%23%23%20Contexte%0A%0ALes%20collectivit%C3%A9s%20locales%20sont%20aux%20avant-postes%20de%20la%20transition%20%C3%A9cologique%20en%20France.%20Avec%20des%20comp%C3%A9tences%20transverses%2C%20elles%20jouent%20tour%20%C3%A0%20tour%20un%20r%C3%B4le%20de%20financeur%2C%20m%C3%A9diateur%2C%20organisateur%2C%20quand%20elles%20ne%20sont%20pas%20elles-m%C3%AAmes%20commanditaires%20de%20projets%20%C3%A0%20impact.%0A%0ADepuis%202018%2C%20les%20%C3%A9tablissements%20publics%20de%20coop%C3%A9ration%20intercommunale%20%28EPCI%29%20de%20plus%20de%2020%20000%20habitants%20sont%20tenus%20de%20r%C3%A9aliser%20un%20Plan%20Climat%20Air%20%C3%89nergie%20Territorial%20%28PCAET%29%2C%20renouvel%C3%A9%20tous%20les%206%20ans%2C%20qui%20inclut%20obligatoirement%20un%20volet%20%E2%80%9Cadaptation%20au%20changement%20climatique%E2%80%9D.%20Ce%20volet%20doit%20%C3%AAtre%20pr%C3%A9sent%20dans%20la%20strat%C3%A9gie%20et%20le%20plan%20d%E2%80%99action%20mais%20aussi%20faire%20l%E2%80%99objet%20d%E2%80%99un%20diagnostic%20sp%C3%A9cifique.%0A%0ACette%20premi%C3%A8re%20repr%C3%A9sentation%20locale%20de%20la%20probl%C3%A9matique%20climatique%20sur%20le%20territoire%20pourrait%20%C3%AAtre%20une%20opportunit%C3%A9%20r%C3%A9elle%20pour%20les%20collectivit%C3%A9s%20de%20prendre%20conscience%20des%20enjeux%20et%20de%20favoriser%20l%27%C3%A9mergence%20de%20visions%20alternatives%20pour%20le%20territoire.%20Pourtant%2C%20la%20mise%20en%20conformit%C3%A9%20avec%20la%20r%C3%A9glementation%20prime%20sur%20l%27%C3%A9laboration%20de%20strat%C3%A9gies%20de%20transition%20concert%C3%A9es%20%3A%20le%20diagnostic%20est%20alors%20consid%C3%A9r%C3%A9%20comme%20une%20op%C3%A9ration%20technique%2C%20souvent%20r%C3%A9alis%C3%A9e%20par%20une%20entreprise%20externe%20%C3%A0%20la%20collectivit%C3%A9.%0A%0A%23%23%20Probl%C3%A8me%0A%0ADu%20fait%20que%20les%20effets%20du%20changement%20climatique%20sont%20ressentis%20au%20niveau%20local%2C%20on%20pourrait%20penser%20que%20les%20enjeux%20d%E2%80%99adaptation%20sont%20bien%20identifi%C3%A9s%20et%20appropri%C3%A9s.%20Ce%20n%E2%80%99est%20pourtant%20pas%20le%20cas%20%3A%20les%20diagnostics%20sont%20fortement%20standardis%C3%A9s%E2%80%A6%20Enjeux%20%E2%80%9Cd%C3%A9sincarn%C3%A9s%E2%80%9D%20et%20volets%20adaptation%20%E2%80%9Cg%C3%A9n%C3%A9riques%E2%80%9D%20d%C3%A9bouchent%20sur%20des%20strat%C3%A9gies%20%E2%80%9Chors%20sol%E2%80%9D.%0A%0AC%E2%80%99est%20pourtant%20sur%20la%20base%20d%E2%80%99un%20diagnostic%20exposant%20clairement%20les%20enjeux%20du%20territoire%20mais%20surtout%20compris%20et%20partag%C3%A9%20par%20l%E2%80%99ensemble%20des%20parties%20prenantes%20%28%C3%A9lus%2C%20services%20techniques%2C%20acteurs%20du%20territoire%29%2C%20que%20peuvent%20s%E2%80%99ouvrir%20des%20discussions%20constructives%20sur%20les%20probl%C3%A9matiques%20d%E2%80%99adaptation.