urlscan.io logo urlscan.io
SecurityTrails logo

auth-staging.api.gouv.fr Open in urlscan Pro
149.202.185.156  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://monitoring.particulier-staging.api.gouv.fr/
Effective URL: https://auth-staging.api.gouv.fr/users/start-sign-in
Submission Tags: phishingrod
Submission: On April 17 via api from DE — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 149.202.185.156, located in France and belongs to OVH, FR. The main domain is auth-staging.api.gouv.fr.
TLS certificate: Issued by R3 on March 17th 2023. Valid for: 3 months.
This is the only time auth-staging.api.gouv.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 3 149.202.169.91 16276 (OVH)
2 15 149.202.185.156 16276 (OVH)
2 149.202.75.82 16276 (OVH)
15 3
Apex Domain
Subdomains		 Transfer
18 api.gouv.fr
monitoring.particulier-staging.api.gouv.fr
auth-staging.api.gouv.fr
964 KB
2 data.gouv.fr
stats.data.gouv.fr — Cisco Umbrella Rank: 560385
21 KB
15 2
Domain Requested by
15 auth-staging.api.gouv.fr 2 redirects auth-staging.api.gouv.fr
3 monitoring.particulier-staging.api.gouv.fr 3 redirects
2 stats.data.gouv.fr auth-staging.api.gouv.fr
stats.data.gouv.fr
15 3
Subject Issuer Validity Valid
app-staging.moncomptepro.beta.gouv.fr
R3		 2023-03-17 -
2023-06-15		 3 months crt.sh
stats.data.gouv.fr
R3		 2023-02-19 -
2023-05-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://auth-staging.api.gouv.fr/users/start-sign-in
Frame ID: E6900CDB7C36C49C69889AC12064F929
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

MonComptePro

Page URL History Show full URLs

  1. https://monitoring.particulier-staging.api.gouv.fr/ HTTP 302
    https://monitoring.particulier-staging.api.gouv.fr/login HTTP 307
    https://monitoring.particulier-staging.api.gouv.fr/login/generic_oauth HTTP 302
    https://auth-staging.api.gouv.fr/oauth/authorize?access_type=online&client_id=vu7qehrgvmynk7s2ssguuzth2fmyhum... HTTP 303
    https://auth-staging.api.gouv.fr/interaction/TYEXPJQWjcH8QLEIpSaMO HTTP 302
    https://auth-staging.api.gouv.fr/users/start-sign-in Page URL

