bancoomeva.com.co

HTML metadata

Title: Bancoomeva - Soluciones financieras de ahorro y crédito
Description: Te ofrecemos productos de ahorro y crédito para vehículo, vivienda, educación, viajes o lo que quieras comprar, con excelentes tasas de interés.
Language: es
Canonical: https://www.bancoomeva.com.co/

Open Graph

url: https://www.bancoomeva.com.co/
title: Bancoomeva - Soluciones financieras de ahorro y crédito
locale: es_la
site name: Bancoomeva
description: Te ofrecemos productos de ahorro y crédito para vehículo, vivienda, educación, viajes o lo que quieras comprar, con excelentes tasas de interés.
locale:alternate: es_es

Technology

Server: nginx

Analytics

Google Tag Manager

Third-party hosts loaded (5)

www.googletagmanager.com×2
d335luupugsy2.cloudfront.net×1
translate.google.com×1
widget02.wolkvox.com×1
www.google.com×1

Social

Contact

Phone

DNS records live

NS

ns1-34.azure-dns.com
ns2-34.azure-dns.net
ns3-34.azure-dns.org
ns4-34.azure-dns.info

MX

10 ns2.coomeva.com.co

TXT

Show 6 TXT records

dd13504jfhqfmxsym7r3wtwws46zj4hl
spf2.0/pra mx ip4:200.1.126.11 ip4:200.1.126.42 ip4:200.1.126.24 -all
mwPtcoze80VQ/EDxufEy6IB0mLmx9+90QwAdkbXyGZI=
_locxnsnoezy84su9gzmsqa84n3natdh
tbB/Q/Ucje4fPpjf2cwO97Pjm7eJlWrSAAs0+HaAJ84=
Y1ZBjrKt7B+exoDIt6jtyF8BnFPKNHoz/wjQinx/OvA=

Verified for

GlobalSign
Google

Email authentication strong

SPF

v=spf1 mx ip4:200.1.126.11 ip4:200.1.126.42 ip4:200.1.126.24 ip4:144.202.44.87 include:_spf.mlsend.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:dmarc@bancoomeva.com.co

policy: quarantine · sp=quarantine

DKIM

s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1cUVnHh5YfmvyLg0n5vsnWL5W4JjnriJhEAtDU0WQQHL38sxm/tHNFBSOsbO6BJU3yR9wifGF9ZHQsTl/Z…
s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiC7hfLCHRcaFK5GqUdCl8Fm9aihtBfauFYmIQUJf3exkL5uXlKppmDT28dKZnmlpLIY/iuhbCKeV5Sx+A…

selectors probed

Certificate (current)

Sectigo Public Server Authentication CA DV R36

from 2025-10-01 to 2026-10-15

Expires in 147 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://www.bancoomeva.com.co/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin
x-frame-options: SAMEORIGIN
permissions-policy: geolocation=(),midi=(),sync-xhr=(self 'https://www.bancoomeva.com.co/*'),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self 'https://www.bancoomeva.com.co/*'),payment=()
x-content-type-options: nosniff
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.tiktok.com/ https://pruebas-coomeva.nexura.com/ https://widget02.wolkvox.com https://youtube.com https://www.googleadservices.com https://unpkg.com https://www.facebook.com https://connect.facebook.net https://d335luupugsy2.cloudfront.net https://googleads.g.doubleclick.net https://trackcmp.net https://www.clickcease.com https://bundle.run https://tweetnacl.js.org https://cdn.jsdelivr.net https://botai.smartdataautomation.com https://chat01.ipdialbox.com https://chat01.wolkvox.com https://widget.manychat.com https://referidos.coomeva.com.co https://chat01.ipdialbox.com https://www.coomeva.com.co https://cdnjs.cloudflare.com https://code.jquery.com https://core.pengi.co https://core.pengi.co:3001 https://digital.coomeva.com.co *.tableau.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com https://assets.zendesk.com https://connect.facebook.net *.hotjar.com *.twitter.com *.twimg.c
strict-transport-security: max-age=31536000; includeSubDomains