indexo.dev

bcj.ch

.ch crawl

First seen 2026-05-28 · Last seen 2026-05-31 · ok HTTP/1.1 200 1242 ms crawled 2026-05-31

CH · 193.223.21.52 · AS3303 Bluewin

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
Bienvenue sur le site Internet la Banque Cantonale du Jura
Language
fr-CH
Generator
IceCube2.Net
Canonical
https://www.bcj.ch/fr/Accueil/Epargnez-en-toute-intelligence.html
Feeds

Open Graph

url
https://www.bcj.ch/fr/Accueil/Epargnez-en-toute-intelligence.html
title
Bienvenue sur le site Internet la Banque Cantonale du Jura

Technology

Server
Apache
Analytics
  • Google Tag Manager

Third-party hosts loaded (2)

  • platform-api.sharethis.com×1
  • www.googletagmanager.com×1

Social

Contact

Phone

DNS records live

NS
  • dns1.swisscom.com
  • dns2.swisscom.com
  • dns3.swisscom.com
MX
  • 10 mail.swisscom.com
  • 20 mail10.swisscom.com
  • 20 mail20.swisscom.com
TXT
  • swisssign-check=e7qwdw4pdV_STzzAqvapwvpQDRg
  • newsletter.infomaniak.com
Verified for
  • Apple
  • Atlassian
  • Microsoft 365

Email authentication partial

SPF
v=spf1 ip4:93.174.189.245 ip4:159.29.69.11 ip4:159.29.69.10 include:spf.swisscom.com include:myr.is ~all
softfail (~all)
DMARC
v=DMARC1; p=none; pct=100; rua=mailto:reports-rua@bcj.ch; ruf=mailto:reports-ruf@bcj.ch;
policy: none (monitoring only)
DKIM
no key found at common selectors

Certificate (current)

Sectigo Public Server Authentication CA DV R36
from 2025-08-19 to 2026-09-19
Expires in 110 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.bcj.ch/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • permissions-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
Header values
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), camera=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), payment=(self), usb=(self), xr-spatial-tracking=(self)
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' ; worker-src 'self' blob:; script-src 'self' localhost 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' www.google-analytics.com count-server.sharethis.com buttons-config.sharethis.com platform-api.sharethis.com *.sharethis.com www.googletagmanager.com ssl.google-analytics.com widget.usersnap.com resources.usersnap.com static-cl.icecubeapps.com https://cdn.curator.io *.tawk.to *.sendbird.com assets.bcj.ch connect.facebook.net *.doubleclick.net;
strict-transport-security
max-age=31536000; includeSubDomains; preload

Links to (6)

Linked from (3)