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

982 kB
Transfer

1029 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://monitoring.particulier-staging.api.gouv.fr/ HTTP 302
    https://monitoring.particulier-staging.api.gouv.fr/login HTTP 307
    https://monitoring.particulier-staging.api.gouv.fr/login/generic_oauth HTTP 302
    https://auth-staging.api.gouv.fr/oauth/authorize?access_type=online&client_id=vu7qehrgvmynk7s2ssguuzth2fmyhum74xqjd7rca9edraq9ggkebey73hkgysw2dq3vu6kp2xzrndumurw7eq964826yypqgb5bjr53wkk7ejdjc6wrhyqktqge6qma&redirect_uri=https%3A%2F%2Fmonitoring.particulier-staging.api.gouv.fr%2Flogin%2Fgeneric_oauth&response_type=code&scope=openid+email+profile+organizations&state=bjZk_ZU1yHyTYU4vpcQyTbPb7iD1nL0ebHhAUVLj3TM%3D HTTP 303
    https://auth-staging.api.gouv.fr/interaction/TYEXPJQWjcH8QLEIpSaMO HTTP 302
    https://auth-staging.api.gouv.fr/users/start-sign-in Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request start-sign-in
auth-staging.api.gouv.fr/users/
Redirect Chain
  • https://monitoring.particulier-staging.api.gouv.fr/
  • https://monitoring.particulier-staging.api.gouv.fr/login
  • https://monitoring.particulier-staging.api.gouv.fr/login/generic_oauth
  • https://auth-staging.api.gouv.fr/oauth/authorize?access_type=online&client_id=vu7qehrgvmynk7s2ssguuzth2fmyhum74xqjd7rca9edraq9ggkebey73hkgysw2dq3vu6kp2xzrndumurw7eq964826yypqgb5bjr53wkk7ejdjc6wrhyq...
  • https://auth-staging.api.gouv.fr/interaction/TYEXPJQWjcH8QLEIpSaMO
  • https://auth-staging.api.gouv.fr/users/start-sign-in
6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth-staging.api.gouv.fr/users/start-sign-in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
870547f8ba73e71c8ca22420b26b6418c4d7e691c5c7279881edc5989d714590
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Content-Type
text/html; charset=utf-8
Date
Mon, 17 Apr 2023 22:01:37 GMT
ETag
W/"17e4-WBt7pd9aedWpbDUoQR+67Fla3U4"
Pragma
no-cache
Server
nginx/1.18.0 (Ubuntu)
Strict-Transport-Security
max-age=15552000
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
off
X-Download-Options
noopen
X-Frame-Options
DENY
X-Robots-Tag
noindex,nofollow
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Length
84
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Content-Type
text/html; charset=utf-8
Date
Mon, 17 Apr 2023 22:01:37 GMT
Location
/users/start-sign-in
Pragma
no-cache
Server
nginx/1.18.0 (Ubuntu)
Strict-Transport-Security
max-age=15552000
Vary
Accept
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
off
X-Download-Options
noopen
X-Frame-Options
DENY
X-Robots-Tag
noindex,nofollow
X-XSS-Protection
1; mode=block
application_20230109.css
auth-staging.api.gouv.fr/assets/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth-staging.api.gouv.fr/assets/application_20230109.css
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/users/start-sign-in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
0a6a0b3829bb24f3695ed5d3b6fb6b502c9557be6a172da004932e3adf7a2dba
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://auth-staging.api.gouv.fr/users/start-sign-in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Mon, 17 Apr 2023 22:01:37 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
3827
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 07 Apr 2023 10:11:53 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"ef3-1875b337a28"
X-Download-Options
noopen
X-Frame-Options
DENY
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Robots-Tag
noindex,nofollow
dsfr.min.css
auth-staging.api.gouv.fr/assets/ 		502 KB
502 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth-staging.api.gouv.fr/assets/dsfr.min.css
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/users/start-sign-in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
2d47402782d5fe38d2d825b4acc655a43b40cd92c458484f4bb85a16171a7e66
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://auth-staging.api.gouv.fr/users/start-sign-in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Mon, 17 Apr 2023 22:01:37 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
513735
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 07 Apr 2023 10:16:56 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"7d6c7-1875b381b13"
X-Download-Options
noopen
X-Frame-Options
DENY
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Robots-Tag
noindex,nofollow
utility.css
auth-staging.api.gouv.fr/assets/utility/ 		306 KB
307 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth-staging.api.gouv.fr/assets/utility/utility.css
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/users/start-sign-in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
42da0800190b4121261416ab83209ff03ce7d8dc41d6eabfea7022bb816741f7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://auth-staging.api.gouv.fr/users/start-sign-in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Mon, 17 Apr 2023 22:01:37 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
313571
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 07 Apr 2023 10:16:56 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"4c8e3-1875b381b4f"
X-Download-Options
noopen
X-Frame-Options
DENY
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Robots-Tag
noindex,nofollow
matomo.js
auth-staging.api.gouv.fr/assets/ 		514 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth-staging.api.gouv.fr/assets/matomo.js
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/users/start-sign-in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
6b613fd85cf9f0822d62b0d0d8ecfa314e0bf0298acfbde1d6d67e7859fef39c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://auth-staging.api.gouv.fr/users/start-sign-in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Mon, 17 Apr 2023 22:01:37 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
514
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 07 Apr 2023 10:11:53 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"202-1875b337a28"
X-Download-Options
noopen
X-Frame-Options
DENY
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Robots-Tag
noindex,nofollow
logo_moncomptepro_label.svg
auth-staging.api.gouv.fr/assets/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth-staging.api.gouv.fr/assets/logo_moncomptepro_label.svg
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/users/start-sign-in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3924b27232f6b1bec1a5ba365c38ecde5b44b15a035bae67937ce1a47ba2efbe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://auth-staging.api.gouv.fr/users/start-sign-in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Mon, 17 Apr 2023 22:01:38 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
14728
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 07 Apr 2023 10:11:53 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"3988-1875b337a28"
X-Download-Options
noopen
X-Frame-Options
DENY
Content-Type
image/svg+xml
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Robots-Tag
noindex,nofollow
go-back.js
auth-staging.api.gouv.fr/assets/ 		226 B
971 B 		Script
General
Check archive.org
Download Go to
Full URL
https://auth-staging.api.gouv.fr/assets/go-back.js
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/users/start-sign-in
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
b33d54f9b290249f723e1f7785cb0a230891fe2bb4b12d90734a21f8e188c8dd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://auth-staging.api.gouv.fr/users/start-sign-in
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Mon, 17 Apr 2023 22:01:38 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
226
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 07 Apr 2023 10:11:53 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"e2-1875b337a28"
X-Download-Options
noopen
X-Frame-Options
DENY
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Robots-Tag
noindex,nofollow
matomo.js
stats.data.gouv.fr/ 		64 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.data.gouv.fr/matomo.js
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/assets/matomo.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.202.75.82 , France, ASN16276 (OVH, FR),
Reverse DNS
stats-02.infra.data.gouv.fr
Software
nginx /
Resource Hash
d7fc375178c93a2fc15fd888e30170eedf4ef3d04497e7f951ab7bfe0c921693

