arpege.paris

HTML metadata

Title: Arpège Paris
Description: Arpège Paris, Maison Créative d'Instants à savourer qui, forte de 30 années d'innovation dans le secteur de la restauration et des services, apporte des expériences uniques à ses clients.
Language: fr
Generator: Drupal 10 (https://www.drupal.org)
Canonical: https://arpege.paris/

Technology

Server: Apache
CMS: Drupal

Analytics

Google Tag Manager

Third-party hosts loaded (3)

cdn.jsdelivr.net×1
www.googletagmanager.com×1
www.youtube.com×1

Social

Registration

Registrar

NAMESHIELD

Created

2022-07-28

Expires

2027-07-28 434 days left

Updated

2025-12-20

Name servers

nsa.perf1.fr
nsb.perf1.com
nsc.perf1.com

DNS records live

NS

nsa.perf1.fr
nsb.perf1.com
nsc.perf1.com

MX

10 de-smtp-inbound-1.mimecast.com
10 de-smtp-inbound-2.mimecast.com

TXT

google-site-verification=cXw-OceglVqhdyk0DOyeKZS8jjnWjw_KQJ8eed6diNg

Email authentication partial

SPF: v=spf1 ip4:195.25.81.52 include:de._netblocks.mimecast.com -all
strict (-all)
DMARC: v=DMARC1; p=none; rua=mailto:72cc5883011b446@rep.dmarcanalyzer.com; ruf=mailto:72cc5883011b446@for.dmarcanalyzer.com; fo=1;
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

R13

from 2026-04-03 to 2026-07-02

Expires in 43 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://arpege.paris/

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
weak content type protection

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(self), microphone=(), camera=(), payment=()
x-content-type-options: nosniff, nosniff
content-security-policy: object-src 'none'; script-src 'self' 'report-sample' 'unsafe-eval' https://www.googletagmanager.com https://www.gstatic.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com https://www.youtube.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://kit.fontawesome.com https://unpkg.com https://connect.facebook.net https://www.youtube.com https://js-eu1.hsforms.net https://js-eu1.hs-scripts.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.google.com; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'report-sample' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fon
strict-transport-security: max-age=63072000; preload;
content-security-policy-report-only: object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.gstatic.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com https://www.youtube.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://kit.fontawesome.com https://unpkg.com https://connect.facebook.net https://www.youtube.com https://js-eu1.hsforms.net https://js-eu1.hs-scripts.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.google.com; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'report-sample' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inl