🌐

citypass.com

✓ HTTPS ✓ HTTP/2 ✓ Gzip 60.0% ⚡ 30239ms
citypass.com Overview

Get a snapshot of citypass.com's online performance, security posture, and technology profile.

citypass.com Website Overview & Technology Report

75
Trust Score
Likely Safe
50
Security
Headers: 3/6
30239ms
Response
Slow
10
Technologies
Detected
🤖 AI Analysis

We performed a comprehensive analysis of citypass.com on 2026-06-30. The website returned an HTTP 200 status code with a server response time of 30239ms. The page is served over HTTP/2 protocol with Gzip compression enabled, achieving approximately 60.0% size reduction. The total page weight is 369 KB, and the site is served behind a CDN (Content Delivery Network). The website uses a secure HTTPS connection with a valid SSL certificate issued by Let's Encrypt (DV type). The connection is encrypted using TLS 1.3 with the TLS_AES_256_GCM_SHA384 cipher suite and ECDSA-SHA384 signature algorithm. The certificate covers 11 domain(s) (Subject Alternative Names) and expires on 2026-09-16, which is 78 days from now. The security headers analysis reveals a score of 50/100 (moderate). The following security headers are properly configured: Strict-Transport-Security (HSTS), X-Content-Type-Options, and Referrer-Policy. However, the site is missing Content-Security-Policy, X-Frame-Options, and Permissions-Policy, which could expose the site and its users to cross-site scripting (XSS), clickjacking, and other web-based attacks. Our technology detection scan identified 10 technologies across 8 categories powering citypass.com. The detected stack includes Next.js css, Webpack, Vite, Google Analytics 4, Matomo, Google Tag Manager, VWO, Bugsnag, reCAPTCHA v3, and Adobe Fonts. The site uses Next.js as its primary framework (version css). Based on our comprehensive analysis of domain age, SSL configuration, email authentication, security headers, and blacklist status, citypass.com receives an overall trust score of 75/100, classified as "Likely Safe".

Status Code200 OK
HTTP VersionHTTP/2
Servercloudflare
Page Size369 KB
Total Requests147
3rd Party Domains16
SSL CertificateLet's Encrypt (DV) · 78 days left
TLS VersionTLS 1.3
IP Address172.66.160.78
citypass.com Trust & Safety

Evaluate trustworthiness based on age, SSL, email authentication, security headers, and blacklist status across 8 threat databases.

citypass.com Trust Score & Safety Analysis

75
Trust Score
50
Security
🤖 Trust Analysis

After conducting a thorough safety and legitimacy analysis, citypass.com receives a trust score of 75/100, which places it in the "Likely Safe" category. This score is calculated by evaluating multiple factors including SSL certificate validity, domain registration history, email authentication protocols, security header configuration, and blacklist status across major threat intelligence databases. The analysis identified several positive trust signals: a valid HTTPS connection protecting data in transit, HSTS (HTTP Strict Transport Security) enforcement preventing protocol downgrade attacks, a valid SSL certificate issued by Let's Encrypt with 78 days until expiration, SPF (Sender Policy Framework) email authentication preventing email spoofing, and DMARC email authentication with a quarantine policy. Areas of concern include: the absence of a Content-Security-Policy header, which leaves the site more vulnerable to cross-site scripting (XSS) attacks, no X-Frame-Options header, which could allow the site to be embedded in malicious iframes (clickjacking), the domain's WHOIS information is hidden behind a privacy service, making it harder to verify the owner's identity, and DNSSEC is not enabled, leaving DNS queries vulnerable to spoofing attacks. While these issues don't necessarily indicate malicious intent, they represent areas where the website's security posture could be improved. We checked citypass.com against 8 major blacklist databases including Google Safe Browsing, Phishtank, Urlhaus, Openphish, Dnsfilter, Spamhaus Dbl, Surbl, and Virustotal. The domain passed all 8 checks with a clean status, meaning it has not been flagged for phishing, malware distribution, spam, or other malicious activities by any of the tested threat intelligence providers.