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://auth-staging.api.gouv.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma
public
date
Mon, 17 Apr 2023 22:01:38 GMT
content-encoding
gzip
last-modified
Tue, 21 Mar 2023 10:08:45 GMT
server
nginx
etag
W/"6419822d-10132"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=3600, public
expires
Mon, 17 Apr 2023 23:01:38 GMT
arrow-right-line.svg
auth-staging.api.gouv.fr/assets/icons/system/ 		189 B
910 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth-staging.api.gouv.fr/assets/icons/system/arrow-right-line.svg
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/assets/dsfr.min.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
2929a4704a947bad8f1bb7cd2e442b4df9f6cd201a86c5e38302586c9db5bbda
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth-staging.api.gouv.fr/assets/dsfr.min.css
Origin
https://auth-staging.api.gouv.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Mon, 17 Apr 2023 22:01:38 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
189
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 07 Apr 2023 10:16:56 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"bd-1875b381b1b"
X-Download-Options
noopen
X-Frame-Options
DENY
Content-Type
image/svg+xml
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Robots-Tag
noindex,nofollow
arrow-left-line.svg
auth-staging.api.gouv.fr/assets/icons/system/ 		184 B
905 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth-staging.api.gouv.fr/assets/icons/system/arrow-left-line.svg
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/assets/utility/utility.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e259701c0139abf35cac8a0cc8dd2b02db853a3b850181f8285e75ecc351caf8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth-staging.api.gouv.fr/assets/utility/utility.css
Origin
https://auth-staging.api.gouv.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Mon, 17 Apr 2023 22:01:38 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
184
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 07 Apr 2023 10:16:56 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"b8-1875b381b1b"
X-Download-Options
noopen
X-Frame-Options
DENY
Content-Type
image/svg+xml
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Robots-Tag
noindex,nofollow
Marianne-Bold.woff2
auth-staging.api.gouv.fr/assets/fonts/ 		41 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://auth-staging.api.gouv.fr/assets/fonts/Marianne-Bold.woff2
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/assets/dsfr.min.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3f585632ed9bc498bc9fc995f1e7f8851b64ac667b8f8692662fe472bc0f6d65
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth-staging.api.gouv.fr/assets/dsfr.min.css
Origin
https://auth-staging.api.gouv.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Mon, 17 Apr 2023 22:01:38 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
42092
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 07 Apr 2023 10:16:56 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"a46c-1875b381b17"
X-Download-Options
noopen
X-Frame-Options
DENY
Content-Type
font/woff2
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Robots-Tag
noindex,nofollow
Marianne-Regular.woff2
auth-staging.api.gouv.fr/assets/fonts/ 		40 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://auth-staging.api.gouv.fr/assets/fonts/Marianne-Regular.woff2
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/assets/dsfr.min.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
7ce61538d829ac928d226e371c99066f6f697338a4a587d71236e86e39dbb821
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth-staging.api.gouv.fr/assets/dsfr.min.css
Origin
https://auth-staging.api.gouv.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Mon, 17 Apr 2023 22:01:38 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
41328
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 07 Apr 2023 10:16:56 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"a170-1875b381b17"
X-Download-Options
noopen
X-Frame-Options
DENY
Content-Type
font/woff2
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Robots-Tag
noindex,nofollow
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ea6aa5834670226ebde62f484f7caaa373afab7ca02b4a4cfd57845aa1f8e613

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e2a4374e092811b786ccd1b48088f4f647f3699abec96fa0fa37e388306057ed

