indexo.dev

bnpparibas-pf.co.uk

.uk crawl

First seen 2026-04-14 · Last seen 2026-05-08 · ok HTTP/1.1 200 5755 ms crawled 2026-05-08

GB · 185.3.93.41 · AS63949 Akamai Connected Cloud

Reputation 100/100

Classifying

HTML metadata

Title
Welcome to BNP Paribas Personal Finance in the UK | Home
Language
en

Technology

Server
Web
Analytics
  • Google Tag Manager

Third-party hosts loaded (1)

  • www.googletagmanager.com×1

Social

Registration

Registrar
Nameshield SAS
Created
2015-10-30
Expires
2026-10-30 161 days left
Updated
2025-10-28
Name servers
  • ns1.bnpparibas.com.
  • ns2.bnpparibas.com.
  • ns3.domivesta.net.
  • ns4.domivesta.com.

DNS records live

NS
  • ns1.bnpparibas.com
  • ns2.bnpparibas.com
  • ns3.domivesta.net
  • ns4.domivesta.com
MX
  • 10 smtp-in-internet-usr-m.gslb.srv.bnpparibas
TXT
Show 12 TXT records
  • _y2utiif1fx30ase4rdbnzepi3h9597n
  • _jd9oubyr7lb60sobygmhdselo1b8675
  • _5274l4chxnno6cmoznsi6mj7mirmk69
  • j7kmkm9d3t10z714m74pvty23dcczv97
  • zscaler-verification-242570-28082025-rpIs9t
  • 86fqh212lwftbm5md1hkfkqtz35f7sdj
  • c4e2f57f11254e0da3aca7efe90c8b8f
  • v83l6d6lvw9xx2ls86dnbsh2j4q4sgp5
  • ibmid=a2901ffc-40a5-4d48-afa1-b93e040c5aab
  • _g79odrjsf9ui56hh1zv87kfz8iyyqs1
  • _ua9mci5b5pdmra0woqigyftm9cxajh5
  • _vtgs4rqeakr9kbfwsas42uiszx3z3zo
Verified for
  • Adobe
  • Apple
  • Google
  • Microsoft 365

Email authentication strong

SPF
v=spf1 include:p._spf.bnpparibas.com mx a ip4:194.75.57.170 ip4:194.75.57.171 ip4:155.140.80.165 ip4:155.140.80.166 -all
strict (-all)
DMARC
v=DMARC1; p=reject; fo=1; rua=mailto:f1rg2pej@ag.eu.dmarcian.com; ruf=mailto:f1rg2pej@fr.eu.dmarcian.com
policy: reject (enforced)
DKIM
no key found at common selectors

Certificate (current)

DigiCert Global G2 TLS RSA SHA256 2020 CA1
from 2025-09-30 to 2026-10-07
Expires in 138 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.bnpparibas-pf.co.uk/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
  • cross-origin-embedder-policy
  • cross-origin-resource-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
origin-when-cross-origin
x-frame-options
DENY
x-content-type-options
nosniff
content-security-policy
default-src 'self' ; script-src 'self' 'sha256-AXIIM4FqCo1K0BX1hMIT/+4imm0zG/aDGzoTP0A8q84=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'unsafe-inline' 'sha256-7Rmf0M+AlA8dyJwh+VAXGgNPMvacYWhYOqaiz0GQSLE=' 'sha256-xG8h8nPVztVuDTWTMm17kzX9GfRyD3uptC9YRlKQv6k=' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ ; img-src 'self' *.cookielaw.org https://cdn.bnpparibas-pf.co.uk https://maps.googleapis.com/ https://maps.gstatic.com/ www.googletagmanager.com www.google-analytics.com data: i.picsum.photos picsum.photos ; connect-src 'self' https://bnp-privacy.my.onetrust.com/request/v1/consentreceipts https://mail-api.haywyre.co.uk https://privacyportal-eu.onetrust.com/ *.google-analytics.com cdn.cookielaw.org https://*.doubleclick.net https://*.hotjar.com https://in.hotjar.com https://vc.hotjar.io www.googletagmanager.com https://maps.googleapis.com/ geolocation.onetrust.com ; font-src 'self' https://fonts.gstatic.com/ ; object-src 'none' ; frame-src https://www.yout
strict-transport-security
max-age=31536000;includeSubDomains;preload, max-age=63072000
cross-origin-opener-policy
same-site
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
same-site

Links to (5)

Linked from (1)