hotel-booking-dev.americanexpress.com Open in urlscan Pro
139.71.184.147 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hotel-booking-dev.americanexpress.com/
Effective URL:
https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome
Submission: On October 23 via automatic, source certstream-suspicious (October 23rd 2024, 2:33:57 am UTC) — Scanned from DE

Summary HTTP 51 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 9 IPs in 2 countries across 4 domains to perform 51 HTTP transactions. The main IP is 139.71.184.147, located in United States and belongs to AMERICAN-EXPRESS, US. The main domain is hotel-booking-dev.americanexpress.com.
TLS certificate: Issued by DigiCert EV RSA CA G2 on October 23rd 2024. Valid for: a year.

This is the only time hotel-booking-dev.americanexpress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	139.71.184.147 139.71.184.147	6307 (AMERICAN-...) (AMERICAN-EXPRESS)
1	23.201.242.105 23.201.242.105	16625 (AKAMAI-AS) (AKAMAI-AS)
24	139.71.66.22 139.71.66.22	6307 (AMERICAN-...) (AMERICAN-EXPRESS)
8	139.71.55.230 139.71.55.230	6307 (AMERICAN-...) (AMERICAN-EXPRESS)
5	139.71.178.127 139.71.178.127	6307 (AMERICAN-...) (AMERICAN-EXPRESS)
4	139.71.64.72 139.71.64.72	6307 (AMERICAN-...) (AMERICAN-EXPRESS)
2	52.20.8.91 52.20.8.91	14618 (AMAZON-AES) (AMAZON-AES)
1	104.102.62.18 104.102.62.18	16625 (AKAMAI-AS) (AKAMAI-AS)
51	9

3 139.71.184.147 (United States) 1 redirects

ASN6307 (AMERICAN-EXPRESS, US)
PTR: hotelbookinguplift-deveusw1-vip.americanexpress.com

hotel-booking-dev.americanexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.201.242.105 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-201-242-105.deploy.static.akamaitechnologies.com

www.aexp-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 139.71.66.22 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: cdaas-dev1.americanexpress.com

cdaas-dev.americanexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 139.71.55.230 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: functions-r2a.americanexpress.com

functions.americanexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 139.71.178.127 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: functionsa-dev-vip.americanexpress.com

functions-dev.americanexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 139.71.64.72 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: xpdp-deveusw1-vip.americanexpress.com

one-xp-dev.americanexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.20.8.91 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-8-91.compute-1.amazonaws.com

lib-us-1.brilliantcollector.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.102.62.18 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-62-18.deploy.static.akamaitechnologies.com

www.americanexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	americanexpress.com 1 redirects hotel-booking-dev.americanexpress.com cdaas-dev.americanexpress.com — Cisco Umbrella Rank: 276276 functions.americanexpress.com — Cisco Umbrella Rank: 19779 functions-dev.americanexpress.com one-xp-dev.americanexpress.com iwmapapi-dev.americanexpress.com Failed www.americanexpress.com — Cisco Umbrella Rank: 14352	1 MB
2	brilliantcollector.com lib-us-1.brilliantcollector.com — Cisco Umbrella Rank: 19605	374 B
1	aexp-static.com www.aexp-static.com — Cisco Umbrella Rank: 13473	48 KB
0	aexp.com Failed inter-pdgemapp.aexp.com Failed
51	4

	Domain	Requested by
24	cdaas-dev.americanexpress.com	hotel-booking-dev.americanexpress.com cdaas-dev.americanexpress.com
8	functions.americanexpress.com	cdaas-dev.americanexpress.com
5	functions-dev.americanexpress.com	cdaas-dev.americanexpress.com
4	one-xp-dev.americanexpress.com	cdaas-dev.americanexpress.com
3	hotel-booking-dev.americanexpress.com	1 redirects cdaas-dev.americanexpress.com
2	lib-us-1.brilliantcollector.com	cdaas-dev.americanexpress.com
1	www.americanexpress.com
1	www.aexp-static.com	hotel-booking-dev.americanexpress.com
0	iwmapapi-dev.americanexpress.com Failed	cdaas-dev.americanexpress.com
0	inter-pdgemapp.aexp.com Failed	cdaas-dev.americanexpress.com
51	10

This site contains links to these domains. Also see Links.

Domain
www.americanexpress.com

Subject Issuer	Validity	Valid
hotelbookinguplift-deveusw1.americanexpress.com DigiCert EV RSA CA G2	`2024-10-23` - `2025-10-23`	a year	crt.sh
m.americanexpress.com DigiCert SHA2 Extended Validation Server CA	`2024-03-06` - `2025-03-06`	a year	crt.sh
cdaas-dev.americanexpress.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-24` - `2025-07-23`	a year	crt.sh
functions.americanexpress.com DigiCert SHA2 Extended Validation Server CA	`2024-08-08` - `2025-08-08`	a year	crt.sh
functionsa-dev.americanexpress.com DigiCert EV RSA CA G2	`2024-09-04` - `2025-09-03`	a year	crt.sh
xpdp-deveusw1.americanexpress.com DigiCert EV RSA CA G2	`2024-07-04` - `2025-07-03`	a year	crt.sh
*.brilliantcollector.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-08` - `2025-04-16`	a year	crt.sh
www.americanexpress.com DigiCert SHA2 Extended Validation Server CA	`2024-07-08` - `2025-07-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome
Frame ID: A1421C4AF6B6F3F0374FB3705B992C5B
Requests: 45 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fine Hotels + Resorts | Luxury Hotel Bookings | Amex Travel UK

Page URL History Show full URLs

https://hotel-booking-dev.americanexpress.com/ HTTP 302
https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome Page URL

Detected technologies

Amex Express Checkout (Payment processors) Expand

Overall confidence: 100%
Detected patterns

aexp-static\.com

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Page Statistics

51
Requests

92 %
HTTPS

0 %
IPv6

4
Domains

10
Subdomains

9
IPs

2
Countries

1419 kB
Transfer

6868 kB
Size

8
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.americanexpress.com/en-gb/company/legal/privacy-centre/about-cookies/?showoverlay=false
Title: Cookie Policy.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hotel-booking-dev.americanexpress.com/ HTTP 302
https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

51 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request welcome Show response
hotel-booking-dev.americanexpress.com/en-gb/fhr/
Redirect Chain

https://hotel-booking-dev.americanexpress.com/
https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome