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
external-link-line.svg
auth-staging.api.gouv.fr/assets/icons/system/ 		230 B
951 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth-staging.api.gouv.fr/assets/icons/system/external-link-line.svg
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/assets/dsfr.min.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e6f54f5ea8ae2921980b307fa4b770105f9a607d055f88bbd8abc2207b5076c8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth-staging.api.gouv.fr/assets/dsfr.min.css
Origin
https://auth-staging.api.gouv.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Mon, 17 Apr 2023 22:01:38 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
230
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 07 Apr 2023 10:16:56 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"e6-1875b381b1b"
X-Download-Options
noopen
X-Frame-Options
DENY
Content-Type
image/svg+xml
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Robots-Tag
noindex,nofollow
Marianne-Medium.woff2
auth-staging.api.gouv.fr/assets/fonts/ 		41 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://auth-staging.api.gouv.fr/assets/fonts/Marianne-Medium.woff2
Requested by
Host: auth-staging.api.gouv.fr
URL: https://auth-staging.api.gouv.fr/assets/dsfr.min.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
149.202.185.156 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
bc750a156d8c73e0564197f87d01f6093dfe646a7402bcaed1f6e1e0f5d6c5ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth-staging.api.gouv.fr/assets/dsfr.min.css
Origin
https://auth-staging.api.gouv.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date
Mon, 17 Apr 2023 22:01:38 GMT
Content-Security-Policy
default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
41940
X-XSS-Protection
1; mode=block
Last-Modified
Fri, 07 Apr 2023 10:16:56 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
W/"a3d4-1875b381b17"
X-Download-Options
noopen
X-Frame-Options
DENY
Content-Type
font/woff2
Cache-Control
public, max-age=604800
Accept-Ranges
bytes
X-Robots-Tag
noindex,nofollow
matomo.php
stats.data.gouv.fr/ 		0
193 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.data.gouv.fr/matomo.php?action_name=MonComptePro&idsite=85&rec=1&r=969443&h=22&m=1&s=38&url=https%3A%2F%2Fauth-staging.api.gouv.fr%2Fusers%2Fstart-sign-in&_id=b2aeccb4aa1c29a2&_idn=1&send_image=0&_refts=0&cookie=1&res=1600x1200&pv_id=REnasa&pf_net=0&pf_srv=24&pf_tfr=1&pf_dm1=164&uadata=%7B%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D
Requested by
Host: stats.data.gouv.fr
URL: https://stats.data.gouv.fr/matomo.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
149.202.75.82 , France, ASN16276 (OVH, FR),
Reverse DNS
stats-02.infra.data.gouv.fr
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth-staging.api.gouv.fr/
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

date
Mon, 17 Apr 2023 22:01:38 GMT
referrer-policy
origin
x-content-type-options
nosniff
server
nginx
vary
Origin
access-control-allow-origin
https://auth-staging.api.gouv.fr
access-control-allow-credentials
true
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| _paq object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log

9 Cookies

Domain/Path Name / Value
auth-staging.api.gouv.fr/oauth/authorize/TYEXPJQWjcH8QLEIpSaMO Name: api_gouv_interaction_resume
Value: TYEXPJQWjcH8QLEIpSaMO
auth-staging.api.gouv.fr/oauth/authorize/TYEXPJQWjcH8QLEIpSaMO Name: api_gouv_interaction_resume.sig
Value: TH4d0abU07O5WYoLUzRi_Kq5E6g
auth-staging.api.gouv.fr/interaction/TYEXPJQWjcH8QLEIpSaMO Name: api_gouv_interaction
Value: TYEXPJQWjcH8QLEIpSaMO
auth-staging.api.gouv.fr/interaction/TYEXPJQWjcH8QLEIpSaMO Name: api_gouv_interaction.sig
Value: GuSD1xxhp39llnwg6CrQsH1Yhek
monitoring.particulier-staging.api.gouv.fr/ Name: redirect_to
Value: %2F
monitoring.particulier-staging.api.gouv.fr/ Name: oauth_state
Value: f398889140ecf11e895fe2c5fe23a310845274ed7b44a2d1b1fbceda612ed33a
auth-staging.api.gouv.fr/ Name: connect.sid
Value: s%3ASdrTqwAWyBAk4DbZFpjo8ygo3iNZCRsh.ObsP22A%2FUIiKqbkl%2FlaVfRToE3mIUCg3eHwLvuSsvVA
auth-staging.api.gouv.fr/ Name: _pk_id.85.f00e
Value: b2aeccb4aa1c29a2.1681768898.
auth-staging.api.gouv.fr/ Name: _pk_ses.85.f00e
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; img-src 'self' data: stats.data.gouv.fr; connect-src 'self' stats.data.gouv.fr; script-src 'self' stats.data.gouv.fr; style-src 'self'; font-src 'self' data:
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block