%23%23%20Contexte%0ACarte%20Verte%20s%E2%80%99inscrit%20dans%20un%20objectif%20de%20politique%20publique%20de%20r%C3%A9duction%20de%20l%E2%80%99empreinte%20environnementale%20des%20fran%C3%A7ais%20et%20pose%20le%20constat%20suivant%20%3A%20l%E2%80%99empreinte%20environnementale%20de%20la%20consommation%20%28%E2%80%9Cje%20mange%E2%80%9D%2C%20%E2%80%9Cj%E2%80%99ach%C3%A8te%E2%80%9D%29%20des%20citoyens%20est%20trop%20%C3%A9lev%C3%A9e%20et%20peu%20de%20dispositifs%20existent%20pour%20l%E2%80%99abaisser%20%28contrairement%20aux%20champs%20des%20transports%20et%20du%20logement%29.%0A%0ASur%20cette%20base%2C%20l%E2%80%99%C3%A9quipe%20a%20concentr%C3%A9%20ses%20travaux%20sur%20le%20panier%20du%20quotidien%20%28alimentation%2C%20hygi%C3%A8ne%20%26%20beaut%C3%A9%2C%20entretien%20%26%20nettoyage%29%20et%20a%20cherch%C3%A9%20%C3%A0%20comprendre%20ce%20qui%20emp%C3%AAchait%20le%20changement%20d%E2%80%99habitude%20vers%20une%20consommation%20plus%20responsable.%20Apr%C3%A8s%20une%20s%C3%A9rie%20d%E2%80%99entretien%20et%20d%E2%80%99exploration%20des%20%C3%A9tudes%20existantes%2C%20les%20principaux%20apprentissages%20sont%20%3A%0A%0A-%20Le%20prix%20per%C3%A7u%20%3A%20premier%20frein%20pour%20consommer%20responsable%20%28%2Fbio%29%20ou%20accro%C3%AEtre%20sa%20consommation%20durable%20%28obstacle%20pour%2052%25%20des%20fran%C3%A7ais%20%28ObSoCo%2C%202020%29%29%0A-%20La%20consommation%20responsable%20n%E2%80%99est%20pas%20qu%E2%80%99une%20affaire%20de%20%C2%AB%C2%A0bobos%C2%A0%C2%BB%20et%20mobilise%20d%C3%A9j%C3%A0%20les%20jeunes%20%26%20les%20CSP-.%20N%C3%A9anmoins%2C%20ces%20derniers%20envisagent%20davantage%20de%20restreindre%20leur%20consommation%20durable%20pour%20des%20raisons%20financi%C3%A8res%0A-%20Pour%20l%E2%80%99alimentaire%2C%20le%20prix%20est%20per%C3%A7u%20comme%20trop%20%C3%A9lev%C3%A9%20lorsque%20l%E2%80%99on%20raisonne%20%C3%A0%20panier%20constant%20%28%20%3D%20panier%20standard%20avec%20des%20produits%20labellis%C3%A9s%20%E2%80%9Cresponsable%E2%80%9D%29%2C%20mais%2C%20lorsque%20l%27on%20raisonne%20%C3%A0%20apport%20nutritionnel%20%C3%A9quivalent%20en%20modifiant%20la%20r%C3%A9partition%20de%20produits%20achet%C3%A9s%2C%20le%20panier%20responsable%20n%E2%80%99est%20pas%20forc%C3%A9ment%20plus%20cher%E2%80%A6%20%28WWF%2C%202017%29%0A%0ALe%20d%C3%A9fi%20de%20Carte%20Verte%20est%20le%20suivant%20%3A%20comment%20faire%20pour%20rendre%20accessible%20le%20panier%20responsable%20du%20quotidien%20%3F%0A%0A%23%23%20La%20solution%20Carte%20Verte%0AUne%20premi%C3%A8re%20prise%20de%20temp%C3%A9rature%20aupr%C3%A8s%20de%20particuliers%20et%20de%20commer%C3%A7ants%20a%20r%C3%A9v%C3%A9l%C3%A9%20un%20bon%20accueil%20de%20l%E2%80%99id%C3%A9e%20Carte%20Verte%20%3A%0A-%2075%25%20des%20personnes%20interrog%C3%A9es%20se%20disent%20%22tr%C3%A8s%20int%C3%A9ress%C3%A9es%22.%0A-%20Parmi%20ces%20personnes%2C%20plus%20de%20la%20moiti%C3%A9%20consid%C3%A8re%20que%20cela%20leur%20permettrait%20de%20privil%C3%A9gier%20d%27un%20panier%20plus%20durable.