Citibankonline.com is built with the following tech stack:
Document Standards
X-UA-Compatible
Allows a website to define how a page is rendered in Internet Explorer 8, allowing a website to decide to use IE7 style rendering over IE8 rendering.
Cascading Style Sheets
Cascading Style Sheets (CSS) is a stylesheet language used to describe the presentation of a document written in a markup language. Its most common application is to style web pages written in HTML
Javascript
JavaScript is a scripting language most often used for client-side web development.
JSON-LD
JSON-LD, or JavaScript Object Notation for Linked Data, is a method of transporting Linked Data using JSON.
WAI-ARIA
A way to make Web content and Web applications more accessible to people with disabilities. It especially helps with dynamic content and advanced user interface controls developed with Ajax, HTML, JavaScript, and related technologies.
HTML5 DocType
The DOCTYPE is a required preamble for HTML5 websites.
HTML 5 Specific Tags
This page contains tags that are specific to an HTML 5 implementation.
Content Security Policy
Content Security Policy is a computer security concept, to prevent cross-site scripting XSS attacks.
X-XSS-Protection
X-XSS-Protection is a HTTP header set by Internet Explorer 8+. This header lets domains toggle on and off the "XSS Filter" of IE8, which prevents some categories of XSS attacks.
Content Type Options
Used to disable MIME-sniffing for a particular HTTP response.
Referrer Policy
Requests made from a document, and for navigations away from that document are associated with a Referrer header. This policy determines in the browser should send a referrer or not.
Strict Transport Security
The HTTP Strict-Transport-Security (HSTS) header instructs the browser to only use https.
Document Encoding
UTF-8
UTF-8 (8-bit UCS/Unicode Transformation Format) is a variable-length character encoding for Unicode. It is the preferred encoding for web pages.
Mobile
Viewport Meta
This page uses the viewport meta tag which means the content may be optimized for mobile content.
SSL Certificates
HSTS
Forces browsers to only communicate with the site using HTTPS.