HTTPS + HSTS
+12
SPF + DMARC
+6
SSL Certificate
+7
Security Headers
−5

Security Headers

Content-Security-Policy✗ Missing
HSTS✓ Set
X-Frame-Options✗ Missing
X-Content-Type-Options✓ Set
Referrer-Policy✓ Set
Permissions-Policy✗ Missing

Blacklist Checks 8/8 Clean ✓

Google Safe Browsing
Phishtank
Urlhaus
Openphish
Dnsfilter
Spamhaus Dbl
Surbl
Virustotal

Rankings & Estimates

Tranco Rank#64,526 worldwide

🔍 Analyze Your Own Website

Check your site's trust score, security headers, tech stack and 50+ metrics — completely free.

Analyze Now →
citypass.com Technology Stack 10 detected

Discover every technology powering this website — from CMS and frameworks to analytics, payments, and marketing tools.

citypass.com Technology Stack & Detected Technologies

🤖 Stack Analysis

Our technology detection engine scanned citypass.com and identified 10 distinct technologies across 8 categories. This analysis is performed by examining HTTP response headers, HTML source code patterns, JavaScript library fingerprints, CSS framework signatures, and DNS records. Framework: Next.js (version css) — provides the application framework and routing for citypass.com. Build Tool: Webpack and Vite — bundles and optimizes the JavaScript and CSS assets for citypass.com. Analytics: Google Analytics 4 and Matomo — tracks visitor behavior and provides traffic insights for citypass.com. Tag Manager: Google Tag Manager — manages marketing and analytics tags without code changes for citypass.com. A/B Testing: VWO — enables experimentation and conversion optimization for citypass.com. Monitoring: Bugsnag — monitors application performance and errors for citypass.com. Security: reCAPTCHA v3 — provides security features like bot detection and CAPTCHA for citypass.com. Fonts: Adobe Fonts — delivers web fonts for typography for citypass.com. We also extracted the following tracking identifiers: Google Tag Manager container GTM-TS59P2. These IDs can be used to identify other websites operated by the same organization.

⚛️ Framework
🔨 Build Tool
📊 Analytics
📊 Tag Manager
🧪 A/B Testing
🛡️ Monitoring
🛡️ Security
🔤 Fonts

Tracking IDs Detected

gtm_idGTM-TS59P2
citypass.com Performance & Web Vitals

Response time, compression, CDN usage, Core Web Vitals, and environmental impact metrics for citypass.com.

citypass.com Performance & Web Vitals Report

🤖 Performance Analysis

citypass.com delivers its homepage in 30239ms (server response time), which is considered slow by industry standards. The total page weight is 369 KB, and we detected 147 resource requests loading assets from 16 third-party domains. A high number of third-party domains can significantly impact page load time due to additional DNS lookups and TLS handshakes required for each domain. The website uses Gzip compression for text-based assets, achieving an estimated 60.0% reduction in transfer size. This reduces bandwidth usage and improves page load times, especially for visitors on slower connections. Asset minification status: 0 out of 2 CSS files and 0 out of 17 JavaScript files are minified. Minifying the remaining 19 unminified file(s) could further reduce page weight by 10-30% for those assets. Minification is a best practice that reduces download sizes without affecting functionality. The site is served through a Content Delivery Network (CDN), which caches static assets at edge servers around the world. This means visitors from different geographic regions receive content from the nearest edge server, significantly reducing latency. CDN usage is particularly important for websites with a global audience, as it can reduce page load times by 40-60% for distant visitors. From an environmental perspective, each page view of citypass.com produces approximately 0.18g of CO₂, earning a carbon rating of B. This places the website among the cleanest on the web, demonstrating efficient use of server resources and optimized content delivery. For reference, the average web page produces about 0.5g of CO₂ per page view. The page weight of 369 KB is the primary factor in this calculation. Core Web Vitals data from the Chrome User Experience Report (CrUX) is not available for citypass.com. This typically means the site doesn't have enough real-world Chrome user traffic to generate statistically significant field data, or the domain is not included in the CrUX dataset. Core Web Vitals (LCP, INP, CLS) are important Google ranking factors that measure real user experience.