32 KB
10 KB

193ms
193ms

Document
text/html

139.71.184.147
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.184.147 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

hotelbookinguplift-deveusw1-vip.americanexpress.com

Software

Resource Hash

2e296c8a978216c10a8556159195c16608ff82fac0e39eb51fff74611d03c59c

Security Headers

Name	Value
Content-Security-Policy	report-uri process.env.ONE_CLIENT_CSP_REPORTING_URL; block-all-mixed-content; default-src 'self' .aexp.com .americanexpress.com .aexp-static.com wss://.americanexpress.com assets.adobedtm.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net .bf.dynatrace.com apim.expedia.com maps.googleapis.com maps.gstatic.com; script-src 'nonce-bc3187e6-a3c2-460e-900f-6a5766ed0b2b' 'self' .aexp.com .americanexpress.com .aexp-static.com maps.googleapis.com maps.gstatic.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net js-cdn.dynatrace.com .bounceexchange.com .microsoft.com analytics.newscred.com www.google-analytics.com s.ntv.io www.youtube.com/iframe_api s.ytimg.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ .liveperson.net .liveperson.com .lpsnmedia.net .liveengage.net .liveengage.com .liveper.sn service.maxymiser.net c.evidon.com; img-src data: 'self' .aexp.com .americanexpress.com .aexp-static.com maps.googleapis.com maps.gstatic.com media.iceportal.com cdn.switchfly.com/www.cfmedia.vfmleonardo.com cdn.switchfly.com d2whcypojkzby.cloudfront.net www.cfmedia.vfmleonardo.com i.travelapi.com photos.hotelbeds.com pix6.agoda.net www.tripadvisor.com www.tripadvisor.de www.tripadvisor.es www.tripadvisor.com.mx www.tripadvisor.fr www.tripadvisor.it www.tripadvisor.nl www.tripadvisor.se .liveperson.net .liveperson.com .lpsnmedia.net .liveengage.net .liveengage.com .liveper.sn images.trvl-media.com c.evidon.com l.evidon.com .flashtalking.com; style-src 'unsafe-inline' .aexp.com .aexp-static.com fonts.googleapis.com maps.googleapis.com maps.gstatic.com; connect-src 'self' dpm.demdex.net dstatic.dev.ipc.us.aexp.com wss://.americanexpress.com wss://.aexp.com .aexp.com .americanexpress.com .aexp-static.com lib-us-1.brilliantcollector.com/collector/collectorPost .bf.dynatrace.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net apim.expedia.com amex-promotion-service-stg.iseatz.com amex-promotion-service.iseatz.com c.evidon.com l.evidon.com optoutapi.evidon.com maps.googleapis.com maps.gstatic.com; manifest-src 'self' .aexp.com .americanexpress.com .aexp-static.com; worker-src 'self' .aexp.com .americanexpress.com .aexp-static.com; frame-ancestors none; frame-src .americanexpress.com .aexp-static.com aexp.demdex.net .liveperson.net .liveperson.com .lpsnmedia.net .liveengage.net .liveengage.com .liveper.sn service.maxymiser.net maps.googleapis.com maps.gstatic.com; font-src *.aexp-static.com fonts.gstatic.com fonts.googleapis.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Transfer-Encoding: chunked
cache-control: no-store
content-encoding: gzip
content-security-policy: report-uri process.env.ONE_CLIENT_CSP_REPORTING_URL; block-all-mixed-content; default-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com wss://*.americanexpress.com assets.adobedtm.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net *.bf.dynatrace.com apim.expedia.com maps.googleapis.com maps.gstatic.com; script-src 'nonce-bc3187e6-a3c2-460e-900f-6a5766ed0b2b' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com maps.googleapis.com maps.gstatic.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net js-cdn.dynatrace.com *.bounceexchange.com *.microsoft.com analytics.newscred.com www.google-analytics.com s.ntv.io www.youtube.com/iframe_api s.ytimg.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn service.maxymiser.net c.evidon.com; img-src data: 'self' *.aexp.com *.americanexpress.com *.aexp-static.com maps.googleapis.com maps.gstatic.com media.iceportal.com cdn.switchfly.com/www.cfmedia.vfmleonardo.com cdn.switchfly.com d2whcypojkzby.cloudfront.net www.cfmedia.vfmleonardo.com i.travelapi.com photos.hotelbeds.com pix6.agoda.net www.tripadvisor.com www.tripadvisor.de www.tripadvisor.es www.tripadvisor.com.mx www.tripadvisor.fr www.tripadvisor.it www.tripadvisor.nl www.tripadvisor.se *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn images.trvl-media.com c.evidon.com l.evidon.com *.flashtalking.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com fonts.googleapis.com maps.googleapis.com maps.gstatic.com; connect-src 'self' dpm.demdex.net dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com wss://*.aexp.com *.aexp.com *.americanexpress.com *.aexp-static.com lib-us-1.brilliantcollector.com/collector/collectorPost *.bf.dynatrace.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net apim.expedia.com amex-promotion-service-stg.iseatz.com amex-promotion-service.iseatz.com c.evidon.com l.evidon.com optoutapi.evidon.com maps.googleapis.com maps.gstatic.com; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; frame-ancestors none; frame-src *.americanexpress.com *.aexp-static.com aexp.demdex.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn service.maxymiser.net maps.googleapis.com maps.gstatic.com; font-src *.aexp-static.com fonts.gstatic.com fonts.googleapis.com
content-type: text/html; charset=utf-8
date: Wed, 23 Oct 2024 02:33:48 GMT
etag: W/"7f2a-bB9V06DDzrKUl7MPg1+TPknNbUk"
one-app-version: 5.25.0-61e4465e
pragma: no-cache
referrer-policy: same-origin
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-envoy-upstream-service-time: 41
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

cache-control: no-store
content-length: 80
content-security-policy: report-uri process.env.ONE_CLIENT_CSP_REPORTING_URL; block-all-mixed-content; default-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com wss://*.americanexpress.com assets.adobedtm.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net *.bf.dynatrace.com apim.expedia.com maps.googleapis.com maps.gstatic.com; script-src 'nonce-94752216-1c00-4b2a-8030-ad70b8620edf' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com maps.googleapis.com maps.gstatic.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net js-cdn.dynatrace.com *.bounceexchange.com *.microsoft.com analytics.newscred.com www.google-analytics.com s.ntv.io www.youtube.com/iframe_api s.ytimg.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn service.maxymiser.net c.evidon.com; img-src data: 'self' *.aexp.com *.americanexpress.com *.aexp-static.com maps.googleapis.com maps.gstatic.com media.iceportal.com cdn.switchfly.com/www.cfmedia.vfmleonardo.com cdn.switchfly.com d2whcypojkzby.cloudfront.net www.cfmedia.vfmleonardo.com i.travelapi.com photos.hotelbeds.com pix6.agoda.net www.tripadvisor.com www.tripadvisor.de www.tripadvisor.es www.tripadvisor.com.mx www.tripadvisor.fr www.tripadvisor.it www.tripadvisor.nl www.tripadvisor.se *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn images.trvl-media.com c.evidon.com l.evidon.com *.flashtalking.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com fonts.googleapis.com maps.googleapis.com maps.gstatic.com; connect-src 'self' dpm.demdex.net dstatic.dev.ipc.us.aexp.com wss://*.americanexpress.com wss://*.aexp.com *.aexp.com *.americanexpress.com *.aexp-static.com lib-us-1.brilliantcollector.com/collector/collectorPost *.bf.dynatrace.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net apim.expedia.com amex-promotion-service-stg.iseatz.com amex-promotion-service.iseatz.com c.evidon.com l.evidon.com optoutapi.evidon.com maps.googleapis.com maps.gstatic.com; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; frame-ancestors none; frame-src *.americanexpress.com *.aexp-static.com aexp.demdex.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn service.maxymiser.net maps.googleapis.com maps.gstatic.com; font-src *.aexp-static.com fonts.gstatic.com fonts.googleapis.com
content-type: text/html; charset=utf-8
date: Wed, 23 Oct 2024 02:33:48 GMT
location: /en-gb/fhr/welcome
one-app-version: 5.25.0-61e4465e
pragma: no-cache
referrer-policy: same-origin
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept, Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-envoy-upstream-service-time: 30
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 dls.min.css
www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.25.3/package/dist/6.25.3/styles/ 363 KB
48 KB 102ms
25ms Stylesheet
text/css 23.201.242.105
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.25.3/package/dist/6.25.3/styles/dls.min.css
Requested by: Host: hotel-booking-dev.americanexpress.com
URL: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.201.242.105 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-201-242-105.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c02e7dc45d4d8ae62bd47302a994f9ed2cb140e7a70db4d7ff7d5d7d6aef2884

