nequi.com.co

HTML metadata

Title

Nequi - Usa tu plata sin cuota de manejo desde el celu

Description

Haz compras, envía, recibe, organiza y ahorra plata desde tu celu. Si necesitas ¡también te prestamos! Descarga tu Nequi y úsalo física o virtualmente

Language

es-CO

Canonical

https://www.nequi.com.co

Translations

es ×2

Open Graph

title: Nequi - Usa tu plata sin cuota de manejo desde el celu
description: Haz compras, envía, recibe, organiza y ahorra plata desde tu celu. Si necesitas ¡también te prestamos! Descarga tu Nequi y úsalo física o virtualmente

Technology

CDN: Cloudflare

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (7)

cdn.prod.website-files.com×37
cdn.jsdelivr.net×2
ajax.googleapis.com×1
d3e54v103j8qbb.cloudfront.net×1
fonts.googleapis.com×1
fonts.gstatic.com×1
www.googletagmanager.com×1

Social

Contact

Phone

3006000100

DNS records live

NS

ns-1353.awsdns-41.org
ns-1765.awsdns-28.co.uk
ns-6.awsdns-00.com
ns-965.awsdns-56.net

MX

10 inbound-smtp.us-east-1.amazonaws.com

TXT

proxy-ssl.webflow.com
ekkwHQn6Mt6QtJNEYsZBW5dns16iN2xLMP72YuXN9AI=

Verified for

GlobalSign
Google
Meta

Email authentication strong

SPF

v=spf1 include:mail.zendesk.com include:amazonses.com include:sendgrid.net include:email-messaging.com include:spf1.masivapp.com include:_spf.us.sendclean.net -all

strict (-all)

DMARC

v=DMARC1; p=reject; fo=1; pct=100; ri=86400; rua=mailto:bancolombia@rua.agari.com; ruf=mailto:bancolombia@ruf.agari.com,mailto:dmarc@bancolombia.com.co

policy: reject (enforced)

DKIM

s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtS3Z9qSo9IOIVPhonk45zA+SqcwwQZ/gOqYplrjkXdo7c48zaCpM2lY0nsl2v0m7jvHtM3t/q5+HHbgl7…
s2: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCuMByOYo3aEWY2vhx2GoPusDQu5R4ZV2JhZe2nrWjmhGw8Foot+NzwrXL1RV3A9ZRjIaLQ1GJm5Mf1jUqwoC7aJ7…
smtpapi: k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPtW5iwpXVPiH5FzJ7Nrl8USzuY9zqqzjE0D1r04xDN6qwziDnmgcFNNfMewVKN2D1O+2J9N14hRprzByFwfQW76…

selectors probed

Certificate (current)

E7

from 2026-05-01 to 2026-07-30

Expires in 71 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 80/100 Checked live page: https://www.nequi.com.co/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources
missing Referrer Policy
missing Permissions Policy

Header values

x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://delfosn8n-datalab.nequi.io/ https://captcha-pdn.bancadigital.com.co/ https://b2b-experiences.nequi.com.co/ https://cdnjs.cloudflare.com/ https://b2b-experiences-dev.bancadigital.com.co/ https://b2b-experiences-qa.bancadigital.com.co/ https://captcha-qa.bancadigital.com.co/ https://www.googletagmanager.com/ https://*.dy-api.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.4.6/* https://fonts.googleapis.com https://fonts.gstatic.com https://zendesk-eu.my.sentry.io https://web-components-dev.bancadigital.com.co/ https://sdk.twilio.com https://eventgw.twilio.com wss://nequi.zendesk.com wss://voice-js.roaming.twilio.com https://ajax.googleapis.com wss://api.smooch.io https://sdk.twilio.com https://zendesk-eu.my.sentry.io https://media.smooch.io https://api.smooch.io https://nequi.zendesk.com/ https://ekr.zendesk.com https://ekr.zdassets.com https://static.zdassets.com 'unsafe-inline' *.website-files.com cdn.jsdelivr.net https://ajax.googleapis.com fonts.googlea
strict-transport-security: max-age=31536000; includeSubDomains; preload