indexo.dev

kilti.org

.org crawl

First seen 2026-04-16 · Last seen 2026-05-16 · ok HTTP/1.1 200 1620 ms crawled 2026-05-11

FR · 109.234.161.188 · AS50474 O2switch SAS

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title
Accueil | Kilti, votre panier culturel
Description
Kilti vous propose de découvrir les artistes et les salles qui vous entourent grâce à ses paniers culturels !
Language
fr-FR
Generator
WordPress 6.5.2
Canonical
https://kilti.org/
Feeds

Open Graph

url
https://kilti.org/
title
Accueil | Kilti, votre panier culturel
locale
fr_FR
site name
Kilti, votre panier culturel
description
Kilti vous propose de découvrir les artistes et les salles qui vous entourent grâce à ses paniers culturels !

Technology

Server
o2switch-PowerBoost-v3
CMS
WordPress
Analytics
  • Google Tag Manager
Fonts
  • Google Fonts

Third-party hosts loaded (3)

  • fonts.googleapis.com×3
  • gmpg.org×1
  • www.googletagmanager.com×1

Social

Contact

Address
st depuis 2015

Registration

Registrar
OVH sas
Created
2015-07-08
Expires
2026-07-08 49 days left
Updated
2025-08-22
Name servers
  • dns14.ovh.net
  • ns14.ovh.net

DNS records live

NS
  • dns14.ovh.net
  • ns14.ovh.net
MX
  • 1 mx1.ovh.net
  • 100 mxb.ovh.net
  • 5 mx2.ovh.net
TXT
  • 1|www.kilti.org

Email authentication partial

SPF
v=spf1 include:mx.ovh.com ~all
softfail (~all)
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
  • k2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2aC2KjGKLOwTweBY5A9RpjsxaBXR9r7OAU6U8/zn92ivImI75naUujWbItRI/QmL1jy5PWGqLwoUA…
selectors probed

Certificate (current)

R12
from 2026-04-01 to 2026-06-30
Expires in 41 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://kilti.org/

present
  • content-security-policy
findings
  • missing HSTS
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/; img-src 'self' data: https://www.paypalobjects.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/;

Links to (9)

Linked from (2)