%0A%0ADans%20ce%20cadre%2C%20Facili-TACCT%2C%20notre%20solution%20vise%20%C3%A0%20aider%20%2A%2Al%E2%80%99ensemble%20des%20parties%20prenantes%20%C3%A0%20mieux%20s%E2%80%99approprier%20leur%20diagnostic%20de%20vulne%CC%81rabilite%CC%81.%2A%2A%0A%0A%23%23%20Solution%0A%0A%2A%2AFacili-TACCT%20s%E2%80%99adresse%20aux%20charg%C3%A9.e.s%20de%20mission%20climat%20dans%20les%20collectivit%C3%A9s%2A%2A%20qui%20%3A%0A%0A%2A%20pr%C3%A9parent%20leur%20premier%20PCAET%0A%2A%20r%C3%A9visent%20le%20PCAET%20r%C3%A9alis%C3%A9%20plusieurs%20ann%C3%A9es%20auparavant%0A%2A%20m%C3%A8nent%20une%20d%C3%A9marche%20volontaire%20d%E2%80%99adaptation%20au%20changement%20climatique%2C%20en%20dehors%20d%E2%80%99un%20cadre%20r%C3%A9glementaire%20%28communes%2C%20PNR%E2%80%A6%29%0A%0ALes%20bureaux%20d%E2%80%99%C3%A9tude%20pourront%20%C3%A9galement%20s%E2%80%99appuyer%20sur%20les%20ressources%20mises%20%C3%A0%20disposition.%0A%0ALe%20service%20Facili-TACCT%20vise%20%C3%A0%20leur%20donner%20les%20cl%C3%A9s%20pour%20%3A%0A%0A1.%20%2A%2APr%C3%A9parer%20un%20diagnostic%20de%20vuln%C3%A9rabilit%C3%A9%20le%20plus%20qualitatif%20possible%2A%2A%0A2.%20%2A%2APermettre%20aux%20%C3%A9lus%20et%20services%20techniques%2C%20voire%20au%20del%C3%A0%20aux%20parties%20prenantes%2C%20de%20s%E2%80%99approprier%20ce%20diagnostic%2A%2A%0A%0APour%20se%20faire%2C%20Facili-TACCT%20%3A%0A%0A%2A%20prendra%20la%20forme%20d%E2%80%99un%20%2A%2Aoutil%20de%20r%C3%A9flexion%20sur%20les%20th%C3%A9matiques%20d%E2%80%99adaptation%20des%20territoires%2A%2A.%0A%2A%20apportera%20des%20%2A%2Adonn%C3%A9es%20socio-%C3%A9conomiques%20cl%C3%A9s%20mises%20en%20valeur%20et%20contextualis%C3%A9es%2A%2A%20%C3%A0%20chaque%20territoire.%0A%2A%20mobilisera%20les%20charg%C3%A9s%20de%20mission%20climat%20dans%20une%20%2A%2Acommunaut%C3%A9%20de%20pratique%20d%C3%A9di%C3%A9e%20%C3%A0%20l%E2%80%99adaptation%2A%2A%20au%20changement%20climatique%20des%20territoires.%0A%0A%2A%E2%80%94%2A%0A%0A%2ANote%20%3A%20Facili-TACCT%20est%20un%20service%20compl%C3%A9mentaire%20%C3%A0%20la%20plateforme%20%5BTACCT%5D%28https%3A%2F%2Ftacct.ademe.fr%2F%29%20%3A%2A%0A%0A%2A%20%2A%2A%2ALa%20plateforme%20TACCT%20propose%20un%20accompagnement%20global%20aux%20collectivit%C3%A9s%2A%2A%20souhaitant%20s%E2%80%99engager%20dans%20un%20programme%20ambitieux%20d%E2%80%99adaptation%20au%20changement%20climatique%20%3A%20diagnostic%20de%20vuln%C3%A9rabilit%C3%A9%2C%20d%C3%A9finition%20d%E2%80%99une%20trajectoire%20d%E2%80%99adaptation%20et%20d%E2%80%99un%20plan%20d%E2%80%99action%2C%20suivi-%C3%A9valuation.%2A%0A%2A%20%2A%2A%2AFacili-TACCT%20apporte%20une%20%28re%29lecture%20socio-%C3%A9co%20du%20territoire%20permettant%20d%E2%80%99enrichir%20le%20diagnostic%20de%20vuln%C3%A9rabilit%C3%A9%2A%2A.%20La%20collectivit%C3%A9%20aura%20toutes%20les%20cartes%20en%20main%20pour%20faire%20de%20l%E2%80%99adaptation%20un%20th%C3%A8me%20important%20de%20son%20PCAET%2C%20voire%20poursuivre%20en%20s%E2%80%99engageant%20dans%20une%20d%C3%A9marche%20d%E2%80%99adaptation%20au%20long%20court%20avec%20TACCT.%2A

