indexo.dev

boutique-ligue-cancer.fr

.fr crawl

First seen 2026-04-11 · Last seen 2026-05-19 · ok HTTP/1.1 200 809 ms crawled 2026-05-19

FR · 57.128.8.153 · AS16276 OVH SAS

Reputation 87/100 weak security headers no dmarc policy

Classifying

HTML metadata

Title
Boutique officielle Ligue contre le cancer
Language
fr
Canonical
https://boutique-ligue-cancer.fr/

Open Graph

url
https://boutique-ligue-cancer.fr/
title
Boutique officielle Ligue contre le cancer
site name
Boutique officielle Ligue contre le cancer

Technology

Server
Apache
Fonts
  • Google Fonts
Social widgets
  • YouTube Embed

Third-party hosts loaded (3)

  • dev-ligue-cancer.synneo.shop×2
  • fonts.googleapis.com×1
  • www.youtube.com×1

Social

Contact

Address
st une association loi 1901

Registration

Registrar
OVH
Created
2026-01-27
Expires
2028-01-27 616 days left
Updated
2026-02-01
Name servers
  • dns110.ovh.net
  • ns110.ovh.net

DNS records live

NS
  • dns110.ovh.net
  • ns110.ovh.net
MX
  • 1 mx1.mail.ovh.net
  • 100 mx3.mail.ovh.net
  • 5 mx2.mail.ovh.net
TXT
  • 1|www.boutique-ligue-cancer.fr

Email authentication weak

SPF
v=spf1 include:mx.ovh.com -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

R12
from 2026-05-11 to 2026-08-09
Expires in 80 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://boutique-ligue-cancer.fr/

present
  • content-security-policy
  • referrer-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Permissions Policy
Header values
referrer-policy
strict-origin-when-cross-origin
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://apis.google.com https://accounts.google.com https://api.mapbox.com https://ws.colissimo.fr; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://api.mapbox.com; img-src 'self' data: blob: https:; font-src 'self' data: https://fonts.gstatic.com https://stackpath.bootstrapcdn.com; connect-src 'self' https://www.google-analytics.com https://accounts.google.com https://api.segment.io https://cdn.segment.com https://*.sentry.io https://*.mapbox.com https://ws.colissimo.fr; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://accounts.google.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self';

Links to (8)

Linked from (1)