indexo.dev

canalplusgroup.com

.com crawl

First seen 2026-04-16 · Last seen 2026-05-16 · ok HTTP/1.1 200 2891 ms crawled 2026-05-11

FR · 152.89.172.56 · AS209510 Nameshield SAS

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Groupe CANAL+
Language
fr
Translations
  • en
  • fr

Open Graph

title
Groupe CANAL+
locale
fr
site name
Groupe CANAL+
locale:alternate
en

Technology

CDN
Azure Front Door
CMS
Next.js
Analytics
  • Plausible

Third-party hosts loaded (3)

  • geo.dailymotion.com×1
  • otp.tools.investis.com×1
  • plausible.io×1

Social

Registration

Registrar
Nameshield SAS
Created
2001-03-21
Expires
2027-03-21 306 days left
Updated
2026-03-19
Name servers
  • nsa.perf1.fr
  • nsb.perf1.com
  • nsc.perf1.com

DNS records live

NS
  • nsa.perf1.fr
  • nsb.perf1.com
  • nsc.perf1.com
MX
  • 20 ns3.artful.net
TXT
  • google-site-verification=h0aaIAYI1SGN4uecR6qSFHrhaJ7JgmLP2BzbTAr-rBk
  • google-site-verification=R5ylaVn1009g0DXAj6eyuAlW7xO6OOgx2Ht4Mlxyex8

Email authentication weak

SPF
not published
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

Encryption Everywhere DV TLS CA - G2
from 2026-04-04 to 2026-10-20
Expires in 154 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.canalplusgroup.com/fr

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin, no-referrer-when-downgrade
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=*, geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), usb=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=()
x-content-type-options
nosniff
content-security-policy
base-uri 'self'; default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://browser-update.org https://browser-update.org https://www.bugherd.com https://sidebar.bugherd.com https://api.dmcdn.net https://geo.dailymotion.com https://static1.dmcdn.net https://otp.tools.investis.com/ https://sdk.companywebcast.com https://plausible.io; img-src * data:; media-src 'self'; font-src 'self' data:; connect-src * data:; worker-src 'none'; frame-src https://www.dailymotion.com https://geo.dailymotion.com https://sidebar.bugherd.com irs.tools.investis.com otp.tools.investis.com https://sdk.companywebcast.com/; form-action 'none'; manifest-src 'self';
strict-transport-security
max-age=31536000; includeSubDomains

Links to (10)

Linked from (2)