hecla.fr

.fr crawl

First seen 2026-05-16 · Last seen 2026-05-20 · ok HTTP/1.1 200 4706 ms crawled 2026-05-20

US · 216.150.1.1 · AS16509 Amazon.com, Inc.

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title: HECLA & EFLA Engineers – Ingénierie énergie renouvelable - Efla Engineers
Description: HECLA conçoit des solutions d’ingénierie innovantes pour les réseaux haute tension, garantissant des systèmes énergétiques fiables, durables et performants.
Language: fr
Canonical: https://www.hecla.fr

Open Graph

url: https://www.hecla.fr
title: HECLA & EFLA Engineers – Ingénierie énergie renouvelable
locale: fr
site name: EFLA Engineers
description: HECLA conçoit des solutions d’ingénierie innovantes pour les réseaux haute tension, garantissant des systèmes énergétiques fiables, durables et performants.

Technology

CDN: Vercel
CMS: Next.js
JS framework: Next.js

Social

Registration

Registrar

SCALEWAY

Created

2001-05-22

Expires

2026-07-22 62 days left

Updated

2026-05-06

Name servers

ns1.o2switch.net
ns2.o2switch.net

DNS records live

NS

ns1.o2switch.net
ns2.o2switch.net

MX

0 hecla-fr.mail.protection.outlook.com

Verified for

Atlassian
Microsoft 365

Email authentication weak

SPF

v=spf1 include:spf.protection.outlook.com +a +mx +ip4:109.234.161.185 +include:spf.jabatus.fr ~all

softfail (~all)

DMARC

not published

DKIM

default: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPyTTKMHx0bjdg572JmowHDouiEF94PuzTgrjNblvnWo1VGvtpp7a80NJbYNkNUGk97vsG/wxVLs4K…

selectors probed

Certificate (current)

R13

from 2026-05-08 to 2026-08-06

Expires in 77 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.hecla.fr/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: DENY
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com cdn.cookiehub.eu *.cookiehub.net *.cookiehub.com plausible.io *.google.com *.gstatic.com *.payloadcms.app *.clickdimensions.com *.trackingb2b.com ; img-src 'self' data: blob: i.vimeocdn.com efla-payload.payloadcms.app *.google.is *.google.com efla.payload.is ; style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com cookiehub.net static.cookiehub.com p.typekit.net dash.cookiehub.com cdn.cookiehub.eu; font-src 'self' fonts.gstatic.com use.typekit.net; frame-src www.youtube-nocookie.com player.vimeo.com *.google.com *.nira.app *.sketchfab.com sketchfab.com e.infogram.com; media-src 'self'; connect-src 'self' ws: wss: vimeo.com plausible.io *.google-analytics.com *.analytics.google.com *.doubleclick.net *.googletagmanager.com *.cookiehub.com ds.cookiehub.net cookiehub.net *.botpoison.com *.payloadcms.app *.clickdimensions.c
strict-transport-security: max-age=63072000; includeSubDomains; preload

Links to (4)

Linked from (1)

efla-engineers.com×1