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-encoding: gzip
etag: W/"64d1353b-5aa51"
access-control-allow-credentials: true
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: https://isp.aexp.com
content-length: 48788
date: Wed, 23 Oct 2024 02:33:48 GMT
content-type: text/css
last-modified: Mon, 07 Aug 2023 18:17:31 GMT
vary: Origin, Accept-Encoding
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H/1.1 200
OK app~vendors.js Show response
cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/ 470 KB
116 KB 895ms
231ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app~vendors.js

Requested by

Host: hotel-booking-dev.americanexpress.com
URL: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

b3404d578aac9a2f533e50fe62ca0a021f95c64c567079bb3fc2c20ccc9cd7cf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"66671a24-7597a"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:49 GMT
Content-Type: application/javascript
Last-Modified: Mon, 10 Jun 2024 15:22:12 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK runtime.js Show response
cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/ 16 KB
6 KB 836ms
161ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/runtime.js

Requested by

Host: hotel-booking-dev.americanexpress.com
URL: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

f1c2fda9627351e28491ab6832e1b716b32ddd416da7e2715f62140721866f91

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"66671a24-3e70"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:49 GMT
Content-Type: application/javascript
Last-Modified: Mon, 10 Jun 2024 15:22:12 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK vendors.js Show response
cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/ 174 KB
52 KB 732ms
213ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/vendors.js

Requested by

Host: hotel-booking-dev.americanexpress.com
URL: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

45e6f3e6847536e5fb63d629bed17ffb329fe44699356518657491a69d74e869

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"66671a24-2b640"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:49 GMT
Content-Type: application/javascript
Last-Modified: Mon, 10 Jun 2024 15:22:12 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK en-GB.js Show response
cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/i18n/ 3 KB
2 KB 661ms
165ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/i18n/en-GB.js

Requested by

Host: hotel-booking-dev.americanexpress.com
URL: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

4fce599fbc380c71c9c857928d68299ee69266f37cbd2149dddecc3585494f7d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"66671a24-cdd"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:49 GMT
Content-Type: application/javascript
Last-Modified: Mon, 10 Jun 2024 15:22:12 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK axp-hotel-booking-root.browser.js Show response
cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-hotel-booking-root/4.89.2/ 4 MB
710 KB 840ms
347ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-hotel-booking-root/4.89.2/axp-hotel-booking-root.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a

Requested by

Host: hotel-booking-dev.americanexpress.com
URL: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

1995a40e9a728d70faf4a9007ad66bd41962dacf8ab021b6907ad76053a17e7f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"6605d3c4-3ed668"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:49 GMT
Content-Type: application/javascript
Last-Modified: Thu, 28 Mar 2024 20:32:04 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK axp-hotel-booking-container.browser.js Show response
cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-hotel-booking-container/4.13.0/ 10 KB
4 KB 673ms
161ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-hotel-booking-container/4.13.0/axp-hotel-booking-container.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a

Requested by

Host: hotel-booking-dev.americanexpress.com
URL: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

427fcf30eea67983f008415b90a5a38f7f4b380037e90180e6ef4ea17207a3bf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"65a80567-27f5"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:49 GMT
Content-Type: application/javascript
Last-Modified: Wed, 17 Jan 2024 16:50:47 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK axp-hotel-booking-home.browser.js Show response
cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-hotel-booking-home/3.26.0/ 51 KB
11 KB 678ms
176ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-hotel-booking-home/3.26.0/axp-hotel-booking-home.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a

Requested by

Host: hotel-booking-dev.americanexpress.com
URL: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

7e0512e3705424a85e7785fedba4939809832a4b7e2df7fbf0020295523f6b41

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"65e05e59-cd01"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:49 GMT
Content-Type: application/javascript
Last-Modified: Thu, 29 Feb 2024 10:37:13 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK app.js Show response
cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/ 137 KB
37 KB 681ms
194ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app.js

Requested by

Host: hotel-booking-dev.americanexpress.com
URL: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

0259245f15c129a1bb6cae4e940200ccde42cd4a7a12e8d182580578446506c0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"66671a24-22390"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:49 GMT
Content-Type: application/javascript
Last-Modified: Mon, 10 Jun 2024 15:22:12 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK integration.json Show response
cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-hotel-booking-root/4.89.2/en-gb/ 3 KB
2 KB 172ms
169ms Fetch
application/json 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-hotel-booking-root/4.89.2/en-gb/integration.json

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

6abc75248b8c18b9e1b9ed288a80e6ea0dfcd0f5f8dfc8fcc7ff5597ddfe91e1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Encoding: br
ETag: W/"6605d380-a7e"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:50 GMT
Content-Type: application/json
Last-Modified: Thu, 28 Mar 2024 20:30:56 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H2 200 ReadScriptRegistry.v1 Show response
functions.americanexpress.com/ 483 B
435 B 408ms
142ms Fetch 139.71.55.230
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://functions.americanexpress.com/ReadScriptRegistry.v1?name=user-consent-management&version=%5E1.0.0&environment=e1&cache=1729650

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-hotel-booking-root/4.89.2/axp-hotel-booking-root.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.55.230 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

functions-r2a.americanexpress.com

Software

Resource Hash

753823264446896e63cd2d4df086bff2448811f40ac68038b8ba553faa0f42c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
http_status_code: 200
access-control-max-age: 86400
content-encoding: gzip
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
content-length: 336
date: Wed, 23 Oct 2024 02:33:50 GMT
vary: origin
access-control-allow-headers: one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type

GET
H2 200 ReadScriptRegistry.v1 Show response
functions.americanexpress.com/ 500 B
1 KB 397ms
132ms Fetch 139.71.55.230
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://functions.americanexpress.com/ReadScriptRegistry.v1?name=dxt-script-supplier-helper&version=%5E1.0.0&environment=e1&cache=1729650

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.55.230 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

functions-r2a.americanexpress.com

Software

Resource Hash

4744c31ffaa793e5d80bfff9384fc8fa2f1ebf57902314c6cacc743b56d968a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
http_status_code: 200
access-control-max-age: 86400
content-encoding: gzip
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
content-length: 326
date: Wed, 23 Oct 2024 02:33:50 GMT
vary: origin
access-control-allow-headers: one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type

