remonterletemps.ign.fr

Score 89/100

Web site information

Website image remonterletemps.ign.fr
IP Address
JavaScript Frameworks
AngularJS
Font Scripts
Font Awesome
Maps
OpenLayers
Web Frameworks
Bootstrap

SEO data

title
Remonter le temps
fragment
!
twitter:card
twitter:image
{{ metaUrl }}
image
https://remonterletemps.ign.fr/bundles/ignrlt/images/charte/IGN_log_RVB_72.jpg
description
Observer les évolutions du territoires au cours du temps. Accéder au patrimoine cartographique et photographique de l’IGN.

Web site external calls

cdn.polyfill.io
piwik.ign.fr

Protocols

SSLv2
not offered
SSLv3
not offered
TLS 1.0
offered
TLS 1.1
offered
TLS 1.2
offered
TLS 1.3
not offered and downgraded to a weaker protocol
ALPN
not offered

Vulnerabilities

heartbleed
not vulnerable, no heartbeat extension
CCS
not vulnerable
ticketbleed
no session ticket extension
ROBOT
not vulnerable
SSL renegotiation
not vulnerable
SSL client renegotiation
not vulnerable
CRIME TLS
not vulnerable
BREACH
potentially VULNERABLE, uses gzip HTTP compression - only supplied '/' tested
POODLE SSL
not vulnerable
fallback SCSV
Probably oK
fallback SCSV
received non-RFC-compliant 'handshake failure' instead of 'inappropriate fallback'
SWEET32
not vulnerable
FREAK
not vulnerable
DROWN
not vulnerable to DROWN on this host and port
DROWN
Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=9A2402CAC213C46DCF7528D9FA8340E362EB22CAB5ECE808DCF0E75E17F17FB1
LOGJAM
not vulnerable, no DH EXPORT ciphers,
LOGJAM-common primes
no DH key
BEAST
VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)
LUCKY13
potentially vulnerable, uses TLS CBC ciphers
RC4
not vulnerable

Header Responses

Status code
200 OK ('/')
Clock skew
-126 seconds from localtime
HSTS time
365 days (=31536000 seconds) > 15465600 seconds
HSTS subdomains
includes subdomains
HSTS preload
domain is NOT marked for preloading
HPKP
No support for HTTP Public Key Pinning
security headers
--

Server Defaults

TLS extensions
'renegotiation info/#65281' 'server name/#0' 'EC point formats/#11' 'extended master secret/#23'
TLS session ticket
No lifetime advertised
SSL sessionID support
yes
Session Ticket Resumption
supported
Session ID Resumption
supported
TLS timestamp
random
Signature algorithm
SHA256 with RSA
Key size
2048 bits
Key usage
Digital Signature, Key Encipherment
Extended key usage
cert_ext_keyusage
Serial number
9D02432734D09D659CD56BBAA848E8D8
Fingerprint SHA1
DA514BE32E555BBB135A8351531CFE6412FFF4BF
Fingerprint SHA256
9A2402CAC213C46DCF7528D9FA8340E362EB22CAB5ECE808DCF0E75E17F17FB1
Certificate details
-----BEGIN CERTIFICATE----- MIIIVTCCBj2gAwIBAgIRAJ0CQyc00J1lnNVruqhI6NgwDQYJKoZIhvcNAQELBQAw eTELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURISU1ZT1RJUzEcMBoGA1UECwwTMDAw MiA0ODE0NjMwODEwMDAzNjEdMBsGA1UEYQwUTlRSRlItNDgxNDYzMDgxMDAwMzYx GTAXBgNVBAMMEENlcnRpZ25hIFdpbGQgQ0EwHhcNMjEwNjA2MjIwMDAwWhcNMjIw NjE5MjE1OTU5WjCBmTELMAkGA1UEBhMCRlIxETAPBgNVBAcMCFNUIE1BTkRFMUYw RAYDVQQKDD1JTlNUSVRVVCBOQVRJT05BTCBERSBMJ0lORk9STUFUSU9OIEdFT0dS QVBISVFVRSBFVCBGT1JFU1RJRVJFMRwwGgYDVQQLDBMwMDAyIDE4MDA2NzAxOTAw NDMwMREwDwYDVQQDDAgqLmlnbi5mcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBALikQE9L3wjWyZzJ2a0uIBijooMnNCmpCV5OBjzU4wqfsJiwFC4guWtM 66nftAQItdm1zYZsl+AmWO0XX5N/cqx7iz6YlTm1g69NQBcqxKkLOq01KFR5D5dv 9LROmN6sMRZgipwm3h8BUeHPDmZVrJBvSkYps1WxQ/JrpzbbXJel1EtGRzm6bquQ lxxk0HTTN/s3i4C6L3J3dM1R2JiHul0Ke975IgS0Vn1HTMOwjZ11OTBUwgdL8ePu C2bcjXlwOtlY6eFB6k7R/A5SiCGR3bKs3Bs+cqzSnjn183teZRHXDF+9arz/CPQH IgtNOtQjOwxhDfidTuIxOBRlMO7BR+MCAwEAAaOCA7UwggOxMIHUBggrBgEFBQcB AQSBxzCBxDAyBggrBgEFBQcwAoYmaHR0cDovL2F1dG9yaXRlLmNlcnRpZ25hLmZy L3dpbGRjYS5kZXIwNAYIKwYBBQUHMAKGKGh0dHA6Ly9hdXRvcml0ZS5kaGlteW90 aXMuY29tL3dpbGRjYS5kZXIwLAYIKwYBBQUHMAGGIGh0dHA6Ly93aWxkY2Eub2Nz cC5kaGlteW90aXMuY29tMCoGCCsGAQUFBzABhh5odHRwOi8vd2lsZGNhLm9jc3Au Y2VydGlnbmEuZnIwHwYDVR0jBBgwFoAUjnwXt7z3w7SY1rY1mSIqxMOeJGcwCQYD VR0TBAIwADBhBgNVHSAEWjBYMAgGBmeBDAECAjBMBgsqgXoBgTECBwECATA9MDsG CCsGAQUFBwIBFi9odHRwczovL3d3dy5jZXJ0aWduYS5jb20vYXV0b3JpdGUtY2Vy dGlmaWNhdGlvbjBdBgNVHR8EVjBUMCegJaAjhiFodHRwOi8vY3JsLmNlcnRpZ25h LmZyL3dpbGRjYS5jcmwwKaAnoCWGI2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS93 aWxkY2EuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8B Af8EBAMCBaAwGwYDVR0RBBQwEoIGaWduLmZygggqLmlnbi5mcjAdBgNVHQ4EFgQU c20hPk0p3BbhA5T/MIXiaq9w3gMwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1 AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAABeeV3B18AAAQDAEYw RAIgC8QaXhqED8P1dVdy7hi7AmiP83QxaRhEuK4YzyUqYjUCIC9nnm0MAD5x/EF/ qhaRm17OHzohHnFO0/MmAojHA4TcAHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tL x2jwkGKWBvYAAAF55XcIGwAABAMARjBEAiBJVjMH+6VBTEt0b56o6SlXMlD6JZnj 8CPxbSo8hjFu/gIgO+MKS3Xb78TLwxthTO5CEq8ZgY8YZBJSeaCJpFE7UGMAdwBv U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXnldwylAAAEAwBIMEYC IQDFjePGz3nHbaxQdkwVlZQoeA+fos7v0i63UQtYRqisDQIhAIPDxtAlSCip/5uR cexLZFKiYilSgEossVinE5zNLq1cMA0GCSqGSIb3DQEBCwUAA4ICAQBfm+RgeASK mjSzz4YZ3bTYGX3F9mWrwXlmqx7mVIlAHjbGohZUyIhYUg2CFSqdQ9yyrqM2rZz3 k3QFGYKJVpxbZzINq5FokLGnAz+jCuryeAihgmF8bZrxIp15eAXJRl7tm+v16Ocu 1w+YcZmaBwkky+AjZsHr+8I6SywthwdqMsSdmLrEFzzWtKNWMpLYocKHC6qbi/7Q kweOiD5p1vEhiB5k1IePcSk7pCfTP/fMYInREw/PRM02/ei0cd/p0qnEBqPi0dkQ F33cvNNlZ4MS6asHeBw4Xl291t/eZd2IOFIQBAxCk9CHyQ2bCXSIFfXOzlRJhszL QLpRGEy5i4dfTM9mCOxFWHVMW9+iW8G4qVkEICZLG4M24e7o8WQ0RqhaM8zmvy/Q jCIHP6Mt0KePx7jShmk6we5kGclDO74Pma1mkRdQDPp/5tyPO0dl9BZKBYdU1RbU EeGjw3Db9oDgj9SSWExzz1G9KZlroUiJqIeRHSoTJQMvPtvh3pET9QsDluk151p0 lBDBlP7k/8LgquHF4j5Ibg2K7U2nla93cWvNkr7RKDIcb+hM6XhK83qT5oShf1t4 jEj/hjKqwrVx3kuh6SiZAah2Bey917t5HeJPXbhwJkZu6ZugTx6QQjpa2l26YRHg 0PBVYpJxmC60nDhDHMzZ7WvOdnB7WGmPRw== -----END CERTIFICATE-----
Common names
*.ign.fr
Service Name Indication
*.ign.fr
SubjectAlternative Name
ign.fr *.ign.fr
Certificate authority issuers
Certigna Wild CA (DHIMYOTIS from FR)
Certificate trusted
Ok via SAN wildcard and CN wildcard (same w/o SNI)
Certificate chain trusted
passed.
Is certificate Extended Validation
no
Days before expiry
246 >= 60 days
Valid from
2021-06-07 00:00
Valid until
2022-06-19 23:59
Chain
2
CRL distribution points
http://crl.certigna.fr/wildca.crl http://crl.dhimyotis.com/wildca.crl
Online Certificate Status Protocol URL
http://wildca.ocsp.dhimyotis.com http://wildca.ocsp.certigna.fr
OCSP stapling
not offered
cert mustStapleExtension
--
DNS CAArecord
--
certificate transparency
yes (certificate extension)

