inlinea.ch

.ch crawl

First seen 2026-05-27 · Last seen 2026-05-27 · ok HTTP/1.1 200 867 ms crawled 2026-05-30

CH · 217.26.33.63 · AS197312 Avaloq Sourcing (Switzerland & Liechtenstein) SA

Reputation 100/100

Classifying

HTML metadata

Title

Technology

Server: Apache

DNS records live

NS

dns1.swisscom.com
dns2.swisscom.com
dns3.swisscom.com

TXT

_fafxunqq7hmwlzv8y5e33skg18jgniu
_kjb4r61ch8ic6cemmwyb4a6di56o4p2

Email authentication no MX

SPF: v=spf1 -all
strict (-all)
DMARC: not published
DKIM: no key found at common selectors

Certificate (current)

Thawte EV RSA CA G2

from 2026-02-13 to 2027-03-15

Expires in 287 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.inlinea.ch/auth/ui/app/auth/application/access?Location=https%3A%2F%2Fwww%2Einlinea%2Ech%2Fbscch%2Fwb%2Fui%2F

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: same-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), camera=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), payment=(self), usb=(self), xr-spatial-tracking=(self)
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/ blob: ; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ https://one-digitalservice.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws: data:;script-src-elem 'self' 'unsafe-inline' https://afp-release-ipw.webcenter.contovista.com/pfm/static/ui-pfm-afp/desktop/bootstra
strict-transport-security: max-age=31536000;includeSubDomains;preload

Linked from (1)

bancastato.ch×1