GET
H/1.1 200
OK tealeaf.v1.amextravel.int.js Show response
cdaas-dev.americanexpress.com/cdaas/tls/premiumhotel/tealeaf/ 196 KB
57 KB 659ms
196ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/tls/premiumhotel/tealeaf/tealeaf.v1.amextravel.int.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

d62c4b2d563b82577275467f393a560c48e35dfa78472cb3d18c4a6616fbb130

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Content-Encoding: br
ETag: W/"6102e423-30e9e"
Connection: keep-alive
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Thu, 29 Jul 2021 17:23:47 GMT
Vary: Origin
X-Frame-Options: DENY

GET
H2 400 ReadUserSession.v1 Show response
functions-dev.americanexpress.com/ 104 B
562 B 541ms
177ms Fetch 139.71.178.127
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://functions-dev.americanexpress.com/ReadUserSession.v1

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.178.127 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

functionsa-dev-vip.americanexpress.com

Software

Resource Hash

fc0ee9476197548dbfb6314915f5e97a80d1983e7dd441572ca23771f351a5c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
http_status_code: 400
access-control-max-age: 86400
content-encoding: gzip
x-envoy-upstream-service-time: 23
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
content-length: 123
date: Wed, 23 Oct 2024 02:33:51 GMT
vary: origin
access-control-allow-headers: accept,authorization,ce-source,ce-type,content-encoding,content-length,content-type,credentials,one-data-context,one-data-correlation-id,one-data-risk-assessment-token,origin,user-agent,vary

OPTIONS
H2 200 ReadUserSession.v1
functions-dev.americanexpress.com/ 0
0 490ms
180ms Preflight 139.71.178.127
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL: https://functions-dev.americanexpress.com/ReadUserSession.v1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 139.71.178.127 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS: functionsa-dev-vip.americanexpress.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,one-data-correlation-id
Access-Control-Request-Method: GET
Origin: https://hotel-booking-dev.americanexpress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept,authorization,ce-source,ce-type,content-encoding,content-length,content-type,credentials,one-data-context,one-data-correlation-id,one-data-risk-assessment-token,origin,user-agent,vary
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
access-control-max-age: 86400
content-length: 0
date: Wed, 23 Oct 2024 02:33:51 GMT
x-envoy-upstream-service-time: 15

OPTIONS
H/1.0 200
OK find
one-xp-dev.americanexpress.com/variant/ 0
0 670ms
153ms Preflight 139.71.64.72
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL: https://one-xp-dev.americanexpress.com/variant/find
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 139.71.64.72 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS: xpdp-deveusw1-vip.americanexpress.com
Software: BigIP /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://hotel-booking-dev.americanexpress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com
Connection: Keep-Alive
Content-Length: 0
Server: BigIP

GET
H2 400 ReadUserSession.v1 Show response
functions-dev.americanexpress.com/ 104 B
226 B 170ms
167ms Fetch 139.71.178.127
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://functions-dev.americanexpress.com/ReadUserSession.v1

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.178.127 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

functionsa-dev-vip.americanexpress.com

Software

Resource Hash

fc0ee9476197548dbfb6314915f5e97a80d1983e7dd441572ca23771f351a5c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json
one-data-correlation-id: 4187dfd5-3d6e-4085-8ebf-a68699f6f3a3

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
http_status_code: 400
access-control-max-age: 86400
content-encoding: gzip
x-envoy-upstream-service-time: 18
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
content-length: 123
date: Wed, 23 Oct 2024 02:33:51 GMT
vary: origin
access-control-allow-headers: accept,authorization,ce-source,ce-type,content-encoding,content-length,content-type,credentials,one-data-context,one-data-correlation-id,one-data-risk-assessment-token,origin,user-agent,vary

POST
H/1.1 200
OK find Show response
one-xp-dev.americanexpress.com/variant/ 454 B
2 KB 635ms
191ms Fetch
application/json 139.71.64.72
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://one-xp-dev.americanexpress.com/variant/find

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.64.72 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

xpdp-deveusw1-vip.americanexpress.com

Software

Resource Hash

afc9098145208e32ecc79bd42046fa1f6a6a83150ddad295a5ea81e47de108f5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; frame-ancestors 'none'
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

Transfer-Encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains
access-control-max-age: 86400
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-envoy-upstream-service-time: 32
x-permitted-cross-domain-policies: none
access-control-allow-credentials: true
x-content-type-options: nosniff
allow: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
date: Wed, 23 Oct 2024 02:33:52 GMT
content-type: application/json
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-headers: Content-Type, User-Agent, Origin, Accept

GET
H/1.1 200
OK axp-travel-navigation.browser.js Show response
cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-travel-navigation/4.29.0/ 179 KB
42 KB 227ms
226ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-travel-navigation/4.29.0/axp-travel-navigation.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app~vendors.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

a306a62eb8c56ba030f5d8c9aefef59dccc84e53d70d2209a6181b804a57e39a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"6576f1bc-2cb57"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Mon, 11 Dec 2023 11:25:48 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK axp-travel-agent-legal.browser.js Show response
cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-travel-agent-legal/5.4.0/ 51 KB
15 KB 189ms
188ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-travel-agent-legal/5.4.0/axp-travel-agent-legal.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app~vendors.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

ae0d4f17ed807c2ae069d606624af2ff2fa174a9bd170d1eedea3a0dcb81260b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"651d4209-cc7c"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Wed, 04 Oct 2023 10:44:25 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK axp-hotel-booking-personalized-header.browser.js Show response
cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-hotel-booking-personalized-header/3.14.0/ 13 KB
5 KB 183ms
182ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-hotel-booking-personalized-header/3.14.0/axp-hotel-booking-personalized-header.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app~vendors.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

e207ab8962d2c886151dd75ebb8a5e3e9379e53c227832aecb9e6ee81c60f604

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"65a8085a-3535"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Wed, 17 Jan 2024 17:03:22 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK axp-travel-footer-links.browser.js Show response
cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-travel-footer-links/7.4.0/ 53 KB
15 KB 172ms
171ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-travel-footer-links/7.4.0/axp-travel-footer-links.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app~vendors.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

10b0067c9b2b4464a55220133ab020af8682ed75fb21eb7558781487ba611514

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"651d4204-d5ed"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Wed, 04 Oct 2023 10:44:20 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK axp-travel-terms-and-conditions.browser.js Show response
cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-travel-terms-and-conditions/7.15.0/ 58 KB
17 KB 193ms
192ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-travel-terms-and-conditions/7.15.0/axp-travel-terms-and-conditions.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app~vendors.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

81cf86cef4c7b7410e22390b618da58663bfb66df89182b927224190904411d3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"651ebade-e704"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Oct 2023 13:32:14 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK axp-footer.browser.js Show response
cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-footer/4.30.25/ 326 KB
76 KB 205ms
205ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-footer/4.30.25/axp-footer.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app~vendors.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

25c21d15f28abe252fd4c9844b27be9e89d9d08eecf378db4ce7d5b72d82e649

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"65c2d087-519e3"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Wed, 07 Feb 2024 00:36:23 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK axp-global-header.browser.js Show response
cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-global-header/4.3.36/ 259 KB
54 KB 242ms
242ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-global-header/4.3.36/axp-global-header.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app~vendors.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

4de5dc159adccf160e0e916b174e2335e23f1cd9d2f4158087e43737a687dd27

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"65c53320-40a4f"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Thu, 08 Feb 2024 20:01:36 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK dxt-script-supplier-helper.js Show response
cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/ 66 KB
26 KB 191ms
191ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