%0A%0APar%20ailleurs%2C%20le%20%5Bretour%20d%E2%80%99exp%C3%A9rience%5D%28https%3A%2F%2Ffr.businessam.be%2Feco-cheque-gagne-popularite%2F%29%20des%20%C3%A9coch%C3%A8ques%20belges%20%28moyen%20de%20paiement%20jusqu%E2%80%99%C3%A0%20250%E2%82%AC%20%2F%20an%20destin%C3%A9%20%C3%A0%20l%E2%80%99achat%20exclusif%20de%20produits%20et%20services%20%C3%A0%20caract%C3%A8re%20%C3%A9cologique%29%20illustre%20un%20potentiel%20d%E2%80%99impact%20int%C3%A9ressant.%0A%0A%23%23%20L%E2%80%99exp%C3%A9rimentation%20Carte%20Verte%0ACarte%20Verte%20lance%20une%20exp%C3%A9rimentation%20pour%20%C3%A9valuer%20l%E2%80%99impact%20de%20sa%20proposition%20de%20valeur.%20L%E2%80%99exp%C3%A9rimentation%20sera%20un%20succ%C3%A8s%20si%20%3A%0A-%20les%20utilisateurs%20de%20Carte%20Verte%20augmentent%20significativement%20la%20part%20de%20produits%20durable%20dans%20leur%20budget%20%E2%80%9Cpanier%20du%20quotidien%E2%80%9D%20%28au%20d%C3%A9triment%20des%20produits%20standards%29%0A-%20L%E2%80%99effet%20d%E2%80%99aubaine%20et%20l%E2%80%99effet%20rebond%20sont%20limit%C3%A9s%0A%0A%23%23%20Historique%20du%20service%0AA%20ses%20d%C3%A9buts%2C%20Carte%20Verte%20s%E2%80%99appelait%20Mon%20Compte%20Consommation%20et%20reposait%20sur%20les%20hypoth%C3%A8ses%20suivantes%20%3A%0A%0A-%20La%20connaissance%20pr%C3%A9cise%20de%20l%E2%80%99empreinte%20carbone%20est-elle%20n%C3%A9cessaire%20pour%20changer%20les%20habitudes%0A-%20Les%20donn%C3%A9es%20de%20consommation%20peuvent-elles%20%C3%AAtre%20utilis%C3%A9es%20pour%20orienter%20les%20aides%20incitant%20%C3%A0%20une%20consommation%20plus%20vertueuse.%0A%0ALes%20recherches%20ont%20mis%20en%20avant%20que%20Mon%20Compte%20Consommation%20%3A%0A-%20Ne%20propose%20pas%20une%20proposition%20de%20valeur%20suffisamment%20attractive%20pour%20acqu%C3%A9rir%20les%20utilisateurs%20%28la%20pr%C3%A9cision%20de%20l%E2%80%99information%20sur%20leur%20impact%20individuel%20n%E2%80%99est%20pas%20un%20besoin.%20Les%20solutions%20existantes%20type%20NosGestesClimat%20ou%20Greenly%20sont%20suffisantes%29.%0A-%20La%20r%C3%A9tention%20est%20tr%C3%A8s%20difficile%20%28pas%20de%20r%C3%A9currence%20d%E2%80%99usage%29%0A-%20Les%20solutions%20d%E2%80%99information%20et%20de%20sensibilisation%20%C3%A9prouvent%20des%20difficult%C3%A9s%20%C3%A0%20aller%20au%20del%C3%A0%20de%20la%20prise%20de%20conscience%20%28peu%20de%20passage%20%C3%A0%20l%E2%80%99action%29%0A-%20La%20mise%20en%20oeuvre%20d%E2%80%99aide%20et%20de%20recommandation%20est%20difficilement%20faisable%20%28difficult%C3%A9s%20techniques%20et%20d%E2%80%99usages%20pour%20r%C3%A9cup%C3%A9rer%20les%20donn%C3%A9es%29%20et%20l%E2%80%99action%20a%20posteriori%20de%20l%E2%80%99achat%20limiterait%20l%E2%80%99impact.%0A%0AL%E2%80%99%C3%A9quipe%20a%20donc%20r%C3%A9aliser%20un%20pivot%20pour%20qui%20a%20aboutit%20%C3%A0%20la%20solution%20Carte%20Verte.