Response Time30239ms Slow
Page Size369 KB
CompressionGzip 60.0% savings
CDNNot detected
Carbon / Page View0.18g · Rating B
citypass.com DNS & Domain Info

Complete DNS record analysis including email authentication (SPF, DMARC, DKIM), registrar details, and subdomain discovery.

citypass.com DNS Records, Email Authentication & Domain Registration

🤖 DNS Analysis

citypass.com resolves to the IPv4 address 172.66.160.78 and also supports IPv6 (2606:4700:10::6814:10b8), demonstrating modern network infrastructure readiness. The domain has 2 A record(s) configured. The domain name system is managed by 2 name servers: dave.ns.cloudflare.com and olga.ns.cloudflare.com. Having 2 name servers provides good redundancy — if one fails, the others can continue serving DNS queries. The choice of name servers often indicates the DNS hosting provider or CDN service being used. Email for citypass.com is handled by ppe-hosted.com with 2 MX records configured: mx1-us1.ppe-hosted.com and mx2-us1.ppe-hosted.com. Multiple MX records provide failover redundancy — if the primary mail server is unavailable, email will be routed to the next available server. SPF (Sender Policy Framework) is configured, which specifies which mail servers are authorized to send email on behalf of this domain. This helps prevent email spoofing and improves email deliverability. DMARC (Domain-based Message Authentication, Reporting and Conformance) is configured with a quarantine policy — a moderate setting, directing unauthorized emails to spam/junk folders. DKIM was not detected. Without DKIM, recipients cannot cryptographically verify that emails claiming to be from this domain are authentic. DNSSEC is not enabled for citypass.com. While not critical for most websites, DNSSEC adds an important security layer by ensuring DNS responses haven't been tampered with during transit. Enabling DNSSEC is recommended for domains handling sensitive data or financial transactions.

IP Address172.66.160.78
IPv62606:4700:10::6814:10b8
Nameserversdave.ns.cloudflare.com
MX Providerppe-hosted.com (mx1-us1.ppe-hosted.com)
SPF✓ Configured
DMARC✓ quarantine
DMARC Recordv=DMARC1; p=quarantine; sp=reject; rua=mailto:c998db392d02.a@dmarcinput.com; ruf=mailto:c998db392d02.f@dmarcinput.com; f
DKIM✗ Not found
DNSSEC✗ Not enabled
IPv6✓ Supported
WHOIS Privacy🔒 Private

TXT Records / Service Verifications 5

Google ✓ +4 more
citypass.com Page Analysis

Content structure, media assets, cookie usage, payment methods, and social media presence for citypass.com.

citypass.com Page Content Analysis

🤖 Content Analysis

The homepage of citypass.com contains 168 words of visible text content. This is a relatively short page — adding more descriptive content could improve search engine visibility. The page is structured with 9 H2 headings, 0 H3 headings, 0 H4 headings. The page includes 4 images. All images have proper alt text attributes ✓, which is excellent for both accessibility (screen readers) and SEO (search engines can understand image content). The link structure consists of 46 internal links pointing to other pages on the same domain and 11 external links pointing to third-party websites. There are 17 external JavaScript files, 2 CSS stylesheets, and 0 iframes on the page. The site implements the following web standards and features: XML Sitemap (helps search engines discover all pages), robots.txt (controls search engine crawling behavior), and Schema.org structured data (Brand and WebSite). We detected the following payment methods accepted on citypass.com: Visa, Mastercard, Discover, Apple Pay, Google Pay, and Affirm. Offering multiple payment options including credit cards and digital wallets improves customer trust and can increase conversion rates. The website has social media presence across 5 platforms: Facebook (@CityPASS), Twitter (@citypass), Instagram (@citypass), Linkedin (@citypass-inc-), and Pinterest (@citypass). An active social media presence is a positive trust indicator and helps build brand awareness and customer engagement.

