indexo.dev

passes.com

.com crawl

First seen 2026-04-20 · Last seen 2026-05-19 · ok HTTP/1.1 200 3558 ms crawled 2026-05-14

US · 108.156.22.31 · AS16509 Amazon.com, Inc.

Reputation 100/100

Classifying

HTML metadata

Title
Passes - a platform for creators to scale their content and own their audiences.
Description
Passes allows creators to monetize their content and build direct relationships with their audience through subscriptions, messaging, and exclusive content.
Language
en
Canonical
https://www.passes.com/

Open Graph

url
https://www.passes.com/
title
Passes - a platform for creators to scale their content and own their audiences.
locale
en-US
site name
Passes
description
Passes allows creators to monetize their content and build direct relationships with their audience through subscriptions, messaging, and exclusive content.

Technology

CDN
Amazon CloudFront
Server
Vercel
CMS
Next.js

Third-party hosts loaded (2)

  • cdnpasses.com×125
  • www.facebook.com×1

Contact

Email

Registration

Registrar
NameCheap, Inc.
Created
1997-11-03
Expires
2026-11-02 165 days left
Updated
2025-10-03
Name servers
  • ns-1270.awsdns-30.org
  • ns-180.awsdns-22.com
  • ns-1927.awsdns-48.co.uk
  • ns-522.awsdns-01.net

DNS records live

NS
  • ns-1270.awsdns-30.org
  • ns-180.awsdns-22.com
  • ns-1927.awsdns-48.co.uk
  • ns-522.awsdns-01.net
MX
  • 1 aspmx.l.google.com
  • 10 alt3.aspmx.l.google.com
  • 10 alt4.aspmx.l.google.com
  • 5 alt1.aspmx.l.google.com
  • 5 alt2.aspmx.l.google.com
TXT
  • klaviyo-site-verification=UnRQyv
Verified for
  • Anthropic
  • Google

Email authentication strong

SPF
v=spf1 include:_spf.google.com include:mail.zendesk.com ~all
softfail (~all)
DMARC
v=DMARC1; p=quarantine; rua=mailto:dmarc@passes.com; pct=100; adkim=r; aspf=r
policy: quarantine
DKIM
  • google: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArywq9WLf9SgEWGvJei4bAolxMhF6rKOZI4iNGMcKjcIxuq7DIcWByAdwQhYwpLzeIpInOMcJg6k8Mf…
selectors probed

Certificate (current)

Amazon RSA 2048 M04
from 2026-04-02 to 2026-10-17
Expires in 149 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 85/100 Checked live page: https://www.passes.com/

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
  • referrer-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Permissions Policy
Header values
referrer-policy
origin-when-cross-origin
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https: wss: data: blob: *.posthog.com; font-src 'self' data:; frame-src 'self' elements.basistheory.com js.basistheory.com www.google.com pay.google.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com withpersona.com inquiry.withpersona.com www.printful.com cdn.plaid.com; frame-ancestors 'self'; img-src 'self' blob: data: https://cdnpasses.com www.paypal.com t.paypal.com www.sandbox.paypal.com www.paypalobjects.com www.gstatic.com storage.googleapis.com files.cdn.printful.com img.riskified.com media.tenor.com pledgeling-res.cloudinary.com www.facebook.com alb.reddit.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com t.co; media-src 'self' blob: https://cdnpasses.com https://*.live-video.net; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' applepay.cdn-apple.com cdn.withpersona.com cwamerchantservices.transactiongateway.com files.cdn.printful.com js.basistheory.com pay.google.com storage.googleapi
strict-transport-security
max-age=63072000; includeSubDomains; preload

Linked from (12)