125d89a6d9fd7d4e95d1e150229656cbdd262de74c5e593022e049431bf3bfc4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"66f6245d-108d9"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Fri, 27 Sep 2024 03:19:57 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK UCM.js Show response
cdaas-dev.americanexpress.com/cdaas/user-consent-management/ucm/v1.14.0-9/ 266 KB
64 KB 230ms
230ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/user-consent-management/ucm/v1.14.0-9/UCM.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

5b58c49148342cf2b05fa4bb4f517dc93687c0a82c1fdeb3f82f36afcd4ee19b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"6716ccfe-4295b"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Mon, 21 Oct 2024 21:51:58 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET navigation-links-dev.json
inter-pdgemapp.aexp.com/Internet/travel/navigation/en-gb/ 0
0

GET
H/1.1 200
OK integration.json Show response
cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-travel-navigation/4.29.0/en-gb/ 874 B
1 KB 170ms
170ms Fetch
application/json 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-app/modules/axp-travel-navigation/4.29.0/en-gb/integration.json

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

6551a29b0d8d518a2910072f0c05af915f29c46e9e5915fb206c33e6d6c96b76

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Encoding: br
ETag: W/"6576f1ad-36a"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/json
Last-Modified: Mon, 11 Dec 2023 11:25:33 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

POST
H/1.1 200
OK find Show response
one-xp-dev.americanexpress.com/variant/ 453 B
2 KB 632ms
187ms Fetch
application/json 139.71.64.72
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://one-xp-dev.americanexpress.com/variant/find

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/one/app/5.25.0-61e4465e/app.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.64.72 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

xpdp-deveusw1-vip.americanexpress.com

Software

Resource Hash

3955784f0b3a56fcd7ea4cd2ac6562529ccc836b8d859300745408ed4a9b751d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; frame-ancestors 'none'
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

Transfer-Encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains
access-control-max-age: 86400
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-envoy-upstream-service-time: 28
x-permitted-cross-domain-policies: none
access-control-allow-credentials: true
x-content-type-options: nosniff
allow: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
date: Wed, 23 Oct 2024 02:33:52 GMT
content-type: application/json
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-headers: Content-Type, User-Agent, Origin, Accept

OPTIONS
H/1.0 200
OK find
one-xp-dev.americanexpress.com/variant/ 0
0 555ms
157ms Preflight 139.71.64.72
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL: https://one-xp-dev.americanexpress.com/variant/find
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 139.71.64.72 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS: xpdp-deveusw1-vip.americanexpress.com
Software: BigIP /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://hotel-booking-dev.americanexpress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com
Connection: Keep-Alive
Content-Length: 0
Server: BigIP

GET
H2 200 ReadScriptRegistry.v1 Show response
functions.americanexpress.com/ 478 B
423 B 121ms
120ms Fetch 139.71.55.230
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://functions.americanexpress.com/ReadScriptRegistry.v1?name=datapoint-script&version=%5E1.0.0&environment=e1&cache=1729650

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.55.230 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

functions-r2a.americanexpress.com

Software

Resource Hash

5bcf22c1d3b5b08ef60b48b348fe242f71aa1d6143320b9206f20624859808cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
http_status_code: 200
access-control-max-age: 86400
content-encoding: gzip
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
content-length: 324
date: Wed, 23 Oct 2024 02:33:51 GMT
vary: origin
access-control-allow-headers: one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type

GET
H2 200 ReadScriptRegistry.v1 Show response
functions.americanexpress.com/ 471 B
423 B 124ms
123ms Fetch 139.71.55.230
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://functions.americanexpress.com/ReadScriptRegistry.v1?name=one-identity-session&version=%5E1.0.0&environment=e1&cache=1729650

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.55.230 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

functions-r2a.americanexpress.com

Software

Resource Hash

9d8d1b54505f95c0a5a5131a49f9ea1e4db340b33668b59f0609fe38b083ccad

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
http_status_code: 200
access-control-max-age: 86400
content-encoding: gzip
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
content-length: 324
date: Wed, 23 Oct 2024 02:33:51 GMT
vary: origin
access-control-allow-headers: one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type

GET
H2 200 ReadScriptRegistry.v1 Show response
functions.americanexpress.com/ 506 B
444 B 133ms
131ms Fetch 139.71.55.230
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://functions.americanexpress.com/ReadScriptRegistry.v1?name=one-stream-data-handler&version=%5E0.1.2&environment=e1&cache=1729650

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.55.230 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

functions-r2a.americanexpress.com

Software

Resource Hash

abe3b8393f59fea54e8354f22bb809974ebbd879845dce6e914b1dc30ed94146

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
http_status_code: 200
access-control-max-age: 86400
content-encoding: gzip
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
content-length: 345
date: Wed, 23 Oct 2024 02:33:51 GMT
vary: origin
access-control-allow-headers: one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type

GET
H2 200 ReadScriptRegistry.v1 Show response
functions.americanexpress.com/ 482 B
436 B 131ms
129ms Fetch 139.71.55.230
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://functions.americanexpress.com/ReadScriptRegistry.v1?name=adobe&version=%5E1.0.0&environment=e1&cache=1729650

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.55.230 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

functions-r2a.americanexpress.com

Software

Resource Hash

eb6b3a475cec80a9ecc03544447e4cf58686391b9fe5b70e738e5e917943a3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
http_status_code: 200
access-control-max-age: 86400
content-encoding: gzip
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
content-length: 337
date: Wed, 23 Oct 2024 02:33:51 GMT
vary: origin
access-control-allow-headers: one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type

GET
H2 200 ReadScriptRegistry.v1 Show response
functions.americanexpress.com/ 465 B
428 B 140ms
138ms Fetch 139.71.55.230
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://functions.americanexpress.com/ReadScriptRegistry.v1?name=maxymiser&version=%5E1.13.0&environment=e1&cache=1729650

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.55.230 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

functions-r2a.americanexpress.com

Software

Resource Hash

ed1a4af5ffe63b00de6ff7788feb2821583f85a31e50b600ce0721fa3b91c1e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
http_status_code: 200
access-control-max-age: 86400
content-encoding: gzip
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
content-length: 329
date: Wed, 23 Oct 2024 02:33:51 GMT
vary: origin
access-control-allow-headers: one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type

GET
H2 200 ReadScriptRegistry.v1 Show response
functions.americanexpress.com/ 480 B
443 B 148ms
147ms Fetch 139.71.55.230
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://functions.americanexpress.com/ReadScriptRegistry.v1?name=ensighten&version=%5E1.0.0&environment=e1&cache=1729650

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.55.230 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

functions-r2a.americanexpress.com

Software

Resource Hash

3d1b4bd97c8ea3169c6a2aa366d69a7661a9e0a769059b85a426cce992e5e1ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
http_status_code: 200
access-control-max-age: 86400
content-encoding: gzip
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
content-length: 344
date: Wed, 23 Oct 2024 02:33:51 GMT
vary: origin
access-control-allow-headers: one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter,user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type

GET
H/1.1 200
OK timeout.js Show response
cdaas-dev.americanexpress.com/one/one-identity-session/1.41.0/ 38 KB
12 KB 167ms
166ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/one/one-identity-session/1.41.0/timeout.js

