cmma.fr

.fr crawl

First seen 2026-04-15 · Last seen 2026-05-08 · ok HTTP/1.1 200 859 ms crawled 2026-05-08

FR · 212.129.15.253 · AS12876 Scaleway SAS

Reputation 94/100 dmarc monitor-only

sector finance type homepage

HTML metadata

Title: CMMA Assurance - champenoise depuis 1774
Description: Assurance pour particuliers, professionnels, collectivités et agriculteurs viticulteurs. Devis habitation, auto, santé,... en ligne et espace sociétaire dédié
Language: fr

Open Graph

url: https://www.cmma.fr/
title: CMMA Assurance - champenoise depuis 1774
description: Assurance pour particuliers, professionnels, collectivités et agriculteurs viticulteurs. Devis habitation, auto, santé,... en ligne et espace sociétaire dédié
updated time: 2026-03-20 15:57:54

Technology

Server: Apache
CMS: Joomla

Social

Contact

Address: 3 cours d'Ormesson CS 70216, 51010, Châlons-en-Champagne, Grand Est, FR

Registration

Registrar

NEFTIS

Created

1999-11-30

Expires

2027-05-07 352 days left

Updated

2026-05-07

Name servers

dns1.neftis.com
dns2.neftis.com

DNS records live

NS

dns1.neftis.com
dns2.neftis.com

MX

10 stic-fr-1.fortimailcloud.com
10 stic-fr-2.fortimailcloud.com

TXT

_tu9rq4prtd30f7xm7265xut6saqf0e5
asn-verification=e82d591abaf35233f592b972b733993167f165b78a9776a03f1b5f145a68538d
MS=ms49196544

Email authentication partial

SPF

v=spf1 mx include:spf.flexit.fr ip4:86.66.1.0/27 ip4:212.129.15.253 ip4:86.66.1.1 include:spf.mailjet.com include:mx.ovh.com include:_spf.fortimailcloud.com -all

strict (-all)

DMARC

v=DMARC1; p=none; rua=mailto:postmaster@cmma.fr; adkim=r; aspf=r

policy: none (monitoring only)

DKIM

default: k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEkWbfyekFkgqMW/dVIlmFG482hbGPBt1Bpkp02ak0yMPrv0RC67Z1CkbA8cINr92ODwwsg/NNvIdIx+1k0GQbO…

selectors probed

Certificate (current)

RapidSSL TLS RSA CA G1

from 2025-09-10 to 2026-10-12

Expires in 145 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.cmma.fr/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(), microphone=(), camera=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; font-src 'self' data: *.gstatic.com *.googleapis.com *.monetico-services.com unpkg.com *.yousign.com *.yousign.app *.googletagmanager.com googleads.g.doubleclick.net *.mathtag.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.fr *.analytics.google.com https://*.youtube.com *.flexit.fr *.facebook.net *.facebook.com *.monetico-services.com *.marches-publics.info *.yousign.com *.yousign.app unpkg.com *.googletagmanager.com googleads.g.doubleclick.net *.mathtag.com *.youtube.com; img-src 'self' data: https://*.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.fr *.analytics.google.com *.ytimg.com *.flexit.fr *.facebook.net *.facebook.com *.monetico-services.com *.marches-publics.info *.yousign.com *.yousign.app unpkg.com *.googletagmanager.com googleads.g.doubleclick.net *.mathtag.com *.youtube.com *.xx.fbc
strict-transport-security: max-age=15552001; includeSubDomains;

Links to (6)

Linked from (1)

foireenscene.fr×2