Apr 2026 10:09:21 GMT 
referrer-policy: strict-origin-when-cross-origin 
x-frame-options: SAMEORIGIN 
transfer-encoding: chunked 
permissions-policy: geolocation=(), microphone=(), camera=() 
x-content-type-options: nosniff 
content-security-policy: default-src 'self' https: data: blob:; img-src 'self' https: data:; font-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 
strict-transport-security: max-age=63072000; includeSubDomains; preload 

Currently Testing

Peering information is being analyzed.

Currently Testing

Internet Exchange data is being collected.

JavaScript Analysis

Security Analysis Alert

Client-side code analysis has identified potential security vulnerabilities and information disclosure risks.

Exposed JavaScript Variables

49 Found

Variables exposed in client-side code that may contain sensitive information

# Security Assessment: Variable Exposure Analysis
 
LEAK
 
key
 stop 

Risk: Information disclosure via client-side exposure
 
LEAK
 
url
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
devel
 true 

Risk: Information disclosure via client-side exposure
 
LEAK
 
Number
 r 

Risk: Information disclosure via client-side exposure
 
LEAK
 
access
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
author
 Jack 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_assign
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
fromURL
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
ownKeys
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
release
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_fromURL
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
addEvent
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
endPoint
 Opacity 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getNewKey
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
keysIndex
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
nodeValue
 n 

Risk: Information disclosure via client-side exposure
 
LEAK
 
wrapInner
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
nearestKey
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
statusCode
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
targetTest
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
originalKey
 e 

Risk: Information disclosure via client-side exposure
 
LEAK
 
mobileStatus
 [XSS working] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_toPropertyKey
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
addEventListener
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_getDecoratorsApi
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
AccessibleMegaMenu
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
boundingClientRect
 targetRect 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_setKeyframeDefaults
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateFieldGet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateFieldSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getBoundingClientRect
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
__classPrivateFieldGet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
__classPrivateFieldSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateMethodGet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateMethodSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_checkPrivateRedeclaration
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateFieldInitSpec
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateFieldLooseKey
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateFieldLooseBase
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateMethodInitSpec
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classStaticPrivateMethodGet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classStaticPrivateMethodSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classCheckPrivateStaticAccess
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classStaticPrivateFieldSpecGet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classStaticPrivateFieldSpecSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
getKeyframedConstructorFunction
 function 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classPrivateFieldDestructureSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classStaticPrivateFieldDestructureSet
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
LEAK
 
_classCheckPrivateStaticFieldDescriptor
 [sechttp] 

Risk: Information disclosure via client-side exposure
 
Total: 49 exposed variables found

API Domain Analysis

13 Domains

External API domains discovered in client-side code

EXTERNAL_API_DOMAIN

api.websitecarbon.com

Reachable

HTTPS Enabled

Security Note: