Not sure what you mean by “looking” at the headers, and why your statement ends with a questionmark, but you can use message header analyzers to get a clearer picture. I tested a Bitwarden verification email (for setting up email 2FA, not for new device verification) on the site appmaildev.com, and it indicated that SPF and DMARC passed, but that DKIM failed:
Expected-Body-Hash: frcCV1k9oG9oKj3dpUqdJg1PxRT2RSN/XKdLCPjaYaY=
DKIM-Result: fail (wrong body hash: TqmCtL9+DWP3XDaq9idPATg5kSIxGbjhopZ5oSZGv/4=)