synacktiv.com

.com crawl

First seen 2026-04-12 · Last seen 2026-05-07 · ok HTTP/1.1 200 5578 ms crawled 2026-05-05

FR · 163.172.4.236 · AS12876 Scaleway SAS

Reputation 95/100 weak security headers

Classifying

HTML metadata

Title

Pentest, Reverse, Développement

Description

Synacktiv - IT Security expertise - Penetration tests, Security audits, Code review, Training, Consulting, Vulnerability research

Language

Canonical

https://synacktiv.com/index

Feeds

Last Blog Article RSS

Open Graph

url: https://synacktiv.com/index
title: Pentest, Reverse, Développement
image:url: https://www.synacktiv.com/sites/default/files/2023-04/logo_metadata.png
site name: Synacktiv
description: Synacktiv - IT Security expertise - Penetration tests, Security audits, Code review, Training, Consulting, Vulnerability research

Technology

Server: nginx
CMS: Drupal

Social

Contact

Email

Phone

Address

boulevard Montmartre75002

Registration

Registrar

Gandi SAS

Created

2012-03-18

Expires

2029-03-18 1034 days left

Updated

2025-11-03

Name servers

a.dns.gandi.net
b.dns.gandi.net
c.dns.gandi.net

DNS records live

NS

a.dns.gandi.net
b.dns.gandi.net
c.dns.gandi.net

MX

Show 7 MX records

1 aspmx.l.google.com
3 alt1.aspmx.l.google.com
3 alt2.aspmx.l.google.com
5 aspmx2.googlemail.com
5 aspmx3.googlemail.com
5 aspmx4.googlemail.com
5 aspmx5.googlemail.com

TXT

v=spf1 include:_spf.google.com -all
google-site-verification=19DyGNtuBicNWIwBz5vYIYvs3bsYnpAN3VtZ4M8iXm4

Certificate (current)

GandiCert

from 2025-07-10 to 2026-08-11

Expires in 84 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.synacktiv.com/

present

content-security-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: default-src 'self';connect-src 'self' www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect;font-src 'self' data:;frame-src 'self' https://static.addtoany.com/ www.googletagmanager.com;img-src 'self' www.google-analytics.com https://www.google.fr/ads/ga-audiences https://www.google.com/ads/ga-audiences www.googletagmanager.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net/r/ https://stats.g.doubleclick.net/r/collect data: https://*.tile.openstreetmap.fr/osmfr/;script-src 'self' 'unsafe-inline' https://static.addtoany.com/ google-analytics.com https://ssl.google-analytics.com www.google-analytics.com tagmanager.google.com googletagmanager.com www.googletagmanager.com stats.g.doubleclick.net;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com;

Links to (3)

Linked from (2)

wootconference.org×2
moulinier.dev×1