airbnb.com
22 technologies detected across 12 categories. Scanned 49 minutes ago.
What the stack tells you
Airbnb's stack is the most defensive in this batch, and it's the only one in the group running Akamai instead of Cloudflare. That alone places them in a different cohort. Akamai is the enterprise-grade choice you make when your traffic profile includes meaningful fraud risk, geographic edge requirements (every country, every regulation), and a procurement team that wants SLAs in writing. Cloudflare is the choice you make when you want to ship fast and pay per request. Airbnb's been at scale long enough that the Akamai contract probably predates Cloudflare being a serious competitor at their tier.
The anti-fraud layering is the headline finding. Akamai Bot Manager is already running at the edge, and on top of that they've stacked GeeTest and Arkose Labs. Three separate bot-mitigation vendors on one property. Nobody runs three CAPTCHA-class systems unless they've been measurably losing money to scrapers and credential-stuffing attacks. GeeTest leans visual-puzzle, Arkose Labs leans game-style interactive, and Bot Manager is silent passive scoring. Reading that combination tells you Airbnb sees distinct attacker populations and is routing them to different challenge types based on signal. That's a fraud-team maturity tell.
The payment surface is the other striking detail. Plaid, PayPal, and Klarna are all live on the marketing domain, which means checkout embeds are reaching deep enough into top-level pages that detection scripts find them. Klarna in particular is interesting: it implies they're pushing buy-now-pay-later for stays, which is a 2024-onward behavior shift. Airbnb is no longer just a marketplace, it's also a consumer-credit funnel.
Underneath, Ruby is the expected Rails-era heritage, and Envoy as a service-mesh proxy signals they've done the microservices migration properly rather than half-heartedly. RequireJS surviving in detection alongside React is the artifact of a frontend that's been continuously deployed for fifteen years and never had a full rewrite window.
The signal
Airbnb's stack is a museum of fraud history layered over a service-mesh backbone, and the BNPL integrations show they're monetizing intent more aggressively than the brand suggests.
Miscellaneous
- HTTP/3
HTTP/3 is the third major version of the Hypertext Transfer Protocol used to exchange information on the World Wide Web.
- Open Graph
Open Graph is a protocol that is used to integrate any web page into the social graph.
- PWA
Progressive Web Apps (PWAs) are web apps built and enhanced with modern APIs to deliver enhanced capabilities, reliability, and installability while reaching anyone, anywhere, on any device, all with a single codebase.
Security
- Akamai Bot Managerpoa
Akamai Bot Manager detect bots using device fingerprinting bot signatures.
- Arkose Labspoa
Arkose Labs is a toolkit for fraud prevention that provides solutions to detect and mitigate malicious activity across digital platforms.
- GeeTestpoa
GeeTest is a CAPTCHA and bot management provider, protects websites, mobile apps, and APIs from automated bot-driven attacks, like ATO, credential stuffing, web scalping, etc.
- HSTS
HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.
JavaScript frameworks
- React
React is an open-source JavaScript library for building user interfaces or UI components.
- RequireJS
RequireJS is a JavaScript library and file loader which manages the dependencies between JavaScript files and in modular programming.
- Svelte
Svelte is a free and open-source front end compiler created by Rich Harris and maintained by the Svelte core team members.
Payment processors
- Klarna Checkoutpayg · low · recurring
Klarna Checkout is a complete payment solution where Klarna handles a store's entire checkout.
- PayPalpayg
PayPal is an online payments system that supports online money transfers and serves as an electronic alternative to traditional paper methods like checks and money orders.
- Plaidpayg · recurring
Plaid is a fintech company that facilitates communication between financial services apps and users' banks and credit card providers.
CDN
- Akamaipoa
Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.
JavaScript libraries
- Preact
Preact is a JavaScript library that describes itself as a fast 3kB alternative to React with the same ES6 API.
Performance
- Priority Hints
Priority Hints exposes a mechanism for developers to signal a relative priority for browsers to consider when fetching resources.
Programming languages
Reverse proxies
- Envoy
Envoy is an open-source edge and service proxy, designed for cloud-native applications.
UI frameworks
- SvelteKit
SvelteKit is the official Svelte framework for building web applications with a flexible filesystem-based routing.
Web servers
- Nginx
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
Web frameworks
- Ruby on Rails
Ruby on Rails is a server-side web application framework written in Ruby under the MIT License.
How we detected this
We analyze the public homepage of airbnb.com against a library of common third-party tools and frameworks - SaaS vendors, analytics, CDNs, payment processors, frontend frameworks, and dev infrastructure.
Results reflect what's observable on the public homepage at scan time. Tools that load only after sign-in or specific user interactions may not appear.
Get hiring intent for airbnb.com.
JobsPipe's real-time job-data API surfaces hiring signals 1-2 quarters before contact-data vendors catch them. Tech stack tells you what they have; hiring tells you what they're about to add.
Get the API