Domain dev.explore-education-statistics.service.gov.uk
The Netherlands
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 104.40.191.174
Domain: content.dev.explore-education-statistics.service.gov.uk
Port: 443
URL: https://content.dev.explore-education-statistics.service.gov.ukFirst seen 2025-11-28 17:37
Last seen 2026-02-16 00:24
Open for 79 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60379a9dd97d082611a783f9ced69a0bda94ce39ccPublic Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: GET /api/data-set-files GET /api/data-set-files/sitemap-items GET /api/data-set-files/{dataSetFileId} GET /api/data-set-files/{dataSetFileId}/download GET /api/education-in-numbers GET /api/education-in-numbers/nav GET /api/education-in-numbers/pages/{slug} GET /api/education-in-numbers/sitemap-items GET /api/glossary-entries GET /api/glossary-entries/{slug} GET /api/methodologies/sitemap-items GET /api/methodologies/{methodologyVersionId}/images/{fileId} GET /api/methodologies/{slug} GET /api/methodology-themes GET /api/publication-tree GET /api/publicationInfos GET /api/publications/sitemap-items GET /api/publications/{publicationId}/summary GET /api/publications/{publicationSlug} GET /api/publications/{publicationSlug}/methodologies GET /api/publications/{publicationSlug}/release-entries GET /api/publications/{publicationSlug}/releases GET /api/publications/{publicationSlug}/releases/latest GET /api/publications/{publicationSlug}/releases/latest/data-guidance GET /api/publications/{publicationSlug}/releases/latest/prerelease-access-list GET /api/publications/{publicationSlug}/releases/latest/searchable GET /api/publications/{publicationSlug}/releases/latest/summary GET /api/publications/{publicationSlug}/releases/{releaseSlug} GET /api/publications/{publicationSlug}/releases/{releaseSlug}/content GET /api/publications/{publicationSlug}/releases/{releaseSlug}/data-content GET /api/publications/{publicationSlug}/releases/{releaseSlug}/data-guidance GET /api/publications/{publicationSlug}/releases/{releaseSlug}/prerelease-access-list GET /api/publications/{publicationSlug}/releases/{releaseSlug}/related-information GET /api/publications/{publicationSlug}/releases/{releaseSlug}/summary GET /api/publications/{publicationSlug}/releases/{releaseSlug}/updates GET /api/publications/{publicationSlug}/releases/{releaseSlug}/version-summary GET /api/publications/{publicationSlug}/title GET /api/redirects GET /api/releases/{releaseVersionId}/files GET /api/releases/{releaseVersionId}/files/{fileId} GET /api/releases/{releaseVersionId}/images/{fileId} GET /api/themes POST /api/feedback/page POST /api/release-files PUT /api/feedback/release-publishingFound on 2026-02-16 00:24 -
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60379a9dd97d082611a783f9ced69a0bda87072a12Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: GET /api/data-set-files GET /api/data-set-files/sitemap-items GET /api/data-set-files/{dataSetFileId} GET /api/data-set-files/{dataSetFileId}/download GET /api/education-in-numbers GET /api/education-in-numbers/nav GET /api/education-in-numbers/pages/{slug} GET /api/education-in-numbers/sitemap-items GET /api/glossary-entries GET /api/glossary-entries/{slug} GET /api/methodologies/sitemap-items GET /api/methodologies/{methodologyVersionId}/images/{fileId} GET /api/methodologies/{slug} GET /api/methodology-themes GET /api/publication-tree GET /api/publicationInfos GET /api/publications/sitemap-items GET /api/publications/{publicationId}/summary GET /api/publications/{publicationSlug} GET /api/publications/{publicationSlug}/methodologies GET /api/publications/{publicationSlug}/release-entries GET /api/publications/{publicationSlug}/releases GET /api/publications/{publicationSlug}/releases/latest GET /api/publications/{publicationSlug}/releases/latest/data-guidance GET /api/publications/{publicationSlug}/releases/latest/prerelease-access-list GET /api/publications/{publicationSlug}/releases/latest/searchable GET /api/publications/{publicationSlug}/releases/latest/summary GET /api/publications/{publicationSlug}/releases/{releaseSlug} GET /api/publications/{publicationSlug}/releases/{releaseSlug}/content GET /api/publications/{publicationSlug}/releases/{releaseSlug}/data-content GET /api/publications/{publicationSlug}/releases/{releaseSlug}/data-guidance GET /api/publications/{publicationSlug}/releases/{releaseSlug}/prerelease-access-list GET /api/publications/{publicationSlug}/releases/{releaseSlug}/related-information GET /api/publications/{publicationSlug}/releases/{releaseSlug}/summary GET /api/publications/{publicationSlug}/releases/{releaseSlug}/updates GET /api/publications/{publicationSlug}/releases/{releaseSlug}/version-summary GET /api/publications/{slug}/title GET /api/redirects GET /api/releases/{releaseVersionId}/files GET /api/releases/{releaseVersionId}/files/{fileId} GET /api/releases/{releaseVersionId}/images/{fileId} GET /api/themes POST /api/feedback/page POST /api/release-files PUT /api/feedback/release-publishingFound on 2025-11-30 22:50
