indexo.dev

bancfirst.bank

.bank user

First seen 2026-06-02 · Last seen 2026-06-02 · ok HTTP/1.1 200 2131 ms crawled 2026-06-02

US · 44.218.135.117 · AS14618 Amazon.com, Inc.

Reputation 100/100

sector finance type blog

HTML metadata

Title
BancFirst | Bank in Oklahoma | Accounts | Loans
Description
BancFirst in Oklahoma offers a variety of personal and business banking services including accounts, loans, treasury services and more. Explore online.
Language
en

Open Graph

url
https://www.bancfirst.bank/
title
BancFirst | Bank in Oklahoma | Accounts | Loans
description
BancFirst in Oklahoma offers a variety of personal and business banking services including accounts, loans, treasury services and more. Explore online.

Technology

Server
nginx
CMS
Ghost
Analytics
  • Google Tag Manager
Fonts
  • Google Fonts
Social widgets
  • YouTube Embed

Third-party hosts loaded (5)

  • www.bancfirst.bank×19
  • fonts.googleapis.com×1
  • platform-api.sharethis.com×1
  • www.googletagmanager.com×1
  • www.youtube.com×1

Social

Contact

Phone
Address
100 North Broadway, 73102, Oklahoma, OK, USA

DNS records live

NS
  • dns1.bancfirst.bank
  • dns2.bancfirst.bank
MX
  • 5 smail.bancfirst.bank
  • 5 smail2.bancfirst.bank
Verified for
  • Anthropic

Email authentication strong

SPF
v=spf1 mx ip4:12.189.176.33 ip4:69.84.91.254 ip4:149.72.198.89 ip4:67.210.88.0/24 ip4:63.156.189.0/24 ip4:68.232.131.237 ip4:68.232.137.69 ip4:68.232.141.148 ip4:63.117.120.96/27 ip4:63.38.149.224/27 include:amazonses.com include:_spf1.lanxtra.com exists:%{i}._spf.sparkpostmail.com ip4:63.117.120.96/27 ip4:69.38.149.224/27 ip4:208.252.57.192/27 include:_spf.mailgun.org include:_spf.eu.mailgun.org include:spfhost.messageprovider.com include:spf.mandrillapp.com -all
strict (-all)
DMARC
v=DMARC1;p=reject;sp=reject;adkim=s;rua=mailto:dmarc.report@bancfirst.bank;ruf=mailto:dmarc.report@bancfirst.bank
policy: reject (enforced) · sp=reject
DKIM
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQUNgH4TvytAheV1gLSV1QeK7tiFAypdIzaj2k3T1ROsgS/kVDbznmddgizCRNudAdNvIl0ATnQav1rNgN…
  • s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC46t71TxvmaFCnafqNL/HJE/Bu+n3VPeT+Vg1YV0+hhZ6JgPBsS9T2xpBCE0BHl4BEjum16GWVRGv8PsHK1Ol4r2…
selectors probed

Certificate (current)

E7
from 2026-05-11 to 2026-08-09
Expires in 67 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.bancfirst.bank/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
script-src *.bancfirst.tv *.facebook.net *.cloudflare.com *.youtube.com *.googletagmanager.com *.sharethis.com *.basis.net *.wave2.io *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.bancfirst.bank *.googleapis.com 'unsafe-inline' ; object-src 'none'; frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem *.bancfirst.bank *.facebook.net *.youtube.com *.cloudflare.com *.google.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.google-analytics.com 'unsafe-inline' *.wave2.io *.wave2locator.com
strict-transport-security
max-age=31536000; includeSubDomains; preload

Links to (13)