indexo.dev

don-oeuvresocialepompiersparis.fr

.fr crawl

First seen 2026-04-13 · Last seen 2026-05-20 · ok HTTP/1.1 200 623 ms crawled 2026-05-06

FR · 109.234.165.162 · AS50474 O2switch SAS

Reputation 97/100 dmarc monitor-only

Classifying

HTML metadata

Title
ADOSSPP - Association pour le développement des œuvres sociales des sapeurs-pompiers de Paris
Language
en

Technology

Server
o2switch-PowerBoost-v3
Analytics
  • Google Tag Manager

Third-party hosts loaded (2)

  • www.googletagmanager.com×1
  • www.termsfeed.com×1

Social

Registration

Registrar
SCALEWAY
Created
2023-05-29
Expires
2026-05-29 8 days left
Updated
2026-05-06
Name servers
  • ns1.o2switch.net
  • ns2.o2switch.net

DNS records live

NS
  • ns1.o2switch.net
  • ns2.o2switch.net
MX
  • 0 mail.don-oeuvresocialepompiersparis.fr

Email authentication strong

SPF
v=spf1 ip4:109.234.165.162 +a +mx +include:spf.jabatus.fr ~all
softfail (~all)
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
  • default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vC625a9Cz2hjLSVhR6MQYGdgHWu8wiPlnf5TCPggYAJ/tnFCS+vmbEjBKxWU7TdhCLtjvXJIvJOcj…
selectors probed

Certificate (current)

R13
from 2026-05-01 to 2026-07-30
Expires in 70 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://don-oeuvresocialepompiersparis.fr/

present
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
Header values
referrer-policy
no-referrer
x-frame-options
sameorigin
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=*, encrypted-media=(self), execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=*, publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=*, usb=(self), web-share=(self), xr-spatial-tracking=(self)
x-content-type-options
nosniff
content-security-policy
base-uri 'self';connect-src 'self' region1.google-analytics.com;default-src 'self' 'unsafe-inline';form-action 'self';img-src 'self' data: www.googletagmanager.com;media-src 'self';object-src 'none';script-src 'self' www.googletagmanager.com www.termsfeed.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;frame-src www.google.com www.youtube.com player.vimeo.com timetonic.com
cross-origin-opener-policy
unsafe-none
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin

Links to (6)

Linked from (1)