Word Count168 words
Images4 total · 100% alt coverage
Internal Links46
External Links11
JS Files17
CSS Files2

Payment Methods

💳 Visa 💳 Mastercard 💳 Discover 💳 Apple Pay 💳 Google Pay 💳 Affirm

Social Media Presence 5 platforms

📘 Facebook 𝕏 Twitter 📸 Instagram 💼 Linkedin 📌 Pinterest
citypass.com SEO & Content Analysis

Evaluate on-page SEO factors including meta tags, Schema.org markup, content metrics, social presence, and environmental impact.

citypass.com SEO Analysis, Meta Tags & Content

🤖 SEO Analysis

The title tag for citypass.com is too long at 84 characters: "CityPASS® Official Site - Save up to 50% Off Top Tourist Attractions in Major Ci...". At 84 characters, the title will likely be truncated in Google search results (recommended: 50-60 characters). Consider shortening it while keeping the most important keywords at the beginning. The meta description is 299 characters (slightly long): "Save time and money on the best attractions with CityPASS® tickets. Available for 17 great destinations, including Atlan...". Google typically displays up to 155-160 characters of the meta description in search results. A compelling meta description with a clear call-to-action can significantly improve click-through rates from search results. The canonical url is correctly set to https://www.citypass.com/, preventing duplicate content issues, the page language is declared as en, and the meta robots directive is set to noodp,noydir. No Open Graph tags are configured. When someone shares a link to citypass.com on social media, the platform will have to guess the title, description, and image — often producing unattractive or inaccurate previews. Adding OG tags is essential for social media marketing. The site implements Schema.org structured data with the following types: Brand and WebSite. Structured data helps search engines understand the page content and can enable rich results (featured snippets, knowledge panels, star ratings) in Google search results, which can significantly increase click-through rates.

TitleCityPASS® Official Site - Save up to 50% Off Top Tourist Att
H1Top Attractions. Smart Savings. One Simple Purchase.
Word Count168 words
Images4 total
Internal Links46
External Links11
JS Files17
CSS Files2
Heading StructureH2:9
Meta Robotsnoodp,noydir
Redirect Chainhttps://citypass.comhttp://www.citypass.com/https://www.citypass.com/
MinificationJS: 0/17 minified · CSS: 0/2 minified
Sitemap✓ Found
Robots.txt✓ Found
Canonical✓ Set
Languageen
Schema.orgBrand, WebSite
Open GraphNot set
Twitter CardNot set
PWANot detected
RSS FeedNot detected
AMPNot detected
Carbon / Visit0.18g · Rating B

Google SERP Preview

CityPASS® Official Site - Save up to 50% Off Top Tourist Att
https://citypass.com
Save time and money on the best attractions with CityPASS® tickets. Available for 17 great destinations, including Atlanta, Boston, Chicago, Dallas, Denver, Hou

META TAGS & SCHEMA.ORG

META TAGS

TitleCityPASS® Official Site - Save up to 50% Off Top Tourist Att
Title Length84 chars Too long
Meta Desc Length299 chars Too long
H1Top Attractions. Smart Savings. One Simple Purchase.
Languageen
Canonical✓ Set
Meta Robotsnoodp,noydir

SCHEMA.ORG & SOCIAL

Schema TypesBrand, WebSite
OG Type
OG ImageNot set
Twitter CardNot set
FaviconNot detected

📊 Compare With Your Competitors

See how your website stacks up against citypass.com in trust, speed, security, and technology.

Compare Now →
🛡 Is this your website?

Show visitors your trust score — add a free badge to your site

Trust Score Badge Get Your Badge →