tomi.fr

.fr crawl

First seen 2026-04-23 · Last seen 2026-05-17 · ok HTTP/1.1 200 9839 ms crawled 2026-05-17

LT · 31.97.178.35 · AS47583 Hostinger International Limited

Reputation 100/100

sector tech type homepage

HTML metadata

Title: Tomi Bequet - Creative Developer Paris | React, Next.js, GSAP, Hygiène numérique
Description: Creative Developer basé à Paris. Développement web sur mesure (React, Next.js, GSAP), design UX/UI et hygiène numérique pour architectes, startups et studios créatifs. 14 ans d'expérience.
Language: fr
Canonical: https://www.tomi.fr/

Open Graph

url: https://www.tomi.fr/
title: Tomi Bequet - Creative Developer Paris | React, Next.js, GSAP, Hygiène numérique
locale: fr_FR
site name: Tomi Bequet Portfolio
description: Creative Developer basé à Paris. Développement web sur mesure (React, Next.js, GSAP), design UX/UI et hygiène numérique pour architectes, startups et studios créatifs. 14 ans d'expérience.

Technology

Server: nginx
CMS: Next.js

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Social

Contact

Address: 93100, Montreuil, Île-de-France, FR

Registration

Registrar

OVH

Created

2009-06-23

Expires

2026-06-23 35 days left

Updated

2025-09-20

Name servers

dns200.anycast.me
ns200.anycast.me

DNS records live

NS

dns200.anycast.me
ns200.anycast.me

TXT

brevo-code:c4ce87909ce2cd337c2159bd478887c9
google-site-verification=diQZPczmaI6kLRc4UWsiDtGCmGWgITnc2CRtav7FbtI

Email authentication strong

SPF: v=spf1 include:mx.ovh.com -all
strict (-all)
DMARC: v=DMARC1; p=quarantine; rua=mailto:rua@dmarc.brevo.com
policy: quarantine
DKIM: no key found at common selectors

Certificate (current)

R13

from 2026-04-12 to 2026-07-11

Expires in 53 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.tomi.fr/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy
cross-origin-opener-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: camera=(), microphone=(), geolocation=(), payment=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com; connect-src 'self' https://*.google-analytics.com https://www.googletagmanager.com; frame-src 'none'; object-src 'none'; base-uri 'self'; form-action 'self'
strict-transport-security: max-age=63072000; includeSubDomains
cross-origin-opener-policy: same-origin

Links to (12)

Linked from (1)

aldoria.com×2