thermes-saint-gervais.com

HTML metadata

Technology

Cookie consent

• Cookiebot

Fonts

• Google Fonts

Third-party hosts loaded (3)

• fonts.googleapis.com×2
• consent.cookiebot.com×1
• fonts.gstatic.com×1

Social

• facebook
• instagram
• youtube
• linkedin

Registration

Registrar

Nameshield SAS

Created

2004-05-19

Expires

2028-11-10 904 days left

Updated

2025-12-11

Name servers

• ns1-a.nadns1.fr
• ns1-b.nadns1.com
• ns1-c.nadns1.com

DNS records live

NS

• ns1-a.nadns1.fr
• ns1-b.nadns1.com
• ns1-c.nadns1.com

Verified for

• Brevo
• Google

Email authentication no MX

SPF

v=spf1 include:spf.brevo.com -all

strict (-all)

DMARC

v=DMARC1; p=none; rua=mailto:rua@dmarc.brevo.com

policy: none (monitoring only)

DKIM

• s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsigFiuFYRkGk49zq2W4RBZXhMP8EAfKX33m2CNwNZ3gVzYtM0n4CLbHz4dsrHv0caDPgMHYI74p+c6OvbK…
• s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtjTCXH0fHsAhXo6/h12VgCTjWghceByhENqEnA+mwL0XzETSVSlLvYCbcaZFIjVFOHzfkRpkbDlsAHFofrwAnx3…

selectors probed

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://thermes-saint-gervais.com/

present

• strict-transport-security
• content-security-policy
• x-frame-options
• x-content-type-options
• referrer-policy
• permissions-policy
• cross-origin-opener-policy
• cross-origin-resource-policy

findings

• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources

Links to (6)

• aquacert-certification.com×2
• facebook.com×2
• instagram.com×2
• linkedin.com×2
• saint-gervais-mont-blanc.com×2
• youtube.com×2

Linked from (5)

• hotel2gares.com×2
• green-spa.com×2
• saint-gervais-mont-blanc.com×1
• aquacert-certification.com×1
• green-spa.fr×1