Server Preferences

order
server
Which protocol negotiated
Default protocol TLS1.2
negotiated
ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
order TLSv1
ECDHE-RSA-AES128-SHA
order TLSv1 1
ECDHE-RSA-AES128-SHA
order TLSv1 2
ECDHE-RSA-AES128-GCM-SHA256

Perfect Forward Secrecy

PFS
offered
PFS s
ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
ECDHE curves
prime256v1 secp384r1

Ciphers

ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(0xc030)
ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
(0xc028)
ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
(0xc014)
AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
(0x9d)
AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
(0x3d)
AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
(0x35)
ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(0xc02f)
ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
(0xc027)
ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(0xc013)
AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
(0x9c)
AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
(0x3c)
AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
(0x2f)

Browser Simulations

Android 2.3.7
TLSv1.0 AES128-SHA
Android 4.1.1
TLSv1.0 ECDHE-RSA-AES128-SHA
Android 4.3
TLSv1.0 ECDHE-RSA-AES128-SHA
Android 4.4.2
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Android 5.0.0
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Android 6.0
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Android 7.0
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows Chrome 51
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows Chrome 57
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows Firefox 47
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows Firefox 53
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows XP Internet Explorer 6
No connection
Windows Vista Internet Explorer 7
TLSv1.0 ECDHE-RSA-AES128-SHA
Windows XP Internet Explorer 8
No connection
Windows 7 Internet Explorer 8
TLSv1.0 ECDHE-RSA-AES128-SHA
Windows 7 Internet Explorer 11
TLSv1.2 ECDHE-RSA-AES128-SHA
Windows 8.1 Internet Explorer 11
TLSv1.2 ECDHE-RSA-AES128-SHA
Windows 8.1 update Internet Explorer 11
TLSv1.2 ECDHE-RSA-AES128-SHA
Windows 10 Internet Explorer 11
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows 10 Edge 13
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows Phone 10 Edge 13
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows 7 Opera 17
TLSv1.2 ECDHE-RSA-AES128-SHA
MacOSX 10.6.8 Safari 5.1.9
TLSv1.0 ECDHE-RSA-AES128-SHA
iOS 7 Safari 7
TLSv1.2 ECDHE-RSA-AES128-SHA
MacOSX 10.11 Safari 9
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
MacOSX 10.12 Safari 10
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
iOS 9 App Transport Security 9
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
Windows 7 Tor 7.0.9
TLSv1.0 ECDHE-RSA-AES128-SHA
Java 6 update 45
TLSv1.0 AES128-SHA
Java 7 update 25
TLSv1.0 ECDHE-RSA-AES128-SHA
Java 8 update 31
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
OpenSSL 1.1.1
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
OpenSSL 1.0.2e
TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256