committee

Carte Verte

investigation

construction

default-src 'none'; connect-src 'self' https://*.gouv.fr; font-src 'self'; media-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' https://stats.beta.gouv.fr; style-src 'self' 'unsafe-inline'; object-src 'self' data:; frame-ancestors 'self'; base-uri 'self' https://*.gouv.fr; form-action 'self' https://*.gouv.fr; block-all-mixed-content ; upgrade-insecure-requests ; frame-src 'none';

Diagnostics

Metrics

http

https

DNS DMARC - Detect

SPF Record - Detection

A DNS TXT record was detected. The TXT record lets a domain admin leave notes on a DNS server.

DNS TXT Record Detected

A CAA record was discovered. A CAA record is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain.

CAA Record

An MX record was detected. MX records direct emails to a mail exchange server.

MX Record Detection

An NS record was detected. An NS record delegates a subdomain to a set of name servers.

NS Record Detection

Allowed Options Method

Setting the XSS-Protection header is deprecated. Setting the header to anything other than `0` can actually introduce an XSS vulnerability.

XSS-Protection Header - Cross-Site Scripting

This template searches for missing HTTP security headers. The impact of these missing headers can vary.


HTTP Missing Security Headers

robots.txt endpoint prober

WAF Detection

Extract the issuer's organization from the target's certificate. Issuers are entities which sign and distribute certificates.


Detect SSL Certificate Issuer

Extract the Subject Alternative Name (SAN) from the target's certificate. SAN facilitates the usage of additional hostnames with the same certificate.


SSL DNS Names

TLS version detection is a security process used to determine the version of the Transport Layer Security (TLS) protocol used by a computer or server.
It is important to detect the TLS version in order to ensure secure communication between two computers or servers.


TLS Version - Detect

Websites that have a shopping cart or checkout page, either using a known ecommerce platform or a custom solution.

Cart Functionality

Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.

Node.js

React is an open-source JavaScript library for building user interfaces or UI components.

React

Next.js is a React framework for developing single page Javascript applications.

Next.js

Matomo Analytics is a free and open-source web analytics application, that runs on a PHP/MySQL web-server.

Matomo Analytics

Tally is the simplest way to create free forms & surveys. Create any type of form in seconds, without knowing how to code, and for free.

Tally

Priority Hints exposes a mechanism for developers to signal a relative priority for browsers to consider when fetching resources.

Priority Hints

OVHcloud is a global, cloud provider delivering hosted private cloud, public cloud, and dedicated server solutions.

OVHcloud

Mailjet is an email delivery service for marketing and developer teams.

Mailjet

Webpack is an open-source JavaScript module bundler.

Webpack

Open Graph is a protocol that is used to integrate any web page into the social graph.

Open Graph

Module Federation is a webpack technology for dynamically loading parts of other independently deployed builds.

Impact	Description	Documentation
-20	Content Security Policy (CSP) implemented unsafely. This includes `'unsafe-inline'` or `data:` inside `script-src`, overly broad sources such as `https:` inside `object-src` or `script-src`, or not restricting the sources for `object-src` or `script-src`.	Remove `unsafe-inline` and `data:` from `script-src`, overly broad sources from `object-src` and `script-src`, and ensure `object-src` and `script-src` are set.
-20	Does not redirect to an HTTPS site.	Documentation for redirection-to-https
-20	`Strict-Transport-Security` header not implemented.	Add HSTS. Consider rolling out with shorter periods first (as suggested on https://hstspreload.org/).

risk	name
Medium (High)	CSP: script-src unsafe-inline
Medium (High)	CSP: style-src unsafe-inline
Low (High)	Strict-Transport-Security Header Not Set
Low (Low)	Timestamp Disclosure - Unix
Informational (High)	Sec-Fetch-Dest Header is Missing
Informational (High)	Sec-Fetch-Mode Header is Missing
Informational (High)	Sec-Fetch-Site Header is Missing
Informational (High)	Sec-Fetch-User Header is Missing
Informational (Medium)	Base64 Disclosure
Informational (Medium)	Content-Type Header Missing
Informational (Medium)	Non-Storable Content
Informational (Medium)	Storable and Cacheable Content
Informational (Medium)	Storable but Non-Cacheable Content
Informational (Low)	Information Disclosure - Suspicious Comments
Informational (Low)	Re-examine Cache-control Directives

https://carte-verte.beta.gouv.fr

Nmap

Mozilla HTTP observatory

SSL

Expiration : 30/09/2025

Scan OWASPenviron 3 heures

Nuclei4 mois

severity	service	vulnerability
info	http (port:80)
info	https (port:443)

Séverité	Name	Matcher
info	DNS DMARC - Detect	dmarc-detect
info	SPF Record - Detection	spf-record-detect
info	DNS TXT Record Detected	txt-fingerprint
info	CAA Record	caa-fingerprint
info	MX Record Detection	mx-fingerprint
info	NS Record Detection	nameserver-fingerprint
info	Allowed Options Method	options-method
info	XSS-Protection Header - Cross-Site Scripting	xss-deprecated-header
info	HTTP Missing Security Headers	strict-transport-security
info	HTTP Missing Security Headers	x-permitted-cross-domain-policies
info	HTTP Missing Security Headers	clear-site-data
info	robots.txt endpoint prober	robots-txt-endpoint
info	WAF Detection	apachegeneric
info	Detect SSL Certificate Issuer	ssl-issuer
info	SSL DNS Names	ssl-dns-names
info	TLS Version - Detect	tls-version
info	TLS Version - Detect	tls-version