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

bebe5dd098851f81065ecda1ff68d2f3af8eb3885273fe66336125bf8ee07445

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"66cf2df6-98c2"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Wed, 28 Aug 2024 14:02:30 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK oneStream.js Show response
cdaas-dev.americanexpress.com/cdaas/dxt-vendor-shared-scripts/one-stream-data-handler/v0.1.7/ 2 KB
2 KB 165ms
164ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/dxt-vendor-shared-scripts/one-stream-data-handler/v0.1.7/oneStream.js

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

f83cd624a8bee00c962128fefe1df4f7750f91d3914260472f55b86effe4ce4c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"66c4c25a-935"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Tue, 20 Aug 2024 16:20:42 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

GET
H/1.1 200
OK entrypoint-15922.js Show response
cdaas-dev.americanexpress.com/cdaas/one-tag/tagging/entrypoints/v1.110.0/ 72 KB
22 KB 199ms
198ms Script
application/javascript 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdaas-dev.americanexpress.com/cdaas/one-tag/tagging/entrypoints/v1.110.0/entrypoint-15922.js

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/dxt-script-supplier-helper/1.2.2/dxt-script-supplier-helper.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

6074f1c18c967df98c54f0729604e470001bbd0124e29ae448b2365c638c4646

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://hotel-booking-dev.americanexpress.com
Referer

Response headers

Content-Encoding: br
ETag: W/"67113564-1213c"
Access-Control-Allow-Methods: GET, OPTIONS, HEAD
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: application/javascript
Last-Modified: Thu, 17 Oct 2024 16:03:48 GMT
Vary: Origin
X-Frame-Options: DENY
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hotel-booking-dev.americanexpress.com

POST
H2 401 UpdateUserSession.v1 Show response
functions-dev.americanexpress.com/ 228 B
305 B 180ms
170ms Fetch 139.71.178.127
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://functions-dev.americanexpress.com/UpdateUserSession.v1

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/one/one-identity-session/1.41.0/timeout.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.178.127 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

functionsa-dev-vip.americanexpress.com

Software

Resource Hash

40a91b0413e3680ee73fe6ecb6c52d2e509d11d57a584e873f73dc3ef059750b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
one-data-correlation-id: 147104ed-f5f8-47aa-9260-c9c0758d8323

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
access-control-max-age: 86400
content-encoding: gzip
x-envoy-upstream-service-time: 20
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
content-length: 199
date: Wed, 23 Oct 2024 02:33:52 GMT
vary: origin
access-control-allow-headers: accept,authorization,ce-source,ce-type,content-encoding,content-length,content-type,credentials,one-data-context,one-data-correlation-id,one-data-risk-assessment-token,origin,user-agent,vary

GET
H/1.1 200
OK info.filled.svg
cdaas-dev.americanexpress.com/one/universal-session-manager-assets/ 361 B
962 B 192ms
161ms Image
image/svg+xml 139.71.66.22
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdaas-dev.americanexpress.com/one/universal-session-manager-assets/info.filled.svg

Requested by

Host: hotel-booking-dev.americanexpress.com
URL: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.66.22 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

cdaas-dev1.americanexpress.com

Software

Resource Hash

7066a1bd1fc62016f82e111b3a3253bb0306d9e5f69bcbbcfbdfc20bddadb640

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' .aexp.com .americanexpress.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.aexp.com *.americanexpress.com
Cache-Control: max-age=31536000, must-revalidate
Timing-Allow-Origin: *
Content-Encoding: br
ETag: W/"6447ff71-169"
Connection: keep-alive
X-Content-Type-Options: nosniff
Date: Wed, 23 Oct 2024 02:33:51 GMT
Content-Type: image/svg+xml
Last-Modified: Tue, 25 Apr 2023 16:27:29 GMT
Vary: Origin
X-Frame-Options: DENY

OPTIONS
H2 200 UpdateUserSession.v1
functions-dev.americanexpress.com/ 0
0 174ms
165ms Preflight 139.71.178.127
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL: https://functions-dev.americanexpress.com/UpdateUserSession.v1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 139.71.178.127 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS: functionsa-dev-vip.americanexpress.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,one-data-correlation-id
Access-Control-Request-Method: POST
Origin: https://hotel-booking-dev.americanexpress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept,authorization,ce-source,ce-type,content-encoding,content-length,content-type,credentials,one-data-context,one-data-correlation-id,one-data-risk-assessment-token,origin,user-agent,vary
access-control-allow-methods: POST,OPTIONS,GET
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
access-control-max-age: 86400
content-length: 0
date: Wed, 23 Oct 2024 02:33:51 GMT
x-envoy-upstream-service-time: 12

POST beacon
iwmapapi-dev.americanexpress.com/ 0
0

OPTIONS beacon
iwmapapi-dev.americanexpress.com/ 0
0

OPTIONS
H2 200 collectorPost
lib-us-1.brilliantcollector.com/collector/ 0
0 289ms
90ms Preflight 52.20.8.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lib-us-1.brilliantcollector.com/collector/collectorPost
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.8.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-8-91.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-encoding,content-type,x-pageid,x-requested-with,x-tealeaf,x-tealeaf-messagetypes,x-tealeaf-page-url,x-tealeaf-saas-appkey,x-tealeaf-saas-tltsid,x-tealeaf-syncxhr,x-tealeaftype
Access-Control-Request-Method: POST
Origin: https://hotel-booking-dev.americanexpress.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-encoding, content-type, x-pageid, x-requested-with, x-tealeaf, x-tealeaf-messagetypes, x-tealeaf-page-url, x-tealeaf-saas-appkey, x-tealeaf-saas-tltsid, x-tealeaf-syncxhr, x-tealeaftype
access-control-allow-methods: POST
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
access-control-max-age: 3600
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
content-length: 0
date: Wed, 23 Oct 2024 02:33:52 GMT
server: istio-envoy
vary: Accept-Encoding,Origin
x-envoy-upstream-service-time: 0

POST
H/1.1 404
Not Found process.env.ONE_CLIENT_CSP_REPORTING_URL
hotel-booking-dev.americanexpress.com/en-gb/fhr/ 190 B
667 B 188ms
186ms Other
text/html 139.71.184.147
AMERICAN-EXPRESS

General

Check archive.org

Show headers Download Go to

Full URL

https://hotel-booking-dev.americanexpress.com/en-gb/fhr/process.env.ONE_CLIENT_CSP_REPORTING_URL

Requested by

Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/tls/premiumhotel/tealeaf/tealeaf.v1.amextravel.int.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

139.71.184.147 , United States, ASN6307 (AMERICAN-EXPRESS, US),

Reverse DNS

hotelbookinguplift-deveusw1-vip.americanexpress.com

Software

Resource Hash

0af57f143b1acf59b87d141e40d30f1d193731d69c204846885bad7a30271cea

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/csp-report
Referer: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/welcome

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
content-security-policy: default-src 'none'
x-dns-prefetch-control: off
x-envoy-upstream-service-time: 35
x-content-type-options: nosniff
x-download-options: noopen
content-length: 190
one-app-version: 5.25.0-61e4465e
date: Wed, 23 Oct 2024 02:33:51 GMT
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET 4935ad7f986543bbbbc67edbf4e4d623
lib-us-1.brilliantcollector.com/collector/switch/ 0
0

