grupobancolombia.com

HTML metadata

Title

Grupo Bancolombia

Description

Grupo financiero líder con más de 146 años de experiencia. Promovemos el desarrollo económico sostenible para lograr el bienestar de todos. Conócenos aquí.

Language

es_CO

Canonical

https://www.grupobancolombia.com

Translations

es

Open Graph

url: https://www.grupobancolombia.com/es
title: Grupo Bancolombia
site name: Bancolombia
description: Grupo financiero líder con más de 146 años de experiencia. Promovemos el desarrollo económico sostenible para lograr el bienestar de todos. Conócenos aquí.

Technology

CDN: Amazon CloudFront

Analytics

Google Tag Manager

Third-party hosts loaded (3)

cdnjs.cloudflare.com×1
library-sdb.apps.bancolombia.com×1
www.googletagmanager.com×1

Registration

Registrar

CCI REG S.A.

Created

2006-08-24

Expires

2028-08-24 826 days left

Updated

2025-04-25

Name servers

ns1.bluecatdns.com
ns1.bluecatdns.net
ns1.bluecatdns.org

DNS records live

NS

ns1.bluecatdns.com
ns1.bluecatdns.net
ns1.bluecatdns.org

TXT

Show 7 TXT records

t5dnc6ns1vw37fztxkng751bqfwh6f1f
MMFuwlZ1F5cGB3WxrLwOryL0qqaDHURByqKR6dw1i2o=
NJNpWXClQl8Xuc4bZG/sUsKqaJQ7OWlEsnX+QHaZP2o=
_accesodigitalpyme.grupobancolombia.com
_dzKKhVGu-2khoyM2shhuwOfUnAniBKr8es2WrZK1m0
m9z45jwn53xt48hv8glhdc9pgzvrzrgb
mltgsxzzbv7781xzqzjsby6b82798ssx

Verified for

GlobalSign
Google
Meta

Email authentication no MX

SPF: v=spf1 exists:%{i}._i.%{d}._d.espf.agari-dns.net include:%{d}.23.spf-protect.agari-dns.net -all
strict (-all)
DMARC: v=DMARC1; p=reject; fo=1; ri=86400; rua=mailto:bancolombia@rua.agari.com; ruf=mailto:bancolombia@ruf.agari.com,mailto:dmarc@bancolombia.com.co
policy: reject (enforced)
DKIM: no key found at common selectors

Certificate (current)

GlobalSign GCC R3 EV TLS CA 2025

from 2026-02-18 to 2027-03-22

Expires in 306 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.grupobancolombia.com/es

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Permissions Policy

Header values

referrer-policy: strict-origin
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' *.ambientesbc.com *.bancolombia.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ambientesbc.com *.bancolombia.com *.hotjar.com *.spreaker.com https://static.hotjar.com/ https://cdn.jsdelivr.net/ https://www.googleoptimize.com/ *.googleapis.com *.doubleclick.net *.bancolombia.com *.cloudflare.com *.googletagmanager.com *.dynamicyield.com *.segment.com *.segment.io *.youtube.com *.tiktok.com *.facebook.net *.google.com *.gstatic.com;img-src 'self' data: *.ambientesbc.com *.bancolombia.com https://yt3.ggpht.com/ *.ffycdn.net *.cloudfront.net *.youtube.com i.ytimg.com *.facebook.com *.googletagmanager.com *.google.com.co *.gstatic.com;media-src 'self' *.cloudfront.net *.spreaker.com *.ffycdn.net *.youtube.com blob: data:;frame-src 'self' *.spreaker.com *.googletagmanager.com *.youtube.com *.doubleclick.net *.google.com;style-src 'self' 'unsafe-inline' *.ambientesbc.com *.bancolombia.com https://unpkg.com/ https://cdn.jsdelivr.net/ *.gstatic.com;connect-src 'self' *
strict-transport-security: max-age=31536000;