bancastato.ch

.ch crawl

First seen 2026-05-20 · Last seen 2026-05-31 · ok HTTP/1.1 200 2285 ms crawled 2026-05-27

CH · 51.96.193.150 · AS16509 Amazon.com, Inc.

Reputation 89/100 weak security headers dmarc monitor-only

Classifying

HTML metadata

Title: BancaStato: soluzioni finanziarie per aziende e privati | BancaStato
Description: L'Istituto offre sul territorio cantonale, tutti i servizi e i prodotti di una banca universale: dalla concessione di crediti a privati e aziende, al traffico dei pagamenti, all'amministrazione dei patrimoni.
Language: it
Canonical: https://www.bancastato.ch/

Open Graph

url: https://www.bancastato.ch/
title: BancaStato: soluzioni finanziarie per aziende e privati | BancaStato
site name: BancaStato
description: L'Istituto offre sul territorio cantonale, tutti i servizi e i prodotti di una banca universale: dalla concessione di crediti a privati e aziende, al traffico dei pagamenti, all'amministrazione dei patrimoni.

Technology

CDN: Amazon CloudFront
Server: nginx
CMS: Next.js

Analytics

Matomo

Cookie consent

OneTrust

Third-party hosts loaded (3)

images.ctfassets.net×17
cdn.cookielaw.org×2
cdn.matomo.cloud×1

Social

Contact

Phone

091 803 71 11

DNS records live

NS

dns1.swisscom.com
dns2.swisscom.com
dns3.swisscom.com

MX

10 mail.swisscom.com
20 mail10.swisscom.com
20 mail20.swisscom.com

TXT

Show 5 TXT records

swisssign-check=B2N63HSvit6SAKKIZnd2IGqulxyH9JEOilKWuTy5Sj
swisssign-check=KF_dnWyRyesIEzUblyUl3gGaM0U
atlassian-sending-domain-verification=c8d284fd-123d-41a6-8553-3c7249ef64c8
swisssign-check=E5yamWp2-v6zefTx93s68Nc8j3U
swisssign-check=62UFrReE_AkoHVza1BKvk5Y1qnM

Email authentication partial

SPF: v=spf1 include:spf.swisscom.com include:amazonses.com a:mail.tinext.net -all
strict (-all)
DMARC: v=DMARC1; p=none; pct=100; rua=mailto:reports-rua@bancastato.ch; ruf=mailto:reports-ruf@bancastato.ch
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

Thawte EV RSA CA G2

from 2025-11-28 to 2026-12-30

Expires in 212 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 40/100 Checked live page: https://www.bancastato.ch/

present

content-security-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing content type protection
missing Referrer Policy
missing Permissions Policy

Header values

content-security-policy: default-src 'self'; img-src 'self' data: *.matomo.cloud images.ctfassets.net *.gstatic.com *.googleapis.com https://online.flippingbook.com https://cdn.cookielaw.org https://www.inlinea.ch ; media-src 'self' ; frame-src 'self' www.google.com google.com https://www.recaptcha.net https://recaptcha.net www.youtube.com player.vimeo.com https://www.newhome.ch https://bs.ticinoenergia.ch https://online.flippingbook.com https://financial-calculator-iframe.braingroup.ch https://financial-calculator.braingroup.ch ; frame-ancestors 'self' https://app.contentful.com https://*.ctfcloud.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.matomo.cloud *.googleapis.com www.google.com google.com https://www.gstatic.com https://www.recaptcha.net https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com https://online.flippingbook.com https://www.inlinea.ch https://inlinea.ch https://d33i2vgywgme2s.cloudfront.net ; script-src-elem