POST
H2 200 collectorPost Show response
lib-us-1.brilliantcollector.com/collector/ 38 B
374 B 93ms
92ms XHR
application/json 52.20.8.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lib-us-1.brilliantcollector.com/collector/collectorPost
Requested by: Host: cdaas-dev.americanexpress.com
URL: https://cdaas-dev.americanexpress.com/cdaas/tls/premiumhotel/tealeaf/tealeaf.v1.amextravel.int.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.8.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-8-91.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 1d4fdec9bbde03db70d2add577e12d713e8cceb38fb75ba13df9c89252475f60

Request headers

X-TeaLeaf-Page-Url: /en-gb/fhr/welcome
X-PageId: P.YERRV3GQCFJLVUZLA74KSKM6K9JG
X-TealeafType: GUI
Referer
Content-Encoding: gzip
X-Tealeaf: device (UIC) Lib/6.0.0.1960
X-Tealeaf-SaaS-AppKey: 4935ad7f986543bbbbc67edbf4e4d623
X-Tealeaf-SyncXHR: false
X-Tealeaf-SaaS-TLTSID: 22849089924941577196161722068746
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
X-Tealeaf-MessageTypes: 2,5,14
Content-Type: application/json

Response headers

tltsid: 22849089924941577196161722068746
cache-control: no-cache
x-envoy-upstream-service-time: 1
access-control-allow-credentials: true
dcname: prod-dal
expires: Fri, 31 Dec 1998 12:00:00 GMT
access-control-allow-origin: https://hotel-booking-dev.americanexpress.com
nodeid: wscollector-5df4f448c7-w4qbc
content-length: 38
date: Wed, 23 Oct 2024 02:33:52 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: istio-envoy

GET
H2 200 favicon.ico
www.americanexpress.com/ 1 KB
2 KB 79ms
18ms Other
image/x-icon 104.102.62.18
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.americanexpress.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.102.62.18 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-102-62-18.deploy.static.akamaitechnologies.com

Software

Resource Hash

265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=63072000; includeSubdomains;
content-encoding: gzip
x-cnection: close
accept-ranges: bytes
content-length: 1381
date: Wed, 23 Oct 2024 02:33:52 GMT
last-modified: Thu, 06 Jun 2019 19:31:23 GMT
vary: Accept-Encoding
content-type: image/x-icon
x-frame-options: SAMEORIGIN

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: inter-pdgemapp.aexp.com
URL: https://inter-pdgemapp.aexp.com/Internet/travel/navigation/en-gb/navigation-links-dev.json

Domain: iwmapapi-dev.americanexpress.com
URL: https://iwmapapi-dev.americanexpress.com/beacon

Domain: iwmapapi-dev.americanexpress.com
URL: https://iwmapapi-dev.americanexpress.com/beacon

Domain: lib-us-1.brilliantcollector.com
URL: https://lib-us-1.brilliantcollector.com/collector/switch/4935ad7f986543bbbbc67edbf4e4d623

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cdaas-dev.americanexpress.com/one/universal-session-manager-assets	1969-12-31 23:59:59	Name: Path Value: /
cdaas-dev.americanexpress.com/cdaas/tls/premiumhotel/tealeaf	1969-12-31 23:59:59	Name: Path Value: /
cdaas-dev.americanexpress.com/	1969-12-31 23:59:59	Name: TS0139a03f Value: 018b11f77a1c7dcf7bb44420c2c6a03392dbbcde4f78be55515aff4fe12238ee737274c52f5a6e830d72c1e72f499796e9f67a56dc
.americanexpress.com/	1969-12-31 23:59:59	Name: TLTSID Value: 22849089924941577196161722068746
.americanexpress.com/	1969-12-31 23:59:59	Name: axplocale Value: en-GB
.americanexpress.com/	1970-01-21 09:13:06	Name: agent-id Value: 834034441729650832397590
one-xp-dev.americanexpress.com/	1969-12-31 23:59:59	Name: TS0139a03f Value: 01d9fec73a583e927f83dd9f63c93b31590dca7e058e51e952a0770e2bc59d3aa16d48f2eb7f955883e72b6953b59f4fc758287f86
.americanexpress.com/	1969-12-31 23:59:59	Name: TS0114bdae Value: 01d9fec73a583e927f83dd9f63c93b31590dca7e058e51e952a0770e2bc59d3aa16d48f2eb7f955883e72b6953b59f4fc758287f86

