citigroup.com

HTML metadata

Title: Citi | Global Investment Bank and Financial Services
Description: Citi is a leading global bank for institutions with cross-border needs, a global provider in wealth management and a U.S. personal bank.
Language: en
Canonical: https://www.citigroup.com/global

Open Graph

url: https://www.citigroup.com/global
title: Citi | Global Investment Bank and Financial Services
description: Citi is a leading global bank for institutions with cross-border needs, a global provider in wealth management and a U.S. personal bank.

Technology

CDN: Akamai
Server: Apache
CMS: Next.js

Third-party hosts loaded (1)

content.citivelocity.com×4

Registration

Registrar

CSC Corporate Domains, Inc.

Created

1998-04-06

Expires

2032-04-05 2148 days left

Updated

2023-02-03

Name servers

ns1.nsroot1.com
ns2.nsroot2.com

DNS records live

NS

ns1.nsroot1.com
ns2.nsroot2.com

MX

5 mx-a.mail.citi.com
5 mx-b.mail.citi.com

TXT

Show 15 TXT records

google-site-verification=Lu5ecxuGzVLD5xOgdMcF244KOFnquxxCegkBp8DUuBY
google-site-verification=B2RTefeDQDD6q_djOf22I7ncFCBM1hs0OuR29V5rbbo
globalsign-domain-verification=5333822B44304398DE567C2747872C29
paloaltonetworks-site-verification=3882d978b07397802d48b9068f445c4de7b6e8fc234da8251d8d77cc0e055342
facebook-domain-verification=2amqbctg7cv6hq0dxq4tf107b3y0zn
google-site-verification=jyExexYbISl-RPnkFRcw-mDH_aR3jJH71dDGXCNvAUQ
google-site-verification=aFfLeCV8R5dO_bwkfnkyLB-RaRNaZ_vYRC_yM_z6rSM
google-site-verification=W1oZvZ4pAy7ASU5vtQdbeLvsM-BLaTkQqUKHkEfkKW8
postman-domain-verification=b0973f7c46e67edf55bb3d7f0de30d91ae3c1329d2512ad912375d873557ec111f5e579af0d3e0903d8ff7cf1ebfb3c9e219bbdbf12203912f850ab59087acee
google-site-verification=fFBk708T6VrNiFf8tgKZCw8vlZRvagtVZl-EnvQcOzY
MS=ms92288257
webexdomainverification.9L49J=8ea68d0a-1e43-4ae8-9f61-f0dc3a1ba394
google-site-verification=a5KdIF5qvy8oEnllolMuPZkvHZiN39w_Sc_wqWtJZDI
cisco-ci-domain-verification=4ff6832706517f60b04d042675c64a5525964fb03e1eb52365349b8b765063df
MS=617A9E7598377F278D9D3B8CEBB893E897E4391D

Email authentication strong

SPF: v=spf1 a:1._spf.citigroup.com a:2._spf.citigroup.com include:spf-00123c01.pphosted.com redirect=ext1._spf.citigroup.com
no all qualifier
DMARC: v=DMARC1; p=reject; rua=mailto:dmarc_rua@emaildefense.proofpoint.com,mailto:dmarc.reports.rua@citi.com
policy: reject (enforced)
DKIM: no key found at common selectors

Certificate (current)

DigiCert EV RSA CA G2

from 2026-04-10 to 2026-10-09

Expires in 143 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.citigroup.com/global

present

strict-transport-security
content-security-policy
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing frame protection
missing Permissions Policy

Header values

referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-ancestors 'self'; frame-src 'self' https://brand-studio.fortune.com https://kvgo.com https://*.kaltura.com https://citigroup.gcs-web.com https://www.citivelocity.com https://*.doubleclick.net https://*.citi.com https://www.youtube.com https://youtu.be https://vimeo.com https://player.vimeo.com https://content.knowledgevision.com; font-src 'self' https://*.kaltura.com https://content.citivelocity.com/; img-src 'self' data: https://*.kaltura.com https://*.doubleclick.net https://*.linkedin.com https://*.citibank.com https://*.citi.net https://www.citivelocity.com https://t.co https://analytics.twitter.com https://*.omtrdc.net https://www.facebook.com; media-src 'self' https://content.citivelocity.com https://*.citi.com https://*.kaltura.com https://www.citivelocity.com https://www.youtube.com https://youtu.be https://vimeo.com https://player.vimeo.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://report.customerexperi
strict-transport-security: max-age=63072000; includeSubdomains; preload