welleo.fr

.fr crawl

First seen 2026-05-05 · Last seen 2026-05-05 · ok HTTP/1.1 200 3511 ms crawled 2026-05-11

FR · 51.255.66.40 · AS16276 OVH SAS

Reputation 100/100

Classifying

Technology

Server: Apache

Registration

Registrar

OVH

Created

2013-11-09

Expires

2026-11-09 172 days left

Updated

2025-12-31

Name servers

dns106.ovh.net
ns106.ovh.net

DNS records live

NS

dns106.ovh.net
ns106.ovh.net

MX

1 mx1.ovh.net
100 mxb.ovh.net
5 mx2.ovh.net

TXT

spf2.0/pra
v=DMARC1 ; p=quarantine; rua=mailto:admin@welleo.fr

Verified for

Brevo

Email authentication strong

SPF

v=spf1 ip4:164.132.84.65 ip4:51.255.66.40 include:mx.ovh.com include:servers.mcsv.net include:spf.mailjet.com ~all

softfail (~all)

DMARC

v=DMARC1 ; p=quarantine; rua=mailto:admin@welleo.fr

policy: quarantine

DKIM

k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…

selectors probed

Certificate (current)

R12

from 2026-05-03 to 2026-08-01

Expires in 72 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://welleo.fr/login

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
missing Permissions Policy

Header values

referrer-policy: no-referrer, strict-origin-when-cross-origin
x-frame-options: sameorigin
x-content-type-options: nosniff
content-security-policy: default-src 'self' cke4.ckeditor.com; base-uri welleo.fr; block-all-mixed-content; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-ancestors 'none'; frame-src 'none'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cke4.ckeditor.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; upgrade-insecure-requests; report-uri /csp/report
strict-transport-security: max-age=31536000;includeSubDomains;preload
content-security-policy-report-only: default-src 'self' cke4.ckeditor.com; base-uri welleo.fr; block-all-mixed-content; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-ancestors 'none'; frame-src 'none'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cke4.ckeditor.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; upgrade-insecure-requests; report-uri /csp/report

Linked from (1)

wellness-management.com×1