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://inter-pdgemapp.aexp.com/Internet/travel/navigation/en-gb/navigation-links-dev.json Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://functions-dev.americanexpress.com/ReadUserSession.v1 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://functions-dev.americanexpress.com/ReadUserSession.v1 Message: Failed to load resource: the server responded with a status of 400 ()
security	error	URL: https://cdaas-dev.americanexpress.com/cdaas/tls/premiumhotel/tealeaf/tealeaf.v1.amextravel.int.js(Line 93) Message: Refused to connect to 'https://lib-us-1.brilliantcollector.com/collector/switch/4935ad7f986543bbbbc67edbf4e4d623' because it violates the following Content Security Policy directive: "connect-src 'self' dpm.demdex.net dstatic.dev.ipc.us.aexp.com wss://.americanexpress.com wss://.aexp.com .aexp.com .americanexpress.com .aexp-static.com lib-us-1.brilliantcollector.com/collector/collectorPost .bf.dynatrace.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net apim.expedia.com amex-promotion-service-stg.iseatz.com amex-promotion-service.iseatz.com c.evidon.com l.evidon.com optoutapi.evidon.com maps.googleapis.com maps.gstatic.com".
network	error	URL: https://hotel-booking-dev.americanexpress.com/en-gb/fhr/process.env.ONE_CLIENT_CSP_REPORTING_URL Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://functions-dev.americanexpress.com/UpdateUserSession.v1 Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	report-uri process.env.ONE_CLIENT_CSP_REPORTING_URL; block-all-mixed-content; default-src 'self' .aexp.com .americanexpress.com .aexp-static.com wss://.americanexpress.com assets.adobedtm.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net .bf.dynatrace.com apim.expedia.com maps.googleapis.com maps.gstatic.com; script-src 'nonce-bc3187e6-a3c2-460e-900f-6a5766ed0b2b' 'self' .aexp.com .americanexpress.com .aexp-static.com maps.googleapis.com maps.gstatic.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net js-cdn.dynatrace.com .bounceexchange.com .microsoft.com analytics.newscred.com www.google-analytics.com s.ntv.io www.youtube.com/iframe_api s.ytimg.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ .liveperson.net .liveperson.com .lpsnmedia.net .liveengage.net .liveengage.com .liveper.sn service.maxymiser.net c.evidon.com; img-src data: 'self' .aexp.com .americanexpress.com .aexp-static.com maps.googleapis.com maps.gstatic.com media.iceportal.com cdn.switchfly.com/www.cfmedia.vfmleonardo.com cdn.switchfly.com d2whcypojkzby.cloudfront.net www.cfmedia.vfmleonardo.com i.travelapi.com photos.hotelbeds.com pix6.agoda.net www.tripadvisor.com www.tripadvisor.de www.tripadvisor.es www.tripadvisor.com.mx www.tripadvisor.fr www.tripadvisor.it www.tripadvisor.nl www.tripadvisor.se .liveperson.net .liveperson.com .lpsnmedia.net .liveengage.net .liveengage.com .liveper.sn images.trvl-media.com c.evidon.com l.evidon.com .flashtalking.com; style-src 'unsafe-inline' .aexp.com .aexp-static.com fonts.googleapis.com maps.googleapis.com maps.gstatic.com; connect-src 'self' dpm.demdex.net dstatic.dev.ipc.us.aexp.com wss://.americanexpress.com wss://.aexp.com .aexp.com .americanexpress.com .aexp-static.com lib-us-1.brilliantcollector.com/collector/collectorPost .bf.dynatrace.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net apim.expedia.com amex-promotion-service-stg.iseatz.com amex-promotion-service.iseatz.com c.evidon.com l.evidon.com optoutapi.evidon.com maps.googleapis.com maps.gstatic.com; manifest-src 'self' .aexp.com .americanexpress.com .aexp-static.com; worker-src 'self' .aexp.com .americanexpress.com .aexp-static.com; frame-ancestors none; frame-src .americanexpress.com .aexp-static.com aexp.demdex.net .liveperson.net .liveperson.com .lpsnmedia.net .liveengage.net .liveengage.com .liveper.sn service.maxymiser.net maps.googleapis.com maps.gstatic.com; font-src *.aexp-static.com fonts.gstatic.com fonts.googleapis.com
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdaas-dev.americanexpress.com
functions-dev.americanexpress.com
functions.americanexpress.com
hotel-booking-dev.americanexpress.com
inter-pdgemapp.aexp.com
iwmapapi-dev.americanexpress.com
lib-us-1.brilliantcollector.com
one-xp-dev.americanexpress.com
www.aexp-static.com
www.americanexpress.com
inter-pdgemapp.aexp.com
iwmapapi-dev.americanexpress.com
lib-us-1.brilliantcollector.com
104.102.62.18
139.71.178.127
139.71.184.147
139.71.55.230
139.71.64.72
139.71.66.22
23.201.242.105
52.20.8.91
0259245f15c129a1bb6cae4e940200ccde42cd4a7a12e8d182580578446506c0
0af57f143b1acf59b87d141e40d30f1d193731d69c204846885bad7a30271cea
10b0067c9b2b4464a55220133ab020af8682ed75fb21eb7558781487ba611514
125d89a6d9fd7d4e95d1e150229656cbdd262de74c5e593022e049431bf3bfc4
1995a40e9a728d70faf4a9007ad66bd41962dacf8ab021b6907ad76053a17e7f
1d4fdec9bbde03db70d2add577e12d713e8cceb38fb75ba13df9c89252475f60
25c21d15f28abe252fd4c9844b27be9e89d9d08eecf378db4ce7d5b72d82e649
265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0
2e296c8a978216c10a8556159195c16608ff82fac0e39eb51fff74611d03c59c
3955784f0b3a56fcd7ea4cd2ac6562529ccc836b8d859300745408ed4a9b751d
3d1b4bd97c8ea3169c6a2aa366d69a7661a9e0a769059b85a426cce992e5e1ff
40a91b0413e3680ee73fe6ecb6c52d2e509d11d57a584e873f73dc3ef059750b
427fcf30eea67983f008415b90a5a38f7f4b380037e90180e6ef4ea17207a3bf
45e6f3e6847536e5fb63d629bed17ffb329fe44699356518657491a69d74e869
4744c31ffaa793e5d80bfff9384fc8fa2f1ebf57902314c6cacc743b56d968a1
4de5dc159adccf160e0e916b174e2335e23f1cd9d2f4158087e43737a687dd27
4fce599fbc380c71c9c857928d68299ee69266f37cbd2149dddecc3585494f7d
5b58c49148342cf2b05fa4bb4f517dc93687c0a82c1fdeb3f82f36afcd4ee19b
5bcf22c1d3b5b08ef60b48b348fe242f71aa1d6143320b9206f20624859808cf
6074f1c18c967df98c54f0729604e470001bbd0124e29ae448b2365c638c4646
6551a29b0d8d518a2910072f0c05af915f29c46e9e5915fb206c33e6d6c96b76
6abc75248b8c18b9e1b9ed288a80e6ea0dfcd0f5f8dfc8fcc7ff5597ddfe91e1
7066a1bd1fc62016f82e111b3a3253bb0306d9e5f69bcbbcfbdfc20bddadb640
753823264446896e63cd2d4df086bff2448811f40ac68038b8ba553faa0f42c1
7e0512e3705424a85e7785fedba4939809832a4b7e2df7fbf0020295523f6b41
81cf86cef4c7b7410e22390b618da58663bfb66df89182b927224190904411d3
9d8d1b54505f95c0a5a5131a49f9ea1e4db340b33668b59f0609fe38b083ccad
a306a62eb8c56ba030f5d8c9aefef59dccc84e53d70d2209a6181b804a57e39a
abe3b8393f59fea54e8354f22bb809974ebbd879845dce6e914b1dc30ed94146
ae0d4f17ed807c2ae069d606624af2ff2fa174a9bd170d1eedea3a0dcb81260b
afc9098145208e32ecc79bd42046fa1f6a6a83150ddad295a5ea81e47de108f5
b3404d578aac9a2f533e50fe62ca0a021f95c64c567079bb3fc2c20ccc9cd7cf
bebe5dd098851f81065ecda1ff68d2f3af8eb3885273fe66336125bf8ee07445
c02e7dc45d4d8ae62bd47302a994f9ed2cb140e7a70db4d7ff7d5d7d6aef2884
d62c4b2d563b82577275467f393a560c48e35dfa78472cb3d18c4a6616fbb130
e207ab8962d2c886151dd75ebb8a5e3e9379e53c227832aecb9e6ee81c60f604
eb6b3a475cec80a9ecc03544447e4cf58686391b9fe5b70e738e5e917943a3e5
ed1a4af5ffe63b00de6ff7788feb2821583f85a31e50b600ce0721fa3b91c1e2
f1c2fda9627351e28491ab6832e1b716b32ddd416da7e2715f62140721866f91
f83cd624a8bee00c962128fefe1df4f7750f91d3914260472f55b86effe4ce4c
fc0ee9476197548dbfb6314915f5e97a80d1983e7dd441572ca23771f351a5c5

hotel-booking-dev.americanexpress.com Open in urlscan Pro 139.71.184.147 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

51 Requests

92 %HTTPS

0 %IPv6

4 Domains

10 Subdomains

9 IPs

2 Countries

1419 kBTransfer

6868 kBSize

8 Cookies

1 Outgoing links

Page URL History

Redirected requests

51 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hotel-booking-dev.americanexpress.com Open in urlscan Pro
139.71.184.147 Public Scan

Screenshot
Live screenshot

Full Image

51
Requests

92 %
HTTPS

0 %
IPv6

4
Domains

10
Subdomains

9
IPs

2
Countries

1419 kB
Transfer

6868 kB
Size

8
Cookies

51 HTTP transactions
0 data transactions