diff --git a/README.md b/README.md
index 7f8760d..6118782 100755
--- a/README.md
+++ b/README.md
@@ -41,6 +41,7 @@ If you have any trouble with Ghost you should have a look to the documentation :
 chmod +x ./launch
 ./launch
 ```
+Note: if Gunicorn fail you should launch the "server.py" instead
 3 - Edit the server configuration in popup.js and background.js with your server's informations
 ```
 var config_server = "http://127.0.0.1:8000";
@@ -51,4 +52,8 @@ You can try the Error SQL, Blind SQL, LFI with Damn Vulnerable Web App
 ## Thanks
 - Polyglot vector for SQL injections [The Ultimate SQL Injection Payload](https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/)
 - Polyglot vector for XSS injection 1 [One vector to rule them all](http://www.thespanner.co.uk/2010/09/15/one-vector-to-rule-them-all/)
-- Polyglot vector for XSS injection 2 [Unleashing an Ultimate XSS Polyglot](https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot)
\ No newline at end of file
+- Polyglot vector for XSS injection 2 [Unleashing an Ultimate XSS Polyglot](https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot)
+
+# TODO
+- Verify=False in requests..
+- OpenURL redirect ?
\ No newline at end of file
diff --git a/Server/launch.sh b/Server/launch.sh
index 3e96981..78063c2 100755
--- a/Server/launch.sh
+++ b/Server/launch.sh
@@ -1 +1 @@
-gunicorn --workers=3 server:app --timeout 90
+gunicorn --workers=3 server:app --timeout 360
diff --git a/Server/scans.py b/Server/scans.py
index d96b7cd..6c77e1e 100644
--- a/Server/scans.py
+++ b/Server/scans.py
@@ -12,7 +12,6 @@ Parameters: vulns - list of vulnerabilities, url - address of the target, fuzz -
 """
 def scan_xss(method, vulns, url, fuzz, cookie, useragent, firefox, data):
 	payload = 'jaVasCript:alert(1)//" name=alert(1) onErrOr=eval(name) src=1 autofocus oNfoCus=eval(name)><marquee><img src=x onerror=alert(1)></marquee>" ></textarea\></|\><details/open/ontoggle=prompt`1` ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>\'-->" ></script><sCrIpt>confirm(1)</scRipt>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>\'"><!--'
-	print repr(fuzz),"fuzz"
 	try:	
 		with firefox.start() as session:
 
@@ -36,15 +35,15 @@ def scan_xss(method, vulns, url, fuzz, cookie, useragent, firefox, data):
 
 			# Detect XSS result with an alert
 			if result == '1':
-				print "\t\t\033[93mXSS Detected \033[0m for ", fuzz, " with the payload :", payload
+				print "\t\t\033[93mXSS Detected\033[0m for ", fuzz, " with the payload :", payload
 				vulns['xss']  += 1
 				vulns['list'] += 'XSS|TYPE|'+inject+'|DELIMITER|'
 			else:
 				print "\t\t\033[94mXSS Failed \033[0m for ", fuzz, " with the payload :", payload
 
 	except Exception, e:
-		if "alert" in str(e):
-			print "\t\t\033[93mXSS Detected \033[0m for ", fuzz, " with the payload :", payload
+		if "confirm" in str(e) : #or "alert" in str(e):
+			print "\t\t\033[93mXSS Detected (False positive ?)\033[0m for ", fuzz, " with the payload :", payload
 			inject = url + ":" + fuzz + ":" + payload
 			vulns['xss']  += 1
 			vulns['list'] += 'XSS|TYPE|'+inject+'|DELIMITER|'
diff --git a/Server/server.py b/Server/server.py
index ca25ed7..6047a20 100644
--- a/Server/server.py
+++ b/Server/server.py
@@ -103,4 +103,4 @@ def index():
 	return jsonify(vulns)
 
 if __name__ == '__main__':
-	app.run(port=8000, threaded=True, passthrough_errors=False)
\ No newline at end of file
+	app.run(host='0.0.0.0', port=8000, threaded=True, passthrough_errors=False)
\ No newline at end of file