indexo.dev

marchespublics596280.fr

.fr crawl

First seen 2026-04-15 · Last seen 2026-05-20 · ok HTTP/1.1 200 673 ms crawled 2026-05-11

FR · 54.36.157.203 · AS16276 OVH SAS

Reputation 92/100 no dmarc policy

Classifying

HTML metadata

Title
Portail des marchés publics
Description
entreprise
Language
fr

Technology

Server
WebServer

Registration

Registrar
OVH
Created
2017-02-08
Expires
2026-06-29 39 days left
Updated
2025-07-31
Name servers
  • dns106.ovh.net
  • ns106.ovh.net

DNS records live

NS
  • dns106.ovh.net
  • ns106.ovh.net
MX
  • 20 mx01.cloud.vadesecure.com
  • 30 mx02.cloud.vadesecure.com
  • 40 mx03.cloud.vadesecure.com
  • 50 mx04.cloud.vadesecure.com
TXT
  • 1|www.marchespublics596280.fr
  • QuoVadis=b369f802-fa94-4182-bf7f-7307cd0b4d2c

Email authentication weak

SPF
v=spf1 include:spf.local-trust.com include:spf.smtpsec.sommenumerique.fr -all
strict (-all)
DMARC
not published
DKIM
no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA OV R36
from 2025-12-16 to 2026-12-17
Expires in 210 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://marchespublics596280.fr/entreprise

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(self), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(self), web-share=(), xr-spatial-tracking=()
x-content-type-options
nosniff
content-security-policy
default-src 'self' *.local-trust.com *.local-trust.net; script-src 'self' *.local-trust.com *.local-trust.net *.matomo.cloud 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com ; script-src-elem 'self' *.local-trust.com *.local-trust.net 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com; script-src-attr 'self' *.local-trust.com *.local-trust.net 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com *.matomo.cloud; style-src 'self' *.local-trust.com *.local-trust.net *.matomo.cloud fonts.googleapis.com 'unsafe-inline'; style-src-elem 'self' *.local-trust.com *.local-trust.net fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' *.local-trust.com *.local-trust.net fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: *.local-trust.com *.local-trust.net ssl.gstatic.com *.google-analytics.com *.xiti.com; font-src 'self' *.local-trust.com *.local-trust.net fonts.gstatic.com data:; connect-src 'self' *.
strict-transport-security
max-age=31536000

Links to (1)

Linked from (6)