axa.ch

HTML metadata

Title

AXA – insurance & pension provision in Switzerland

Description

At AXA, you’ll find insurance & pension provision for Switzerland that suit you, whether liability insurance or car insurance.

Language

en

Canonical

https://www.axa.ch/en/private-customers.html

Translations

de
en
fr
it

Open Graph

url: https://www.axa.ch/en/private-customers.html
title: AXA – insurance & pension provision in Switzerland
site name: AXA Schweiz | AXA – insurance & pension provision in Switzerland
description: At AXA, you’ll find insurance & pension provision for Switzerland that suit you, whether liability insurance or car insurance.

Technology

Server: Apache

Analytics

Google Tag Manager

Third-party hosts loaded (1)

www.googletagmanager.com×2

Social

Contact

Phone

+41800809809

Address

General-Guisan-Strasse 40, 8400, Winterthur, CH

DNS records live

NS

dns1.swisscom.com
dns2.swisscom.com
dns3.swisscom.com

MX

10 mxa-00181c02.gslb.pphosted.com
10 mxb-00181c02.gslb.pphosted.com

TXT

Show 5 TXT records

_3nnv2nf85ea8dlo71dy0ldt4af1a79d
yqw5yvzh84d3cd0pb3yj6xfzy99dn014
stygbrbjtmnt9jh8pv3g3wlgdmhpyt3w
39swr58dp09fcvt5nl1hfxv48rv7t8vk
_0vkfiwttnl8kkmxyy9qhagnsj5mt0t4

Verified for

Adobe
Apple
Dynatrace
Google
Microsoft 365
MongoDB

Email authentication strong

SPF: v=spf1 mx ip4:163.156.213.128/25 ip4:171.18.34.0/24 include:_spf.axa.com -all
strict (-all)
DMARC: v=DMARC1; p=reject; fo=1; pct=100; rua=mailto:messaging.report@axa.ch, mailto:dmarc.report@axa.com,mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:messaging.report@axa.ch,mailto:dmarc.failure@axa.com,mailto:dmarc_ruf@emaildefense.proofpoint.com; aspf=s; adkim=s
policy: reject (enforced)
DKIM: no key found at common selectors

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1

from 2026-04-17 to 2026-11-02

Expires in 154 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.axa.ch/en/private-customers.html

present

strict-transport-security
content-security-policy
content-security-policy-report-only
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: DENY
x-content-type-options: nosniff
content-security-policy: default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors 'self'; upgrade-insecure-requests ; report-uri https://www.acc.axa.ch/servlets/external/csp-reports.csp
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy-report-only: default-src https://*.axa.ch blob: data: https://*.axa.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.axa.ch https://www.googletagmanager.com https://cdn.cookielaw.org https://cdn.mouseflow.com https://maps.google.com https://maps.googleapis.com https://connect.facebook.net https://axa-winterthur.dimelochat.com https://pay.sandbox.datatrans.com https://pay.datatrans.com https://recaptcha.net https://www.google.com https://www.gstatic.com/recaptcha/ https://bat.bing.com https://snap.licdn.com https://www.gstatic.com https://*.teads.tv https://*.survalyzer.swiss https://www.awin1.com https://lantern.roeyecdn.com https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://*.adobe.com https://*.adobe.io https://*.microsoft.com https://*.fusedeck.com https://*.onetrust.com https://*.whatsapp.com https://*.cookielaw.org https://slsnlytcs.com; style-src 'self' 'unsafe-inline' https://*.axa.ch https://fonts.googleapis.com https://www.googl