%2A%2A%2AQuels%20sont%20les%20impacts%20sur%20la%20plan%C3%A8te%20des%20biens%20et%20services%20produits%20par%20les%20entreprises%26nbsp%3B%3F%2A%2A%2A%0A%0A%23%23%20Objectifs%0A%0A%C3%89cobalyse%20%E2%80%94%20anciennement%26nbsp%3B%2AWikicarbone%2A%26nbsp%3B%E2%80%94%20%2A%2Adoit%20permettre%20aux%20fabricants%20de%20comprendre%20et%20de%20calculer%20l%E2%80%99impact%20des%20biens%2A%2A%20qu%E2%80%99ils%20distribuent%20en%20France.%20%0A%0ALe%20Textile%20et%20l%E2%80%99Alimentaire%20sont%20les%20premiers%20secteurs%20%C3%A0%20b%C3%A9n%C3%A9ficier%20de%20ces%20travaux.%0A%0A%23%23%20Contexte%0A%0A74%25%C2%A0des%20Fran%C3%A7ais%20aimeraient%20avoir%20plus%20d%E2%80%99informations%20sur%20l%E2%80%99impact%20environnemental%20et%20soci%C3%A9tal%20des%20produits%20qu%E2%80%99ils%20ach%C3%A8tent%20%28%5B14%C3%A8me%20barom%C3%A8tre%20de%20la%20consommation%20responsable%20Greenflex%20et%20ADEME%20-%202021%5D%28https%3A%2F%2Fpresse.ademe.fr%2Fwp-content%2Fuploads%2F2021%2F05%2FCP-Barometre-de-la-consommation-responsable-Version-Finale.pdf%29%29.%20%0A%0AR%C3%A9pondant%20%C3%A0%20cette%20demande%2C%20%2A%2Ala%20loi%20Climat%20et%20R%C3%A9silience%20renforce%20l%E2%80%99ambition%20de%20rendre%20l%E2%80%99affichage%20environnemental%20obligatoire%2A%2A%20%28%5Barticle%202%20loi%20climat%5D%28https%3A%2F%2Fwww.legifrance.gouv.fr%2Floda%2Farticle_lc%2FLEGIARTI000043957692%3Finit%3Dtrue%26page%3D1%26query%3Dloi%2Bclimat%2Bet%2Br%25C3%25A9silience%26searchField%3DALL%26tab_selection%3Dall%29%29.%0A%0ALa%20mise%20en%20%C5%93uvre%20de%20cette%20nouvelle%20obligation%20va%20prendre%20du%20temps%20et%20n%C3%A9cessite%20un%20travail%20collectif.%0A%0A%23%23%20Probl%C3%A8me%0A%0AAujourd%E2%80%99hui%2C%20calculer%20les%20impacts%20environnementaux%20d%E2%80%99un%20produit%20est%20un%20processus%20long%20et%20co%C3%BBteux%20pour%20une%20entreprise%2C%20pouvant%20aller%20de%20quelques%20milliers%20%28produit%20standard%2C%20ACV%20simplifi%C3%A9e%29%20%C3%A0%20plusieurs%20dizaines%20de%20milliers%20%28produit%20complexe%2C%20ACV%20compl%C3%A8te%2C%20collecte%20de%20donn%C3%A9es%20chronophage%29%20d%E2%80%99euros%20par%20produit.%0A%0A%23%23%20B%C3%A9n%C3%A9fices%0A%0AAvec%20%C3%89cobalyse%2C%20les%20entreprises%20et%20professionnels%20du%20secteur%20b%C3%A9n%C3%A9ficieront%20d%E2%80%99un%20%2A%2Aoutil%20p%C3%A9dagogique%20gratuit%20permettant%20de%20calculer%20facilement%20leurs%20impacts%20et%20ainsi%20d%E2%80%99amorcer%20leur%20transition%20vers%20des%20mod%C3%A8les%20de%20production%20plus%20durables%2A%2A.%0A%0ALes%20calculs%20r%C3%A9alis%C3%A9s%20avec%20%C3%89cobalyse%20apporteront%20aux%20entreprises%20un%20%C3%A9clairage%20sur%20l%E2%80%99impact%20de%20leurs%20produits%26nbsp%3B%3A%20%0A%0A-%20Impact%20global%20sur%20l%E2%80%99environnement%20selon%20un%20score%20agr%C3%A9g%C3%A9%20%28sur%20la%20base%20du%20score%20PEF%20europ%C3%A9en%29%0A-%20Impact%20sp%C3%A9cifique%20sur%20le%20changement%20climatique%2C%20l%E2%80%99utilisation%20des%20ressources%2C%20la%20biodiversit%C3%A9%2C%20etc%E2%80%A6%0A-%20Poids%20de%20chaque%20%C3%A9tape%20du%20cycle%20de%20vie%20selon%20des%20crit%C3%A8res%20simples%26nbsp%3B%3A%20pays%20de%20r%C3%A9alisation%20des%20diff%C3%A9rentes%20%C3%A9tapes%20de%20production%2C%20choix%20des%20ingr%C3%A9dients%20ou%20mati%C3%A8res%2C%20proc%C3%A9d%C3%A9s%20industriels%E2%80%A6%0A%0A%23%23%20D%C3%A9marche%0A%0A%2A%2ALes%20marques%20et%20leurs%20fournisseurs%20connaissent%20leurs%20produits%26nbsp%3B%3A%20leur%20contribution%20est%20n%C3%A9cessaire%20pour%20comprendre%20et%20%C3%A9valuer%20au%20mieux%20les%20impacts.%2A%2A%20%0A%0A%C3%89cobalyse%20vise%20dans%20un%20premier%20temps%20%C3%A0%20faire%20%C3%A9merger%20des%20valeurs%20de%20r%C3%A9f%C3%A9rence%20utilis%C3%A9es%20dans%20le%20calcul%20de%20l%E2%80%99impact%20environnemental%20%C3%A0%20partir%20de%20crit%C3%A8res%20simples%26nbsp%3B%3A%20ingr%C3%A9dients%20et%20mati%C3%A8res%2C%20pays%20d%E2%80%99origine%2C%20labels%20et%20proc%C3%A9d%C3%A9s%20de%20production%E2%80%A6%20%0A%0ACes%20valeurs%20de%20r%C3%A9f%C3%A9rence%20doivent%20%C3%AAtre%20d%C3%A9battues%20et%20confront%C3%A9es%20%C3%A0%20des%20%C3%A9valuations%20pr%C3%A9cises%20pour%20en%20appr%C3%A9cier%20l%E2%80%99int%C3%A9r%C3%AAt.%20Les%20r%C3%A8gles%20de%20calculs%20exp%C3%A9riment%C3%A9es%20dans%20%C3%89cobalyse%20serviront%20%C3%A0%20%C3%A9clairer%20la%20d%C3%A9finition%20d%E2%80%99une%20m%C3%A9thode%20r%C3%A9glementaire%2C%20qui%20sera%20fix%C3%A9e%20par%20d%C3%A9cret%20courant%202023%20pour%20le%20textile%20et%20l%E2%80%99alimentaire.