committee

Facili-TACCT

investigation

construction

default-src 'none'; connect-src * https://*.gouv.fr; font-src 'self'; media-src 'self'; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' https://stats.beta.gouv.fr *.posthog.com; style-src 'self' 'unsafe-inline'; object-src 'self' data:; frame-ancestors 'none' http://localhost:5174/* http://localhost:5174 http://localhost:5173/* http://localhost:5173 https://mon-espace-collectivite-staging.osc-fr1.scalingo.io https://mon-espace-collectivite-demo.osc-secnum-fr1.scalingo.io https://les-communs-transition-ecologique-api-staging.osc-fr1.scalingo.io/sandbox/ https://preprod-app.territoiresentransitions.fr https://staging-app.territoiresentransitions.fr; base-uri 'self' https://*.gouv.fr; form-action 'self' https://*.gouv.fr; block-all-mixed-content ; upgrade-insecure-requests ; frame-src 'none';

Diagnostics

Metrics

http

https

SPF Record - Detection

A DNS TXT record was detected. The TXT record lets a domain admin leave notes on a DNS server.

DNS TXT Record Detected

An NS record was detected. An NS record delegates a subdomain to a set of name servers.

NS Record Detection

A CAA record was discovered. A CAA record is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain.

CAA Record

An MX record was detected. MX records direct emails to a mail exchange server.

MX Record Detection

Setting the XSS-Protection header is deprecated. Setting the header to anything other than `0` can actually introduce an XSS vulnerability.

XSS-Protection Header - Cross-Site Scripting

This template searches for missing HTTP security headers. The impact of these missing headers can vary.


HTTP Missing Security Headers

Extract the issuer's organization from the target's certificate. Issuers are entities which sign and distribute certificates.


Detect SSL Certificate Issuer

Extract the Subject Alternative Name (SAN) from the target's certificate. SAN facilitates the usage of additional hostnames with the same certificate.


SSL DNS Names

TLS version detection is a security process used to determine the version of the Transport Layer Security (TLS) protocol used by a computer or server.
It is important to detect the TLS version in order to ensure secure communication between two computers or servers.


TLS Version - Detect

Sentry is an open-source platform for workflow productivity, aggregating errors from across the stack in real time.

Sentry

Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.

Node.js

React is an open-source JavaScript library for building user interfaces or UI components.

React

Next.js is a React framework for developing single page Javascript applications.

Next.js

Emotion is a library designed for writing CSS styles with JavaScript.

Emotion

Tally is the simplest way to create free forms & surveys. Create any type of form in seconds, without knowing how to code, and for free.

Tally

Priority Hints exposes a mechanism for developers to signal a relative priority for browsers to consider when fetching resources.

Priority Hints

OVHcloud is a global, cloud provider delivering hosted private cloud, public cloud, and dedicated server solutions.

OVHcloud

HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.

HSTS

Webpack is an open-source JavaScript module bundler.

Webpack

Open Graph is a protocol that is used to integrate any web page into the social graph.

Open Graph

Module Federation is a webpack technology for dynamically loading parts of other independently deployed builds.

Impact	Description	Documentation
-20	Content Security Policy (CSP) implemented unsafely. This includes `'unsafe-inline'` or `data:` inside `script-src`, overly broad sources such as `https:` inside `object-src` or `script-src`, or not restricting the sources for `object-src` or `script-src`.	Remove `unsafe-inline` and `data:` from `script-src`, overly broad sources from `object-src` and `script-src`, and ensure `object-src` and `script-src` are set.

risk	name
Medium (High)	CSP: Wildcard Directive
Medium (High)	CSP: script-src unsafe-inline
Medium (High)	CSP: style-src unsafe-inline
Low (High)	CSP: Notices
Low (Low)	Timestamp Disclosure - Unix
Informational (High)	Sec-Fetch-Dest Header is Missing
Informational (High)	Sec-Fetch-Mode Header is Missing
Informational (High)	Sec-Fetch-Site Header is Missing
Informational (High)	Sec-Fetch-User Header is Missing
Informational (Medium)	Base64 Disclosure
Informational (Medium)	Content-Type Header Missing
Informational (Medium)	Storable and Cacheable Content
Informational (Medium)	Storable but Non-Cacheable Content
Informational (Low)	Information Disclosure - Suspicious Comments
Informational (Low)	Re-examine Cache-control Directives

https://facili-tacct.beta.gouv.fr

Nmap

Mozilla HTTP observatory

SSL

Expiration : 30/07/2025

Alertes Dependabot incubateur-ademe/facili-tacct

Scan OWASPenviron 1 heure

Nucleienviron 1 mois

severity	service	vulnerability
info	http (port:80)
info	https (port:443)

Séverité	Name	Matcher
info	SPF Record - Detection	spf-record-detect
info	DNS TXT Record Detected	txt-fingerprint
info	NS Record Detection	nameserver-fingerprint
info	CAA Record	caa-fingerprint
info	MX Record Detection	mx-fingerprint
info	XSS-Protection Header - Cross-Site Scripting	xss-deprecated-header
info	HTTP Missing Security Headers	x-permitted-cross-domain-policies
info	HTTP Missing Security Headers	clear-site-data
info	Detect SSL Certificate Issuer	ssl-issuer
info	SSL DNS Names	ssl-dns-names
info	TLS Version - Detect	tls-version
info	TLS Version - Detect	tls-version