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 104.40.191.174
Domain: data.dev.explore-education-statistics.service.gov.uk
Port: 443
URL: https://data.dev.explore-education-statistics.service.gov.ukFirst seen 2025-11-14 03:33
Last seen 2026-02-16 01:32
Open for 93 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60f81ae218a6f3a7b0afae09e41388eaf39239d4dfPublic Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: GET /api/meta/subject/{subjectId} GET /api/permalink/{permalinkId} GET /api/publications/{publicationId}/featured-tables GET /api/publications/{publicationId}/subjects GET /api/release/{releaseVersionId}/meta/subject/{subjectId} GET /api/releases/{releaseVersionId}/featured-tables GET /api/releases/{releaseVersionId}/subjects GET /api/tablebuilder/fast-track/{dataBlockParentId} GET /api/tablebuilder/release/{releaseVersionId}/data-block/{dataBlockParentId} GET /api/tablebuilder/release/{releaseVersionId}/data-block/{dataBlockParentId}/geojson POST /api/meta/subject POST /api/permalink POST /api/permalink/analytics POST /api/release/{releaseVersionId}/meta/subject POST /api/tablebuilder POST /api/tablebuilder/analytics POST /api/tablebuilder/release/{releaseVersionId}Found on 2026-02-16 01:32
-
-
Open service 20.105.232.44:80 · dev.explore-education-statistics.service.gov.uk
2026-01-28 15:37
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Wed, 28 Jan 2026 15:37:19 GMT Location: https://dev.explore-education-statistics.service.gov.uk/
Found 2026-01-28 by HttpPluginCreate report
-
Open service 104.40.191.174:443 · content.dev.explore-education-statistics.service.gov.uk
2026-01-22 22:49
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Thu, 22 Jan 2026 22:49:55 GMT Location: /docs Strict-Transport-Security: max-age=31536000; includeSubDomains Request-Context: appId=cid-v1:b6707abc-fa27-4f0d-859b-857805a0e8ee
Found 2026-01-22 by HttpPluginCreate report
-
Open service 20.105.232.44:443 · dev.explore-education-statistics.service.gov.uk
2026-01-05 11:05
HTTP/1.1 401 Unauthorized Content-Length: 0 Connection: close Content-Type: text/html; charset=utf-8 Date: Mon, 05 Jan 2026 11:05:45 GMT ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk" WWW-Authenticate: Basic Strict-Transport-Security: max-age=15552000; includeSubDomains x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000 request-context: appId=cid-v1: Content-Security-Policy: default-src 'self';script-src 'self' https://*.googletagmanager.com https://*.google-analytics.com/ https://*.analytics.google.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' https://content.dev.explore-education-statistics.service.gov.uk data: https://*.googletagmanager.com https://*.google-analytics.com/ https://*.analytics.google.com;font-src 'self';connect-src 'self' https://content.dev.explore-education-statistics.service.gov.uk/api/ https://data.dev.explore-education-statistics.service.gov.uk/api/ https://s101d01-fa-ees-notify.azurewebsites.net/api/ https://pp-api.education.gov.uk/statistics-dev/ https://s101d01-ees-srch.search.windows.net https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://dc.services.visualstudio.com/v2/track https://dev.explore-education-statistics.service.gov.uk/api/;frame-src 'self' https://department-for-education.shinyapps.io/ https://dfe-analytical-services.github.io/;frame-ancestors 'self';child-src 'self' X-DNS-Prefetch-Control: off Expect-CT: max-age=0 X-Frame-Options: SAMEORIGIN X-Download-Options: noopen X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: no-referrer-when-downgrade X-XSS-Protection: 0
Found 2026-01-05 by HttpPluginCreate report
-
Open service 20.105.232.44:80 · dev.explore-education-statistics.service.gov.uk
2026-01-05 11:05
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Mon, 05 Jan 2026 11:05:46 GMT Location: https://dev.explore-education-statistics.service.gov.uk/
Found 2026-01-05 by HttpPluginCreate report