Ecobalyse

investigation

construction

default-src 'self' https://api.github.com https://ecobalyse-data.osc-fr1.scalingo.io https://raw.githubusercontent.com https://sentry.incubateur.net *.gouv.fr;frame-src 'self' https://stats.beta.gouv.fr https://www.loom.com;img-src 'self' data: blob: https://avatars.githubusercontent.com/ https://raw.githubusercontent.com;script-src 'self' 'unsafe-inline' https://stats.beta.gouv.fr;object-src blob:;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests

Diagnostics

Metrics

http

https

SPF Record - Detection

A DNS TXT record was detected. The TXT record lets a domain admin leave notes on a DNS server.

DNS TXT Record Detected

An NS record was detected. An NS record delegates a subdomain to a set of name servers.

NS Record Detection

An MX record was detected. MX records direct emails to a mail exchange server.

MX Record Detection

A CAA record was discovered. A CAA record is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain.

CAA Record

DNS DMARC - Detect

Setting the XSS-Protection header is deprecated. Setting the header to anything other than `0` can actually introduce an XSS vulnerability.

XSS-Protection Header - Cross-Site Scripting

This template searches for missing HTTP security headers. The impact of these missing headers can vary.


HTTP Missing Security Headers

robots.txt endpoint prober

WAF Detection

Extract the issuer's organization from the target's certificate. Issuers are entities which sign and distribute certificates.


Detect SSL Certificate Issuer

Extract the Subject Alternative Name (SAN) from the target's certificate. SAN facilitates the usage of additional hostnames with the same certificate.


SSL DNS Names

TLS version detection is a security process used to determine the version of the Transport Layer Security (TLS) protocol used by a computer or server.
It is important to detect the TLS version in order to ensure secure communication between two computers or servers.


TLS Version - Detect

Sentry is an open-source platform for workflow productivity, aggregating errors from across the stack in real time.

Sentry

Matomo Analytics is a free and open-source web analytics application, that runs on a PHP/MySQL web-server.

Matomo Analytics

OVHcloud is a global, cloud provider delivering hosted private cloud, public cloud, and dedicated server solutions.

OVHcloud

HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.

Impact	Description	Documentation
-20	Content Security Policy (CSP) implemented unsafely. This includes `'unsafe-inline'` or `data:` inside `script-src`, overly broad sources such as `https:` inside `object-src` or `script-src`, or not restricting the sources for `object-src` or `script-src`.	Remove `unsafe-inline` and `data:` from `script-src`, overly broad sources from `object-src` and `script-src`, and ensure `object-src` and `script-src` are set.
-5	`Referrer-Policy` header set unsafely to `origin`, `origin-when-cross-origin`, `unsafe-url` or `no-referrer-when-downgrade`.	Documentation for referrer-policy-private

https://ecobalyse.beta.gouv.fr

Nmap

Mozilla HTTP observatory

SSL

Expiration : 05/08/2025

Nuclei7 jours

severity	service	vulnerability
info	http (port:80)
info	https (port:443)

Séverité	Name	Matcher
info	SPF Record - Detection	spf-record-detect
info	DNS TXT Record Detected	txt-fingerprint
info	NS Record Detection	nameserver-fingerprint
info	MX Record Detection	mx-fingerprint
info	CAA Record	caa-fingerprint
info	DNS DMARC - Detect	dmarc-detect
info	XSS-Protection Header - Cross-Site Scripting	xss-deprecated-header
info	HTTP Missing Security Headers	cross-origin-embedder-policy
info	HTTP Missing Security Headers	permissions-policy
info	HTTP Missing Security Headers	clear-site-data
info	robots.txt endpoint prober	robots-txt-endpoint
info	WAF Detection	securesphere
info	Detect SSL Certificate Issuer	ssl-issuer
info	SSL DNS Names	ssl-dns-names
info	TLS Version - Detect	tls-version
info	TLS Version - Detect	tls-version