verney-carron.com

.com crawl

First seen 2026-05-28 · Last seen 2026-05-30 · ok HTTP/1.1 200 655 ms crawled 2026-05-30

FR · 185.153.11.158 · AS199758 SAS Nexylan

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title

VERNEY-CARRON

Language

Canonical

https://www.verney-carron.com/fr/

Translations

Technology

Server: Apache
CMS: Gatsby

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×1

Contact

Address: 54 BOULEVARD THIERS, 42000, SAINT-ETIENNE, France

Registration

Registrar

Gandi SAS

Created

1997-06-10

Expires

2026-06-09 5 days left

Updated

2025-06-17

Name servers

ns-234-c.gandi.net
ns-59-a.gandi.net
ns-98-b.gandi.net

DNS records live

NS

ns-234-c.gandi.net
ns-59-a.gandi.net
ns-98-b.gandi.net

MX

0 verneycarron-com01e.mail.protection.outlook.com

Verified for

Google
Microsoft 365

Email authentication partial

SPF

v=spf1 include:spf.mailjet.com include:eskerondemand.com include:spf.protection.outlook.com include:amazonses.com -all

strict (-all)

DMARC

v=DMARC1; p=none; pct=100; ruf=mailto:dmarc@verney-carron.com; rua=mailto:dmarc@verney-carron.com; fo=1

policy: none (monitoring only)

DKIM

selector1: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwHoZ04WQTsjQ51D+Hfy7cuuAndv/ZarNPRvJXu9h8Wjjzr5RpmBfmEI6PoRF7tnbIVuPxfBWF80e4AxfBRF…
selector2: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQ1zs0B024GWCs0rmWPXuJqyKosAihZNm/AtcojftRTl3Cf/YNsepQyJOoWnY6LgHyhrGOA1iO3GMf…

selectors probed

Certificate (current)

R13

from 2026-04-23 to 2026-07-22

Expires in 48 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 45/100 Checked live page: https://www.verney-carron.com/fr/

present

content-security-policy-report-only
x-frame-options
x-content-type-options

findings

missing HSTS
missing Content Security Policy
weak frame protection
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN, SAMEORIGIN
x-content-type-options: nosniff
content-security-policy-report-only: font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com https://www.googletagmanager.com *.googleapis.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com https://fonts.bunny.net 'self' data: *.stripe.com *.stripecdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.link.com *.amazon.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com *.link.com *.amazon.com 'self'; frame-src fast.amc.demdex.net *.adobe.com

Links to (1)

dropbox.com×1

Linked from (1)

cybergun.com×1