ebill.ch

HTML metadata

Title

eBill Home

Description

With eBill, you receive your invoices where you pay them: conveniently and securely, directly in your online banking. Take advantage of eBill!

Language

en

Canonical

https://www.ebill.ch/en/home.html

Translations

de
en
fr
it

Open Graph

url: https://www.ebill.ch/en/home.html
title: eBill Home
site name: SIX
description: With eBill, you receive your invoices where you pay them: conveniently and securely, directly in your online banking. Take advantage of eBill!

Technology

Analytics

Google Analytics
Google Tag Manager

Cookie consent

OneTrust

Third-party hosts loaded (5)

cdn.cookielaw.org×2
assets.juicer.io×1
www.google-analytics.com×1
www.googletagmanager.com×1
www.youtube.com×1

DNS records live

NS

a1-232.akam.net
a18-67.akam.net
a20-65.akam.net
a24-67.akam.net
a5-66.akam.net
ns1.six-group.com
ns2.six-group.com

MX

Show 8 MX records

10 mail10.six-group.com
10 mail5.six-group.com
10 mail6.six-group.com
10 mail9.six-group.com
30 mail11.six-group.com
30 mail12.six-group.com
30 mail7.six-group.com
30 mail8.six-group.com

TXT

Show 7 TXT records

safebreach-domain-verification=a052fa8f-34cb-4cc6-96c7-048fb9d73170
swisssign-check=YgQ8vV3U461jq3LvzdIcp9Y8vWn5nB0EnzjovaIIDF
swisssign-check=ZLCWEJeRbyhtNRhG5vBm5U1cL24SvvYB2gpylHErP9
swisssign-check=yyf8TalX7h1ExUzeypuxw6PlIIg
swisssign-check=d2cEN0KJG_O5MpfwL0uIfCUKbxw
swisssign-check=tVH_auO4GjTmtavEqkuDrsPE5_c
n8s3dspjyktycf8qvvc3d1x959l33xdx

Email authentication strong

SPF: v=spf1 mx ip4:46.231.207.220 -all
strict (-all)
DMARC: v=DMARC1;p=reject;rua=mailto:4be8224a45@rua.easydmarc.eu;ruf=mailto:4be8224a45@ruf.easydmarc.eu;fo=1;
policy: reject (enforced)
DKIM: no key found at common selectors

Certificate (current)

SwissSign RSA TLS OV ICA 2022 - 1

from 2026-05-05 to 2026-11-19

Expires in 183 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.ebill.ch/en/home.html

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: no-referrer, strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(self "https://www.youtube.com"), camera=(), document-domain=(), encrypted-media=(), fullscreen=(self "https://www.youtube.com"), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), sync-xhr=(self), usb=()
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.twitter.com assets.juicer.io cdns.eu1.gigya.com cdn.cookielaw.org cdn.knightlab.com code.jquery.com connect.facebook.net geolocation.onetrust.com munchkin.marketo.net optanon.blob.core.windows.net snap.licdn.com static.ads-twitter.com www.buzzsprout.com *.googletagmanager.com www.google.com *.googleadservices.com www.gstatic.com www.youtube.com *.analytics.google.com *.google-analytics.com *.googleapis.com 505-xng-882.mktoweb.com 636-tke-312.mktoweb.com webapp-qa.np.six-group.com webapp-nonprod.np.six-group.com *.googlesyndication.com *.linkedin.com *.clarity.ms c.bing.com unpkg.com *.jsdelivr.com *.promptwatch.com cdnjs.cloudflare.com six-securities.enterprisebot.co fonts.googleapis.com info.six-group.com info.finanzmuseum.ch info.ebill.ch accounts.eu1.gigya.com adservice.google.com ad.doubleclick.net cookies-data.onetrust.io graph.facebook.com info-sandbox.six-group.com privacyportal-ch.onetrust.com *.g.doubleclick.net www.ju
strict-transport-security: max-age=31536000